#[tantek]there's definitely something there though, for comparing different services / projects, once you have picked an approach (service, CMS, your own project)
#jackywants the table to be a bit wider so it can breath a bit but that's me
#Loqijf2 is a working prototype of a simpler JSON serialization of microformats2 intended to be easier to consume than the standard Microformats JSON representation https://indieweb.org/jf2
#[KevinMarks]Probably worth a wiki page documenting the specific format is there's 3 of us returning it
[jgmac1106] joined the channel
#sknebelaaronpk: I think my remaining questions are all mentioned (how to get it to clients, how to control which clients can access what, how does it work for access for many individual pages), and I'm not sure its easier once those are solved
#sknebelaaronpk: to expand on the earlier comment: in both cases, to me the main complexity right now seems to be about a) the clients and b) managing the existing permissions and tokens, and I'm not sure either approach makes a big difference there once you get into renewal, revocation, ...
#sknebeland it'd be interesting to what degree they can overlap. I.e. if I support both, and a client makes an AutoAuth request, I could consider giving it a token I got via ticket auth earlier. and reverse potentially. needs some fleshing out of those APIs
[tantek] joined the channel
#aaronpkyeah i guess we just need to keep prototyping stuff
#sknebelyes. hope I find some more motivation for that
#[tantek]Would be worth publishing an updated jf2 spec draft (that supersedes the W3C note) with what we’ve learned. Publish on spec.indieweb.org
nickodd joined the channel
#[tantek][KevinMarks] can you control the head of your blogger template?
#[tantek]Can you remove the explicit meta viewport ?
#aaronpkexcept those are only the ones that have happened
[tw2113], flex14, KartikPrabhu and [fluffy] joined the channel
#[fluffy]I just want to verify something: a successful IndieAuth code verification request must result in an HTTP 200 to be valid, right? 202 isn’t appropriate for something that returns an actual response body that is to be used?
#[fluffy]I’m debugging an issue with someone who’s unable to login to my site with their IndieAuth endpoint and the issue is their code verification request is returning 202 Accepted (with the verification body) instead of 200 OK, and they say that they’re able to log in to a bunch of other sites with this implementation. But the IndieAuth spec doesn’t say what HTTP codes are allowed, it just implies 200.
#aaronpklooks like indieauth isn't specific about the http code to return, but also the only thing oauth and indieauth say about http codes really is that errors should be returned with http 400
#aaronpkeverything else would fall back to http semantics, in which case 202 is not an appropriatee response for an operation that is complete
#[fluffy]yeah, but we can infer from the HTTP spec that 202 is not an appropriate response code for a code verification.
#[fluffy]I wonder what other implementations they did authorize against and if those implementations were just like “oh it’s a 2xx, ’sall good”
#[fluffy]I know a lot of people are pretty lenient about that in general.
#aaronpki'm betting mine looks for a 400 and considers everything else okay
#[fluffy]Well, I’ve let them know where the error is and it’s up to them to decide to return the correct HTTP code. 🙂
#aaronpkis it an indieauth endpoint used by others? or built into their site?
#aaronpkalways curious to hear about new implementations :)
[tantek] joined the channel
#[fluffy]They’re “in stealth mode” and getting ready to launch it. I’m sure they’ll be making an announcement soon enough. I’m flattered they decided to use mine as a reference for verification. 🙂
#[fluffy]The impression I get is that it’s an endpoint that’s to be used by others.
#Loqi[PlaidWeb] webmention.js: Client-side library for rendering webmentions from webmention.io
[dave] joined the channel
#@snellingioBeen thinking more about what I’d like in a social network.
You can create or follow any number of feeds (public or private).
All RSS compatible. No tracking. Comments via Webmentions only. No DMs (twitter.com/_/status/1279563564827713536)