#dev 2020-08-03
2020-08-03 UTC
[tantek], [schmarty], oodani and [dmitshur] joined the channel
# [dmitshur] found this (in HTTP/1.1 spec):
# [dmitshur] > All general-purpose servers MUST support the methods GET and HEAD.
# [dmitshur] > All other methods are OPTIONAL.
# Loqi A private group is a group where the posts, members, and any other content in the group is only viewable by members of the group, a common social silo feature (like on Facebook) https://indieweb.org/private_group
# [tantek] private group << Before you go building this, please be aware of the hazards of group dynamics and group psychology, as described in this article: 2020-07-02 The Guardian: [https://www.theguardian.com/technology/2020/jul/02/whatsapp-groups-conspiracy-theories-disinformation-democracy What's wrong with WhatsApp] (applies to much more than WhatsApp)
# Loqi ok, I added "Before you go building this, please be aware of the hazards of group dynamics and group psychology, as described in this article: 2020-07-02 The Guardian: [https://www.theguardian.com/technology/2020/jul/02/whatsapp-groups-conspiracy-theories-disinformation-democracy What's wrong with WhatsApp] (applies to much more than WhatsApp)" to the "See Also" section of /private_group https://indieweb.org/wiki/index.php?diff=71823&oldid=71103
beko, Yes, [dmitshur], [tantek], geoffo, geoffo_ and [tb] joined the channel
# [tb] If any Rails folks here have ever been interested in IndieAuth on top of Doorkeeper, completed my spike today https://github.com/craftyphotons/singulus/commit/3ad02913b113221c73dfc2c208a7ca0c57e2c12f
# [tb] Fairly happy with it so far, needs a lot of tests and probably a fair amount of refactoring now
superkuh, [tantek], swentel, KartikPrabhu, gxt, [KevinMarks], moppy, [arush], dckc, [jgmac1106], geoffo, [Chaitanya], nickodd, [schmarty], [tw2113] and [chrisaldrich] joined the channel
# sknebel colors << [https://whocanuse.com whocanuse.com - contrast checker with checks for visual impairments]
# Loqi ok, I added "[https://whocanuse.com whocanuse.com - contrast checker with checks for visual impairments]" to the "See Also" section of /color_palette https://indieweb.org/wiki/index.php?diff=71831&oldid=70394
KartikPrabhu joined the channel; nickodd left the channel
# [tantek] has anyone who runs these "send webmentions on your behalf as a service" things considered adding an "archive all potential webmention destinations" option that automatically sends everything a post links to, to the internet archive for archiving as of the time you (tried to) send a webmention?
[tb] joined the channel
# [tb] That's an interesting idea, might make that a fast follow to my own webmention implementation once I finish the mvp
# [tb] Wayback Machine only appears to have a retrieval API though, suppose you could just post to the same URL as their save form though
# [tb] How are you submitting the URLs programatically?
[schmarty] joined the channel
leg joined the channel
leg joined the channel
# [tb] Ah that's too bad π
# [tb] Can I pick your brains at some point on my IndieAuth implementation? There were a couple tradeoffs I made where I was confused about something in the spec or due to the fact that I was extending it on top of Doorkeeper that I was curious to get some thoughts on
# [tb] One of the major ones was that I completely removed the client validation from the token revocation endpoint, which I wasn't sure on since the OAuth2 specs have it in there as a requirement but it didn't seem like much use for IndieAuth clients
# [tb] Oh I meant the part of RFC 7009 that says "
# [tb] in SectionΒ 2.3. of [RFC6749].```
# [tb] ```The client also includes its authentication credentials as described
# [tb] "
# [tb] ```According to this specification, a client's request must contain a
# [tb] valid client_id, in the case of a public client```
# [tb] Yeah I don't see how it would really serve much of a purpose in this case to me
# [tb] Cool well I'll maintain that behavior then β my other question was around how I'm doing authorization. Right now what I'm doing (and this is largely a product of me extending Doorkeeper's architecture) is to upsert an OAuth client on the backend whenever an IndieAuth authorization request comes in https://github.com/craftyphotons/singulus/blob/main/app/models/indieauth/pre_authorization.rb#L50-L62
# [tb] I figure that also gives me a place to store any information I discover about the client
# [tb] Yeah they need to be logged in to get that far
# [tb] iA Writer continues to dislike my setup π
# [tb] It actually makes it all the way through the authorization flow for me now but once it gets the token it claims that the token doesn't have valid permissions
# [tb] Yep
# [tb] And the token that was given back to iA Writer indeed has the scopes it asked for
# [tb] Which were `create` and `media` in this cae
# [tb] Trying to find some other places now to validate my auth endpoint against, and I need to write a full acceptance test suite for this now.
# [tb] Oh actually that leads me to my last question. For my `response_type=id` flow, I force a scope of `profile` no matter what they give as `scope` in case they decide to use the access grant to get a token instead of just POST back to the auth endpoint again
# [tb] Is there any issue with doing it that way? I know that's mostly just because I'm trying to reuse Doorkeeper's `code` flow for `id`
# @RubygemsN indieauth-token-verification (0.2.1): Perform the access token verification portion of the IndieAuth process by communicationg with a toke https://rubygems.org/gems/indieauth-token-verification (twitter.com/_/status/1290390596515852288)
# [tb] Oh hah gotcha
# [tb] Does anything out there actually use `id`?
# [tb] I think the reason I like it is it standardizes a way for the client to get the user's profile
# [tb] But yeah I literally force it over to the `code` flow in my implementation and just force the scope to `profile`
[fluffy] joined the channel
# [tb] Ah what's Saturday? I need to keep up better!
# [tb] Oh nvm found it
# [tb] Yes I'll be there!
# [tb] Hehe that's why I did it
# [tb] Either way though great work with IndieAuth [aaronpk]. It was a fun time yesterday reading through the spec and implementing for my site, and learned some things about OAuth along the way
# [tb] Oh I guess the one thing I need to do for `id` then is invalidate the access grant once it's POST'ed to the auth endpoint
# [tb] Oh yeah I didn't do that yet π
# [tb] Now that I have IndieAuth implemented though it's time to get back to my Micropub server and get my initial iteration of webmentions sorted out!
geoffo joined the channel
# [tb] So in lieu of submitting to internetarchive, are there some good self-hosted internetarchive-like apps that one could deploy and that follow any standard protocols around this kind of thing?
# Loqi IndieArchive is a project to collaboratively grow an archival copy of pages replied to (possibly also mentioned) in indie web posts https://indieweb.org/indie-archive
# [tb] tantek++ thanks!
# [tb] Also just discovered https://github.com/pirate/ArchiveBox as I was searching around
# [tb] What if you used a full on chrome headless session? π
# [tb] Oh! ArchiveBox has a save-to-IA function
# [tb] Maybe some clues here
[manton] joined the channel
[KevinMarks] joined the channel
# [KevinMarks] [tantek] mention.tech sends all urls it sees to archive.org
[chrisaldrich] joined the channel
# [KevinMarks] I tried it manually and got βSaving page https://highlightpoetry.com
# [KevinMarks] The capture is estimated to start in 634 minutes.β
[tb] joined the channel
# [tb] I was playing around a bit with that ArchiveBox project I linked above and it's pretty neat
# [tb] I think I'm going to deploy that thing onto a small cloud instance somewhere and use that for my archive