KartikPrabhu, djmoch and [snarfed] joined the channel
#[snarfed]knative is making good progress on standardizing serverless, a bit like docker didfor VPSes
#[snarfed]aaronpk if you let likes through with hand moderating each one (eg i assume you do that), and you facepile and ellipsize them (which the wordpress synd links plugin does by default), the experience takes zero effort
#[snarfed]they are on wordpress, so either they didn't have synd links on or were hand moderating every webmention. which...yeah, that'll be a bad time
#[tantek]aaronpk one problem of the facepiles / likes in general that are from Twitter, linking to the relevant Tweet is next to useless. like nearly 300 links to the POSSE tweet? why?!?
#@DavidDeAngelisThis is my #11thtwitteranniversary, yes, my #11anniversary or #11twitteraniversary, or just say, my #11twitterversary #MyTwitterAnniversary Whichever be stated, I espouse my 11th anniversary on twitter #webmention #followme #comefollowme or just celebrate! Ty be well & be safe!XO (twitter.com/_/status/1269538837967052800)
moppy, jeremy, shrysr, gxt, Kongaloosh, Kongaloosh_, Salt[m]1, KartikPrabhu, leg, nekr0z, [jgmac1106] and neonkit joined the channel
jeremycherfas and [LewisCowles] joined the channel
#@aswath↩️ EnThinnai is counter to network effects and so designed a proto-webrtc and advocated triangular conn model. There is no moat in SSO. There are OpenID, Indieauth and webID. (twitter.com/_/status/1269640584718954505)
#[tantek]what does it mean to "make the webmentions available via an API"? you mean like look for an h-feed of responses inside an h-entry permalink?
#aaronpkno like how webmention.io has an API that returns all the webmentions in JSON form
#[fluffy]I mean like the way that mention notifications propagate to Microsub readers.
#aaronpkeither to import into your site, or to render client-side in JS
#[tantek]anytime you find yourself asking is there a standard "give me JSON for ...", ask yourself instead, where in the HTML is that information already and if so, how can I parse it out
#[KevinMarks]As do webmention.herokuapp.com and mention.tech
#aaronpkthere is no HTML already, it's stored internally
#[tantek]so for proxies / services / intermediaries?
#[KevinMarks]Returning a standard html could make sense too
#[fluffy]I’m mostly just wondering how the mention notifications show up in the social readers which support it.
#[tantek]is there a UI equivalent is the next question then
#[tantek]i.e. even as a dev, how do you inspect what you're looking for?
#aaronpki guess I do already have an HTML notifications page in webmention.io
#[fluffy]Like I’m thinking of making my own “actor” (in the activitypub sense) that supports webmention and activitypub and a few other things and it’d be great to have a means for it to provide user notifications in a manner consistent to what the social readers expect.
#[fluffy]yeah but… my indieauth login is working everywhere else
#[fluffy]oh, I bet it doesn’t like that my token_endpoint has changed to be the Publ built-in one
#[fluffy]indieauth tokens for users vs. resources is kinda confusing
#[fluffy]yep monocle is asking for a token, that must be it
[snarfed] and [LewisCowles] joined the channel
#[fluffy]So what’s the use case for monocle asking for a specific token endpoint when it seems to expect a specific one to be used? Or am I completely misunderstanding something as usual?
#[fluffy]Like it seems to me that monocle should be using its own specific token endpoint that’s relative to itself as the resource, rather than requesting an arbitrary token for the user that it can only validate/use if it’s a specific one.
#aaronpknot sure what you mean? monocle is a micropub and microsub client so it needs a token from your token endpoint
#[fluffy]Okay so. I’m using aperture as my microsub endpoint. But I’m using a separate thing (yet to be written but will be a plug-in for Publ) for micro pub.
#[fluffy]Which is presumably not compatible with Aperture
#aaronpkaperture will go ask your token endpoint to validate tokens
#[fluffy]How does the token endpoint validate tokens? I feel like we had this conversation at one point before and the answer was “that’s specific to the thing” like it isn’t specified as part of indie Auth
#aaronpkthere's a section on indieauth that talks about it
#[fluffy]Okay so nothing is making the GET request to my endpoint, it’s only doing the POST.
#aaronpkright, POST is when it requests a token, GET is for verifying
#[fluffy]But I’m also not sure if I’ve implemented that part since I think I was confused by the spec.
#[fluffy]As far as I’ve been able to tell my endpoint implements the POST part correctly.
#[fluffy]and nothing is ever making a GET request to the endpoint to verify the token
#aaronpkthat's the part monocle is complaining about
#aaronpkit's saying it wasn't able to get a token from your token endpoint
#[fluffy]Is there any way to get more error information about why it was unable to?
#[fluffy]The error message says it’s unable to verify the token, but as far as I can tell it’s not even trying to.
#[fluffy]The authorization code verification is, as far as I know, correctly implemented in Publ. At the very least, https://gimme-a-token.5eb.nl/ works correctly with it.
#[fluffy]And monocle is making a request to it and getting a 200 response, which only can happen if my endpoint has provided a token after verifying the authorization code.
#[fluffy]okay so yeah I’m not implementing the token verification part correctly BUT monocle isn’t getting to that point as far as I can tell
#[fluffy]it’s doing the authorization code, my endpoint is verifying the authorization code and returning a 200 response. Maybe there’s something missing in the payload that monocle is expecting.
#[fluffy]Sweet, I got it all working. Log in to monocle as https://dev.beesbuzz.biz (which doesn’t require a password for the indieauth endpoint) to see.
#[fluffy]Thanks for being patient with my usual misunderstandings of indieauth flow 🙂
#@ysamjo↩️ I'm aware of WebMentions. But as with other Microformats, I don't think they stand a chance without active pushing by big players. I mean it's already late in the game.
For example, why are those things not the standard for every wordpress com account? (twitter.com/_/status/1269693680396447746)
#jacky^ that kind of logic is more lazier than I expected lol
#[tantek]aaronpk, fluffy, this sounds like a reasonable misunderstanding (of indieauth flow). Is there some way we could add trouble-shooting or something to the wiki to help make it more discoverable / clearer?
#[tantek]jacky, lol it's appeal to authority faulty reasoning
#[tantek]big players pushing standards often either make them massively bloated (all the XML attempts, schema org etc.), OR they end up killing them (see aaronpk's post on how many metadata formats Google has killed), or BOTH (OpenSocial)
#[tantek]However there is one legitimate hard question in that tweet
#[tantek]"why are those things not the standard for every wordpress com account"
#[tantek]because, simply, Webmention is not spam-proof enough on its own to be able to withstand that big of a target. Something like Vouch or Vouch itself is necessary for Webmention to be able to withstand (most) spam/abuse by default, and provide a smooth & unburdensome UX for both folks replying to blog posts, and folks receiving those replies/comments
leg joined the channel; nickodd left the channel
#[fluffy][tantek] having a working indieauth.rocks suite with full diagnosis messages and warnings of noncompliance would be helpful.
#[fluffy]Also some of the wording in the spec was a bit weird and threw me off. Like in 6.3.4:
#[fluffy]> The token endpoint verifies the access token using (how this verification is done is up to the implementation), and returns information about the token
#[fluffy]Gimme-a-token is an okay starting point but it missed that I wasn’t returning `me` in the token grant and it does nothing for token verification. Which is straightforward to do manually but I had no prompting to actually implement it.
#[fluffy]I would also hope that indieauth.rocks would have autoauth tests as well because that’s still a big open ??????
[KevinMarks], gRegorLove and KartikPrabhu joined the channel
#[KevinMarks]The opensocial lesson was also that with one big player adopting it, another big player declares war on it and fights it as a giant threat.
#[KevinMarks]Then the other player picks up that mood and drops the standards support
#[fluffy]Another IndieAuth question… I forget what the thoughts were regarding scheme change in identity validation. Are they allowed or not? I think that was something that wasn’t particularly clear from the spec.
#[fluffy]ah, no, I reread section 5.4, scheme changes are explicitly allowed
peterrother, vilhalmer, justache, crazed, atj[m], marinin[m], Salt[m]1, hamnox[m], edrex, [KevinMarks] and jamietanna[m] joined the channel
#@gRegorLove↩️ I haven't tested it in that setup or done a lot of multilang in PW. Would it be a separate PW page for each translation?
Generally I would expect it to work. Webmentions are saved to a specific page ID. (twitter.com/_/status/1269757847568437248)