#[LewisCowles]a PR, to a PR branch.. Can I get a yo-dawg meme?
fredcy_, geoffo, flex14, callMeBaby, beko, tantek_, Sonia, chrisaldrich, nickodd, [tw2113] and [fluffy] joined the channel
#[fluffy]I’m poking at IndieAuth/AutoAuth authorization token flow again and I’m a bit confused, as usual. In IndieAuth, a successful token request responds with an HTTP 200, but in AutoAuth, it seems to do HTTP 202 instead? Is there any reason for this?
#Loqi[fluffy]: jgmac1106 left you a message on 2020-04-28 at 10:58am UTC: would it be hard in your webmention tool to seperate mentions and replies?
#[fluffy]loqi is really not a great way to send me questions 😛
#[fluffy]!tell jgmac1106 loqi is a terrible way to get in touch with me. 😛 Pushl doesn’t actually parse the link types, so no, it couldn’t separate mentions from replies.
#jackyit's like the one of the few pre-reqs for private / protected feeds for me
#nekr0zI've been toying with an idea of an IndieWeb-compatible site hosted fully in IPFS. Would need to outsource the dynamic components (like any static-generated site), but looks doable.
#jackynekr0z: yup! tbh that _base_ that's needed is just the content entry itself
#jackyI've been writing my wrapper libraries for indieweb stuff to not know _too_ much about HTTP (only focusing on HTML and URLs) so having a Dat/Hypercore URL shouldn't be impossible or improbable
#nekr0zBut then I realized one MUST control http-headers to support webmentions (to send 410s for deleted content), so no, an IndieWeb site can't be hosted on something like IPFS - at all.
#nekr0zWhich frustrates me, because I don't really understand _why_ it has to be this way.
#jackyso that _might_ be still doable with an async webmention tbh
#jackya dat site can lean on a proxy to send that 410 out (like if it checks a dat:// URL and it comes up as gone, it can considered it deleted and proxies that as a 410)
#ZegnatIs there a dat native equivalent for 410 Gone? Because that seems like a pretty straight forward extension to make it we mention compatible, if it is just that.
#jackynot explicitly - afaik dat doesn't have a concept of HTTP verbs
#nekr0zjacky: True, but needing such a proxy seems to defeat the whole point. At this moment, IPFS is not a hosting solution anymore, it's just a database that holds your content.
nickodd left the channel
#jackytbh that's a stop-gap until a reliable and friendlier solution can come into play
#jackyagh that page is so annoyingly built using that weird Javascript for links
#jackythere's no true concept of deletion anyway (dat is an append-only thingy)
#LoqiIt looks like we don't have a page for "http-equiv" yet. Would you like to create it? (Or just say "http-equiv is ____", a sentence describing the term)
#Zegnat!tell [LewisCowles] I am super confused by LIBXML_PARSEHUGE fixing anything. But I'm fine with including it when the tests say it works. We might need to add a test where the html does not have a root node, as mentioned by [KevinMarks]
#[LewisCowles]Zegnat. I believe it's an oddity, that we should not need control of, but it's better for us to take control in the scripting language than to expect a runtime to alter behaviour or fix their **** It is unfortunate indeed, and has gained more reasons why I try not to PHP too often
[snarfed] joined the channel
#Zegnat[LewisCowles]: just adds another reason to recommend userland html parser until PHP adds an actual html parser
swentel, [KevinMarks] and [tw2113] joined the channel
#[fluffy]oops iddn’t see the followup conversation about autoauth. So, then, it’s necessary for my token endpoint to issue the call to the callback_url?
#[fluffy]I’m so confused by the wording of the specs
#[fluffy]I thought the autoauth mechanism would issue the token request to my token endpoint, and then would forward the response it gets along to the callback_url
#dansupAfter some thought, I've decided to add Webmention support to Pixelfed, users will be able to opt out
leg joined the channel
#[fluffy]okay I just re-re-re-read both the transactional diagram and [sknebel]’s example transaction log at https://www.svenknebel.de/temp/autoauth.html and I think I see what’s going on. gosh there’s a lot of moving parts.
#Loqidansup has 7 karma in this channel over the last year (9 in all channels)
[itsjustk] joined the channel
#Zegnat[fluffy]: yeah, we would love to limit the moving parts. But there are just so many actors. The resource you are requesting can only trust tokens originating from a trusted token endpoint (ie. their own), while you need the requestee’s website to attest that it really is them making the request through an endpoint they trust to verify identity (ie. their authorization endpoint)
#ZegnatFor token endpoint to issue a token to you, it needs to check your site to find your correct authorization endpoint, and then ask that authorization endpoint if the token request was really made by you. We haven’t really thought of a way to introduce shortcuts there yet. Although there was a little brainstorm about maybe pub-priv keypairs so the initial token request already includes the proof that only needs to be verified
moppy, [prtksxna], ketudb, jeremycherfas, gRegorLove, [tantek], dckc and [jgmac1106] joined the channel
[itsjustk], [KevinMarks], [LewisCowles], dckc, geoffo and [fluffy] joined the channel
#[fluffy]What’d be really great is a test suite that you can run on localhost or something, to verify any of the moving parts. Like, I have no way to actually test AutoAuth right now because I have no client that would use it and my IndieAuth endpoint doesn’t support AutoAuth.
#[fluffy]so I’m just sort of flying blind and hoping for the best.
jolvera and [snarfed] joined the channel
#[snarfed]dansup++ webmention support in pixelfed! exciting! i assume you just mean directly, ie receiving and sending with links to/from posts? not bridgy-style backfeed for posts that are syndicated from people's web sites?
#Loqidansup has 8 karma in this channel over the last year (10 in all channels)
#petermolnarand it's a surprisingly pleasant, definitely non common theme
[prtksxna] joined the channel
#[jgmac1106][Zegnat] is the workflow easier than just doing an account creation on a site for semi-private/public posts? what is the benefit to logging on with domains?
#Loqi[jgmac1106]: [fluffy] left you a message 10 hours, 26 minutes ago: loqi is a terrible way to get in touch with me. 😛 Pushl doesn’t actually parse the link types, so no, it couldn’t separate mentions from replies.
#[jgmac1106]thx fluffy, consider it a feature request, may have to go add an issue
#[fluffy][jgmac1106] do you have a reason for wanting to separate mentions from replies when doing a push?
#[fluffy]like, why would you ever want to send only one or the other?
#[jgmac1106]no more on my displaying the webmention, not sending, when a page gets a ton of mentions is sometimes hides the replies, one sec
#[Zegnat][jgmac1106] you asking the benefit of autoauth? Your feed reader can log in as you and you never create accounts. So you just starting to follow a site will automatically have a way to authenticate to that site and start reading protected content. That at least is the idea.
#[fluffy]Separating mentions from replies would be possible but I don’t want to make the configuration more complicated than it already is.
#[Zegnat]The problem with autoauth is not the use cases, I think, it is how not-straight-forward the flow is. I wish we had filmed it when sknebel and I explained it to sebsel on a whiteboard at IWC Åmål.
#jeremycherfasGwern is my idea of the almost-perfect site.
#[fluffy]The high-level view is useful for explaining how it works and how it’s secure. What I really want as an implementor is a straightforward guide to “what do I need to write to make this work”
#[jgmac1106]separating mentions from replies could be default, no configuration necessary, but an edge case so totally get not wanting to change
#[fluffy]like, the current HTTP transaction log that sknebel linked to on https://github.com/sknebel/AutoAuth/issues/19 is a good start but it still is really hard to, like, parse through. I’d love to see an addition to the spec which just shows what contracts need to be fulfilled by each part (client, resource, auth endpoint, token endpoint)
#Loqi[fluffy-critter] #19 Provide a full HTTP request/response transaction example
#Loqi[Greg McVerry] Screenshots of adding blog to "Blogs I Follow"in Blogger #indieweb
#[fluffy][jgmac1106] if you just want mentions to appear in the reactions list, that’s easy to do in a local change - in `getData` change the mapping for `mention-of'` to `collects` instead of `comments`
#[fluffy]I guess I could make a simple config flag for that, too
#[fluffy]I should also rename `collects` to make it more clear. I forget why I called it that, but it made sense at the time.