#dev 2020-07-29
2020-07-29 UTC
[tantek], [chrisaldrich], peterrother, fredcy_, Rixon, nekr0z, oodani, plindner[m], Summer[m], Salt[m], edrex, samwilson, jalcine[m], jamietanna[m], JK_na, marinin[m], nickodd and [jeremycherfas] joined the channel; nickodd left the channel
# [jeremycherfas] !tell zegnat The dev of Bibliogram said Rss structure will depend on other instances being up to date and they also advised using an HTML parser. I did a bit of research and it may not be too difficult. I looked at php simple HTML dom parser. Would that be a good one to choose to learn?
# Zegnat Good morning [jeremycherfas]! I am not familiar with “simple HTML dom parser”. I would recommend looking at a parser that PHP ships with. Either DOMDocument or SimpleXML. Those are also the most likely to be used by other projects if you are looking for examples. (The php-mf2 parser uses DOMDocument.)
# Loqi Zegnat: [jeremycherfas] left you a message 1 hour, 4 minutes ago: The dev of Bibliogram said Rss structure will depend on other instances being up to date and they also advised using an HTML parser. I did a bit of research and it may not be too difficult. I looked at php simple HTML dom parser. Would that be a good one to choose to learn?
swentel, [mapkyca], [jgmac1106] and moppy joined the channel
# swentel Indigenous can now be translated online, if anyone wants to help out adding a new language, or improve the existing English strings, more than welcome at https://crowdin.com/project/indigenous :)
# Ruxton swentel: check this out, it's old but using inkscape and svg_stack, i produce Android, IOS & a web stylesheet all from the same source - https://gist.github.com/Ruxton/dfd6c21ff7939c09cff18b05a7cc78d8
KartikPrabhu joined the channel
dckc and [jeremycherfas] joined the channel
# [jeremycherfas] Thanks zegnat. I will look at SimpleXML, which I have used a little before. Good reason to learn more about it.
# [jeremycherfas] I use it now to get the XML file as a string and then turn that into JSON for further processing. So might even be able to avoid some steps. But I also think I want to get this working using strpos() as now, even though it is not perfect, and then iterate.
marinin[m] left the channel
# swentel there's the actual public invite link btw: https://crowdin.com/project/indigenous/invite/public?show_welcome&d=f96bb15097617a94d765f3f95c7ed7331225908
# Zegnat If any PHP devs have a moment for a minimal PR review, not sure how many of us follow these microformats repos, it would be much appreciated: https://github.com/microformats/microformats-parser-website-php/pull/11
[mapkyca] joined the channel
[tantek] joined the channel
# [tantek] Any rust devs can speak to this? Is there really a lot of FB / Ptr recruitment? https://twitter.com/smdiehl/status/1288106450707873794
# @smdiehl Palantir and Facebook are the largest employers of Rust engineers in the world. Rust Community: What exactly is the point of all of your long codes of conduct and community guidelines if the primary use for your language is the creation of a nightmare surveillance state? (twitter.com/_/status/1288106450707873794)
KartikPrabhu, [Rose], [jgmac1106], gxt, joshghent and [argovaerts] joined the channel
# Summer[m] Hi IndieWeb! I've been working on a Micropub client lately. Someone I know is having issues with login and I'm wondering if that's an isolated incident or points to a bigger, possibly common, issue.
# Summer[m] The source code is available here - https://github.com/hirusi/Celestial/
# Summer[m] Can you folks please try and login here - https://micropub-celestial.herokuapp.com/ - and let me if the login itself goes ok?
[grantcodes] joined the channel
# [grantcodes] Yep I got an application error at /login/token
# Summer[m] Oh noes. Let me check the server logs
# Summer[m] Ok I see this error - We received an access token but not the access token type from the token endpoint.
# Summer[m] IndieAuth spec itself is quiet on this. I imagined the token type is mandatory to be sent from the server.
# Summer[m] Let me try and see if OAuth spec says something about this.
# Summer[m] So the `token_type` parameter is `REQUIRED` by the spec. Not something I would like to "fix" in that case.
# Summer[m] But your auth server responded with the code and we were able to make a request to the token server with the code, so that is good news. The code verification from the auth server is the step where this other person is facing an error.
# [grantcodes] I have a diy token endpoint. So there's a good chance it's not correct
# Summer[m] Zegnat give me a minute please
# Zegnat No problem :) You can probably test it yourself. Just login to your app with the domain https://sink.zegnat.net/
# Summer[m] Ahh, got it. You are receiving the same error that this other person is!
# Summer[m] `invalid json response body at https://sink.zegnat.net/micropub reason: Unexpected token h in JSON at position 0`
# Summer[m] Is it returning JSON - can you check please?
# Summer[m] Ok let me try
# Summer[m] @swe
# Summer[m] @swentel I see this error for realize.be: `The authorization server did not return any scope.`
# Summer[m] I really need to figure out howto get these error pages working correctly again... they worked until they didn't. Probably my focus for this week.
[mapkyca] joined the channel
# Summer[m] OK, so I'll deploy an additional log command, give me a few mins please. and then can someone please try again? Especially if you're getting unexpected token error
# Summer[m] At least i'll see what the response is
# [grantcodes] Hmm never saw that `token_type` thing before
# Summer[m] I'm really trying to go 100% by the spec, so it can be a pain but I think it can move the movement forward better 😅
# [grantcodes] Yeah I saw that now and seems I have to dig 2 specs deeper to find out what it actually is
# Summer[m] That' a good point Zegnat. Perhaps I can fall back to Bearer if one is not received.
# Zegnat Summer[m]: that is safe to do for Micropub. Everything not Bearer-token is not compliant with the MP spec: https://micropub.spec.indieweb.org/#authentication-0
# [grantcodes] Guess I can just hardcode `token_type: 'Bearer'` into my endpoint in that case as well
# Zegnat [grantcodes]: the actual spec I would link is https://tools.ietf.org/html/rfc6749#section-5.1 rather than the page on types. 5.1. Successful Response is what requires a token_type whenever you grant a token.
# Summer[m] Sorry I haven't pushed yet! I's nearly uploaded
KartikPrabhu joined the channel
# Summer[m] It's*
# Summer[m] I'll ping here again once the additional logging command is in
# Summer[m] Yes, will do, thank you so much! :)
# Zegnat For what it is worth, when I use https://gimme-a-token.5eb.nl/ to continue from the redirect URL that fails on Celestial I seem to get valid JSON back for my token
# @johnjohnston ↩️ There are 2 microblogs: 1. a community of blogs and 2 a hosting service. I participate in the first for free. Comment s on my posts on http://micro.blog are sent back to my blog by webmentions. (twitter.com/_/status/1288453233850056707)
# Summer[m] OK I also see mblaney.xyz with a similar error while verifying the code from the auth server. Seems to be a very common error then!
# Summer[m] New release almost there... I'm on a really slow connection as far as upload speeds go...
# Summer[m] New release is up. Can you folks please try now?
# Summer[m] I should be able to see a raw-er response and figure out what is going wrong.
# Summer[m] Am I able to share a large-ish snippet of code here? Does that work well with IRC?
# Summer[m] Yes, I mean within triple backticks
# Summer[m] Alright, so this is what I have
# Summer[m] I'm not sure why it says 404...that's absurd
# Summer[m] I seem to have no trouble with `https://indieauth.com/auth` as the `authorization_endpoint` and `https://tokens.indieauth.com/token` as the `token_endpoint`
# Summer[m] That's okay. 🙂
# Summer[m] I expect the pace of development to slow down from this point on. But it'd be lovely if you are able to test locally and see what's really wrong.
lahacker joined the channel
# Summer[m] sent a long message: < https://matrix.org/_matrix/media/r0/download/matrix.org/ZJpsjeBpNycIgkRxLUiSeHgr >
[manton] joined the channel
# Summer[m] Another error I am seeing is this: `The authorization server did not return your canonical URL.` -- when using the Micropub sink. Basically the `me` parameter is missing too.
# Summer[m] Zegnat:
# Summer[m] I'll have to consult node-fetch for that. Give me am inute.
# Zegnat Summer[m]: the me is hardcoded in Sink, IIRC. So that can’t really go wrong. I think the issue is, from https://gist.github.com/hirusi/7f8e23ae75cf0cc7524206577ae6d44d, that the response size is 0.
# Summer[m] manton, IndieAuth is built on top of OAuth 2.0 so I would imagine the example here is built following the same idea - https://indieauth.spec.indieweb.org/#example-15
# Zegnat IndieAuth does not specify any of the response properties. Not even access_token. Because it offloads all of that to the OAuth RFC: https://indieauth.spec.indieweb.org/#access-token-response
# Summer[m] No, but the IndieAuth spec in this scenario is specifically referencing parts of the OAuth spec
# Summer[m] > If the request is valid, then the token endpoint can generate an access token and return the appropriate response. The token response is a JSON [RFC7159] object containing the OAuth 2.0 Bearer Token [RFC6750], as well as a property me, containing the canonical user profile URL for the user this access token corresponds to. For example:
# Zegnat only client_id is required, [manton], as with IndieAuth: https://tools.ietf.org/html/rfc6749#section-4.1.1
# Zegnat You mean in https://tools.ietf.org/html/rfc6749#section-2.3.1 ? Or where? That is a whole different OAuth flow
# Summer[m] No worries, Zegnat. I'll be glad whenever you are able to get back! :)
# Summer[m] But it seems you must be right, maybe there is no response body to convert to JSON which is odd.
# [manton] I’m getting an application error after signing in with Celestial too, by the way. It’s in /login/callback where Micro.blog is passing back an access token and state.
KartikPrabhu joined the channel
# Summer[m] Ahh, no you would need to follow the dev docs here - https://github.com/hirusi/Celestial/blob/master/docs/development.md
# Summer[m] uploaded an image: Screenshot from 2020-07-29 19-07-26.png (52KB) < https://matrix.org/_matrix/media/r0/download/matrix.org/catKBTstEBKDWqYTiuflIuSF >
# Summer[m] Manton, I'm looking at the logs for you... here's what I see.
# Summer[m] So your server is the only one to send a 200 OK response, with JSON, and with a proper error.
# Summer[m] That is, with the `content-type` set to `application/json`
# Summer[m] Zegnat, I opted for Docker because I know I'd like to host multiple services on a single VPS. I also didn't want to bother with installing redis on my computer as a system package for just one tool...
# Summer[m] Whoops. Looks like something is terribly broken on my end then. :)
# Summer[m] Let me check manton
# Summer[m] That's an excellent idea Zegnat. I'll make sure to get that up today.
# Summer[m] Aaron, I receive the following from you.
# Summer[m] uploaded an image: Screenshot from 2020-07-29 19-11-42.png (56KB) < https://matrix.org/_matrix/media/r0/download/matrix.org/tyoVhusEyjiobNWnUHlXzIyL >
# Summer[m] Again, this is another 200 OK response with `application/json`
# Summer[m] I'm going to spend the next half hour combing through my authorization code.
# Summer[m] It's completely possible I've screwed up somewhere
# Summer[m] ^ That's at the auth code verification step.
# Zegnat Summer[m]: are you maybe doing https://indieauth.spec.indieweb.org/#authorization-code-verification instead of https://indieauth.spec.indieweb.org/#token-request ?
dckc, [Rose] and [jgmac1106] joined the channel
# Zegnat Hmm. Reading more of the Celestial code, I am not sure if this is supposed to be accepted by OAuth at all. If I understand https://github.com/hirusi/Celestial/blob/master/src/routes/authentication.ts correctly it will first do a verification request of the code, and only if that succeeds it does the next step where it uses the exact same `code` value again to do the token request.
# Summer[m] was afk, just reading through
# Zegnat From my reading, the code used at https://github.com/hirusi/Celestial/blob/master/src/routes/authentication.ts#L279 (auth verification request) and at https://github.com/hirusi/Celestial/blob/master/src/routes/authentication.ts#L414 (actual token exchange) are the same. So that is reuse.
# Summer[m] Oh I seeee! Dang :D
# Summer[m] Sorry I'm totally new to OAuth as well as backend in general. I remember I had accidentally implemented Authentication first, then realized what I really needed was Authorization, and must have screwed up there with the `code` re-use.
# Summer[m] Looking at https://indieauth.spec.indieweb.org/#authorization now and it's obvious it doesn't have a section on code verification...
# Summer[m] Honestly I was just really confused with the Authentication and Authorization but I chalked that up entirely to me being new to this.
# Summer[m] sections but I *
# Summer[m] I can't make a comment on that... for me personally, even a little section explaining where I might use one and where the other is good enough.
# Summer[m] That is, before we delve into either one in detail
shoesNsocks joined the channel
# Summer[m] So I'll work on this + falling back to Bearer token type instead of complaining. Is there anything else I might need to fix while still keeping the spec in mind?
# Summer[m] Is that a use case in general or specific to IndieAuth?
# Zegnat But I found lots of things either not defined or badly defined for token endpoint responses, aaronpk. So maybe I missed an entire RFC :P Half my issues are about unknown behaviour: https://github.com/Zegnat/php-mintoken/issues
# Summer[m] Also, can I just say, you folks have been super helpful and patient with this. ❤️
[schmarty] joined the channel
# [schmarty] in favor of expecting token+auth endpoints to be the same (or use a proprietary mechanism to talk)?
# Summer[m] I'm sorry but not being very familiar with OAuth in general, a lot of this goes over my head, but I would say it would be good to open an issue while we're on the subject so we can follow it up later at any popups :)
# aaronpk oh look i already made a note about collapsing the two authn/authz sections https://github.com/indieweb/indieauth/issues/42
# Summer[m] aaronpk: honestly something like that would be super amazing. :D
# Summer[m] Merging them together and having them talk internally instead of over HTTP
# [schmarty] while we're talking about it the indieauth pop-up is scheduled for Aug 8: https://events.indieweb.org/2020/08/indieauth-pop-up-session-6xlxgeCEMgv8
# [schmarty] for what it is worth i think it is worth preserving and referencing the notes on that mechanism for allowing separate auth and token software to communicate
# [schmarty] i have a theory that selfauth and mintoken would not be the same without it!
# [schmarty] and i appreciate the idea of swapping out one bit without affecting the other
# [schmarty] haha but aaronpk i can barely (if at all) keep up with the indieauth and other indieweb specs
# [schmarty] much less what's going on in other OAuth specs
# [schmarty] zegnat: maybe!
# [schmarty] obviously i am Just Talking here since i haven't built it yet but i think there is a user-benefits argument to allow and encourage separation
# Summer[m] Zegnat: absolutely, I'll try and finish my rewrite and see how it goes.
# [schmarty] because e.g. i could decide that i want a different authentication experience and swap out my authorization endpoint without affecting my existing tokens and workflow
# Summer[m] In general, I did open an issue on the Micropub spec repo as well where I encountered language that might be confusing.
# Summer[m] Atleast, it was confusing to me.
# [schmarty] aaronpk: totally agree that it should be moved to an extension. i just don't want to lose it!
KartikPrabhu joined the channel
oodani_ joined the channel
# Zegnat I am slightly spacing out, it is the end of my work-day and I am packing my stuff. But here is an issue to go off of: https://github.com/indieweb/indieauth/issues/44
[jeremycherfas] and [chrisaldrich] joined the channel
# [jeremycherfas] Enjoy the walk.
# [jeremycherfas] I’m doing likewise.
# @iamhirusi ↩️ Here's an excellent summary of the discussion in an issue - https://github.com/indieweb/indieauth/issues/44 (twitter.com/_/status/1288491547583901696)
KartikPrabhu, [Murray] and [fluffy] joined the channel
# Summer[m] Haha :D
# [schmarty] some spec ambiguity was resolved!!
# Summer[m] Well... it was broken either way!
[argovaerts] and justache joined the channel
# Summer[m] Alright, two fixes up. Defaults to Bearer token types, and fixed authorization flow. 🙂
# Summer[m] Still, it will likely fail if your Micropub endpoint does not respond to configuration requests. That's probably the next obvious pain point to solve.
# Summer[m] Based on the logs alone, the Sink also responds well to everything now, but my application fails purely on account of not getting valid config data!
# Summer[m] So what is a Micropub client supposed to do if it cannot query for supported post types? Do I just show everything and then fail those requests individually if it is not supported?
# Summer[m] * So what is a Micropub client supposed to do if it cannot query for supported post types? Do I just show everything and then fail publishing requests individually if it is not supported?
# Summer[m] (oops - just remembered again Matrix -> IRC does not handle edits well)
[tw2113] and dckc joined the channel
# Summer[m] Oh it's an extension. https://indieweb.org/Micropub-extensions#Query_for_Supported_Vocabulary
# Summer[m] So you don't need to implement it as such
# Summer[m] Oh wait, config is should in the spec - https://www.w3.org/TR/micropub/#h-configuration
# Summer[m] post types are optional. just an extension.
# craftyphotons jamietanna[m]: aha so does your backend use your actual Hugo git repo as its data store then? I'm gonna use `slug` and `aliases` in that way too but I'm taking a more decoupled approach with my site where Hugo ends up being more of just a publish destination and my system of record is my postgres database behind a Rails app
# craftyphotons Oh oops I need to get used to the commands around here :) Sorry for the incoming dupe..
# craftyphotons !tell @jamietanna aha so does your backend use your actual Hugo git repo as its data store then? I'm gonna use `slug` and `aliases` in that way too but I'm taking a more decoupled approach with my site where Hugo ends up being more of just a publish destination and my system of record is my postgres database behind a Rails app
[LewisCowles] joined the channel
# [schmarty] yeek i am not a fan of that extension as-is.
# [schmarty] it uses post-type in a prescriptive rather than descriptive way
# [schmarty] that sections claims it is "reverse Post Type Discovery" but this feels like an obfuscation of the fact that micropub is about sending properties
# [schmarty] so it's not clear from this proposal that, for example, if my micropub endpoint says it supports "article" that it expects a micropub client to send data for "name" and "content".
dckc joined the channel
# [schmarty] (i think this is a side effect of folks wanting "post type" to explicitly declare what an entry "is", whereas microformats actually describes what and entry "has")
# [schmarty] it feels like it comes up in a lot of discussions and proposals (and implementations, since i seem implementations listed for this extension)
# [schmarty] i almost wish we had a wiki template to drop into discussions that link to whatever docs we have about why to avoid explicit types
# Loqi Post or posts may refer to individual pieces of content published on an indieweb site such as notes, articles, & responses, or the act of creating the aforementioned content (present tense), or Posts about the IndieWeb https://indieweb.org/post_type
# craftyphotons After the discussion yesterday I've successfully gotten away from explicit post types in the database of my fledgling backend for my site
# craftyphotons I just have an `#entry_type` method now that I'm going to try to keep aligned with the post type discovery algorithm for the purpose of differentiating templates for things, but we'll see how much I even need that as I evolve the site
# craftyphotons Like I _do_ want my articles to use a different layout than say, notes and photos
# craftyphotons Everything now is just an Entry in my backend though
# craftyphotons I was debating retaining that in my database as well just so I could add a table filter by type via the database query in my backend's index view
# craftyphotons But then basically not allowing it to be mutated by hand, and recomputing every time a record gets updated
# craftyphotons The only thing I've thought of so far is that filter on my backend aaronpk, because on the frontend I'm just stuffing them into the appropriate Hugo section when the backend commits to the repo
# craftyphotons But yeah instead of a post type filter, maybe my backend index will just have faceted search for the different props instead
# Zegnat Latest version of my own blog system did not have any concept of post types. There were entries with a bunch of entries. The rendering to HTML may be different based on what properties. But that is because I was doing the Facebook way: everything starts as a text-only entry and then you can add on stuff.
# craftyphotons I was actually planning on doing a mostly activity stream looking layout for everything except the full content of articles on my site
# Summer[m] As a developer, I wouldn't mind implementing a discovery algo and a single publishing page. I know the Micropub server I use does this as well. It doesn't have different endpoints for diff types
# Summer[m] It just makes sense
# Summer[m] But honestly it's so much easier for the user to see a specific post type/page and go "Oh okay, I'm writing a note!" Or "I wanna publish a Photo so let me click on Photo"
# Summer[m] Maybe, but that's what I would do 😅
# Summer[m] :D
# Summer[m] Would anyone to like to weigh in here? It appears this is correct, but thought I could use an experienced set of eyes :)
# Summer[m] https://github.com/idno/indiepub/issues/23
# Summer[m] PHP is not my first language, I just skimmed through the code and thought this was incorrect. I can't really offer a fix here unfortunately. I don't know if this is maintained.
[pfefferle] joined the channel
# Summer[m] Ok... guess I'll leave it there for now. 🤷♀️
# Summer[m] Literally 5 hours ago - https://github.com/idno/indiepub/pull/22 🙂
# Summer[m] sent a long message: < https://matrix.org/_matrix/media/r0/download/matrix.org/sxaBrTtQczGYvJYYrAoBzKjm >
# Summer[m] OK, confirmed. They tried to refresh so that was a code re-use causing a verification error.
gxt and [chrisaldrich] joined the channel
# [schmarty] Hahaha Flask::IndieAuth still wants form-encoded responses. I rediscovered this recently moving my personal notes site. I need to fix it. 😭
[spieper] joined the channel
# hirusi[m] This beats me... if a Micropub client is to be able to update or delete an entry, then it should be able to fetch a list of entries from the server right?
# hirusi[m] Sorry what do you mean by user action her?
# hirusi[m] here*
# hirusi[m] Ohh I see
[tw2113] joined the channel
# hirusi[m] I imagined when I started on this project that this would be something that would be possible within the core spec... just being able see a list of posts and click edit/delete next to it.
shrysr joined the channel
# hirusi[m] Well, at least this is a stable extension. 🙂
[Ana_Rodrigues] and [tb] joined the channel
# [tb] Took things one step further thanks to these discussions and renamed Entry to Post in my backend 😄
# [tb] Naming is Hard(tm)
# Zegnat aaronpk: wondering if we could add this to indieauth.next? It seems to be the one issue with the most checks of implementations that we have: https://github.com/indieweb/indieauth/issues/19
jamietanna joined the channel
# jamietanna !tell craftyphotons yeah my Hugo site is treated as the source-of-truth for everything, so any queries my Micropub server does is interacting with the repo and parsing any files out of it, or parsing any pre-built files on the public website
geoffo joined the channel
# craftyphotons !tell jamietanna Aha gotcha! This is something I really love about IndieWeb so far, the broad range of architectures/system designs from individual to individual and the attitude that there's no such thing as One True Architecture
leg, [KevinMarks] and [grantcodes] joined the channel
# [KevinMarks] Can you see from logs if any servers are still doing the form encoded version?
[tb], [chrisaldrich], geoffo and [fluffy] joined the channel