[Aaron_Klemm]I get a 401 error loading endpoint.php in my browser, but I'm not sure that's a bad thing. Indigenous still gives me the Token Endpoint not found error. It might help to try it somewhere else as the configuration seems correct as I've checked it over several times.
[Aaron_Klemm]After discovering Known, I guess it's likely I'll replace the auth and the token endpoint with the Known provider, but if that's a bad idea, please advise.
ZegnatGood morning [Aaron_Klemm]! It is fine to use whatever indieauth is built-in to known. Several people use it. What is the URL you are trying to login with? Did you add the token endpoint link to the html of that page?
[grantcodes]Depends on how you've got them set up. Mine I can just pass in a mf2 object, it shows the appropriate inputs based on the properties and then updates the mf2 object when inputs are changed.
[grantcodes]Then if it's an update I think I normally compare start and end property values and send a replace request since it's generally easier than the other update types
jamietannaaaronpk: what are your thoughts on extending Telegraph to return the `Location` header from the downstream Webmention server when a post is syndicated? Just spotted that it doesn't (and it's called out in docs, I just didn't read them well enough) but would be useful to be able to then use it to know where that Webmention was syndicated to
jamietannaSome webmention servers seem to return the URL in the $.url in the response body, so I could parse the Telegraph `$.http_body` as JSON, and then if that's there, use it, but given the `Location` header can be used too, that'd be nice, too!
swentel[grantcodes], I need to parse the response and decided based on the properties to open a specific activity which has the properties available for it
jamietannaActually while we're talking about Indigenous - I recently set up https://www-api.jvt.me/micropub?q=categories (unauthenticated) but when enabling it with Indigenous' settings for categories autocomplete, I don't seem to see anything
Loqi[Zegnat] Leaving aside the question of whether IndieNews is doing the right thing with that `Location` header…
If Telegraph were to pass on the webmention endpoint’s `Location` header I would expect for it to be some sort of “external status” prope...
ZegnatI don’t think there is any specification for the status page themselves. Otherwise Telegraph could actually poll it and know when asynchronous handling is done
[schmarty], loicm, jamietanna and [Aaron_Klemm] joined the channel
[Aaron_Klemm]Possible problems are my php+nginx isn't configured correctly, the the selfauth index.php and an info.php page work in that directory. Also perhaps Indigenous has a bug after all, but at the moment I'm out of ideas for further debugging my php setup and also unclear where else I could test my endpoint.
[Aaron_Klemm]And of course I could have something wrong in my mintoken setup, though your install instruction were clear and concise, so not sure what i might have missed.
ZegnatMintoken is really, uuh, minimal, so it never exposes any more information than absolutely neccessary. Which is a bit of a pain when debugging ;)
Zegnat[Aaron_Klemm]: you could test doing the manual requests for a token with help of https://gimme-a-token.5eb.nl/ and see if you end up with a token. If you can get through those steps, it might be a bug in Indigenous.
ZegnatUpon a cursory reading of the IndieAuth spec, I guess WWW-Authenticate could have OAuth error messages in case you reply with a 40[013] on the verification step. But I do not see much other reason to put it in place for other requests
[Aaron_Klemm]iOS, and everything checked out at manual token request tool Zegnat listed so I think I can move on assuming the Indigenous on iOS is causing the problem. Thank y'all!
[Aaron_Klemm]Well, I just re-installed the app and get a new error: "Micropub Endpoint not found" so that's enough progress to keep me going into the rabbit hole.
[Aaron_Klemm]It must've been caching the response when the token endpoint wasn't available, so now that's solved, and I don't have a "micropub" endpoint yet.
jamietannaI also return on i.e. `insufficient_scope`: `Www-Authenticate: Bearer error="insufficient_scope", error_description="The request requires higher privileges than provided by the access token.", error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"`
ZegnatAlthough I have noticed some issues with debugging tools. I think a coworker was using Postman for HTTP testing the other day and it would not expose the response headers on a 4xx page at all. So he had to constantly switch to curl
aaronpkIf you just add a placeholder micropub endpoint you should be able to sign in, it just won't be able to do anything like post, but you should at least get past the login stage
ZegnatI guess you could look into https://github.com/aaronpk/Watchtower/issues/1 instead, and have it stop polling in case a websub endpoint is advertised. Then bridgy could advertise a (dummy) websub endpoint and Watchtower would not have to poll at al
aaronpki could see possibly adding an explicit list of allowed iframe domains to enable certain things to work, but i'd probably also make that an opt-in flag for the thing using xray
swentel[snarfed], question for you too, does granary, when parsing a twitter feed, know if the account is private or not? If so, do we have an an mf2 class to put that on the the author h-card?
[fluffy]Speaking of which, does bridgy have any support for autoauth or whatever? Currently there’s no way for bridgy to send me notifications for twitter or mastodon responses to my private posts because the webmention to bridgy never happens.
[fluffy]yeah. last tim eI worked on this stuff I had Publ accepting c2s-flow bearer tokens but I never figured out how to validate my s2s implementation.
ZegnatYeah, a lot of stuff needs to come together just right. And even then there are still parts of the brainstormy spec that feel kinda shoehorned in? Like the use of WWW-Authenticate and so on? A lot of stuff based on using existing tech, but not in a way any of it was actually being used by itself
[fluffy]because I wanted to wait until I had an idea of how to actually grant the tokens, and I wanted it to actually be useful for anything (which it currently isn’t)
[fluffy]From a pragmatic standpoint my current ad-hoc thing (show a stub entry to atom and twitter, ask people to log in to see it) has been Good Enough but it isn’t, y’know, great.
KartikPrabhuso.... had an online conference today. The "people" set the "watch now" links to appear just before the presentations were live. And.... somehow it was all tied to EDT, so people in the midwest and west coast never got the "watch now" links :P
Zegnataaronpk: I really want to have a look at autoauth again after taking a refresher on oauth.xyz, just to see if there is any streamlining we can borrow
[fluffy]bamboo shoots might work better, because once you plant them you run the risk of your entire island being taken over by bamboo without reasonable care being taken.
sknebelaaronpk mentioned a few times that we should a video explaining IndieAuth and AutoAuth with people for the different roles, passing things around
[tantek]GWG, we still need to recreate it! Feels like something we should have as a challenge for every Summit until its an "everpresent" thing that "just works" with modern solutions
aaronpkit's actually meant to be something we use while on a zoom call with people, but nice to know it mostly works even without someone walking through it
aaronpkif a source document is recognized as having microformats, i "upgrade" to a much more strict verification process where it requires the microformats content contains a link, rather than just anywhere on the page
aaronpkhowever, if the source document's microformats are broken, like is the case in many wordpress installs, for example if the blog post contents does not have e-content, this then causes the verification to fail even though there is a link in the blog post
aaronpkbut yeah like jacky said, if it passes webmention verification but then returns an mf2 document that doesn't contain the link, that seems weird too
LoqiPost or posts may refer to individual pieces of content published on an indieweb site such as notes, articles, & responses, or the act of creating the aforementioned content (present tense), or Posts about the IndieWeb https://indieweb.org/entry
Loqi[Tantek Çelik] h-entry is a simple, open format for episodic or datestamped content on the web. h-entry is often used with content intended to be syndicated, e.g. blog posts. h-entry is one of several open microformat standards suitable for embedding data in HTML.
...
[tantek]this is false: "then i might as well not do strict verification at all", because when something passes "strict verification", that's when you bother to actually treat it as more meaningful than "just" a "mention"
Zegnataaronpk: do you do synchronous webmention checking? If not: how do you communicate failure in a good way if you have just answered with a 201 Created?
aaronpk(even though in this particular case there isn't much that can be done, because the source document is on wordpress.com and they were migrating their blog anyway)
dansup !tell [snarfed] the latest version of pixelfed is out! Many of those bugs should be fixed now :) https://write.as/pixelfed/pixelfed-v0-10-9
Zegnat swentel: https://micropub.net/draft/#source-content scroll down a little for an example with an object that has an HTML property
[grantcodes] Yep I always return and array with an object inside with the plain and html version.
jamietanna aaronpk: what are your thoughts on extending Telegraph to return the `Location` header from the downstream Webmention server when a post is syndicated? Just spotted that it doesn't (and it's called out in docs, I just didn't read them well enough) but would be useful to be able to then use it to know where that Webmention was syndicated to
swentel and if you want a quick test for microsub, you can use https://indigenous.realize.be/indieweb/microsub
KartikPrabhu so.... had an online conference today. The "people" set the "watch now" links to appear just before the presentations were live. And.... somehow it was all tied to EDT, so people in the midwest and west coast never got the "watch now" links :P
aaronpk still beta, but: https://oauth.theater
Loqi Post or posts may refer to individual pieces of content published on an indieweb site such as notes, articles, & responses, or the act of creating the aforementioned content (present tense), or Posts about the IndieWeb https://indieweb.org/entry