#dev 2020-08-10
2020-08-10 UTC
geoffo, beko, nickodd and KartikPrabhu joined the channel; nickodd left the channel
# hirusi[m] https://indieauth.spec.indieweb.org/
# hirusi[m] The "This version" link isn't really a permalink to "this version" -- only the current latest version. How do I get a link to _this version_?
# Zegnat https://indieauth.spec.indieweb.org/#change-log gives the quick overview of the sort of changes that have happened to the document in the last 2 years
moppy, swentel and gxt joined the channel
# @AdamBrodziak Webmention is used for a growing federated network of comments, likes, reposts, and other rich interactions across the decentralized social web.
”… an @ mention that works across websites; so that you don't feel immovable from Twitter or Fb.”
https://indieweb.org/Webmention (twitter.com/_/status/1292753019226984448)
# hirusi[m] <Zegnat "hirusi: like with HTML as well a"> That makes sense, thank you. I did not know this is what Living Standard meant.
# Zegnat https://whatwg.org/faq#living-standard is a pretty good description imo
[KevinMarks], [jgmac1106], KartikPrabhu, swentel and dckc joined the channel
geoffo and [tb] joined the channel
# [tb] [aaronpk] did you say before you'd be interested in having someone take on https://github.com/aaronpk/omniauth-indieauth?
# [tb] Cool! Since most of my IndieWeb stuff is going to be in Ruby and some of it is going to be federated out from my main backend monolith right now I just realized I was going to end up using this gem heavily for my auxiliary services to auth
# aaronpk oof i just realized all the wiki pages on indieauth are gonna need some updating too https://indieweb.org/Category:IndieAuth
# [tb] This has also gotten me thinking about how the OmniAuth strategy here would do PKCE (i.e. where would it store the code verifier, in a cookie?)
# [tb] Ah yeah looks like the omniauth-oauth2 strategy just stores it in the Rack session as I suspected https://github.com/omniauth/omniauth-oauth2/blob/master/lib/omniauth/strategies/oauth2.rb#L52
# aaronpk ah it's in a PR https://github.com/omniauth/omniauth-oauth2/pull/131
# [tb] That gem appears to be slowly maintained these days 😞
# [tb] Not in the way that the omniauth gems are meant to be used AFAIK
# [tb] There's always been https://github.com/oauth-xx/oauth2
[jeremycherfas] joined the channel
# [tb] Oh also [aaronpk] one confusing bit when I forked and cloned omniauth-indieauth just now — the LICENSE file is MIT but the readme says it's Apache 😄
leg joined the channel
# [tb] Looks like you have it licensed Apache in the gemspec as well
[chrisaldrich], swentel, [jgmac1106], [fluffy], [tantek] and swentie joined the channel
# Loqi rel=canonical is a way to indicate that a hyperlink links to the original and canonical version of the current page https://indieweb.org/rel-canonical
[snarfed] joined the channel
# @AtokNiiro Don't want Twitter to crop your images in the preview? Use these aspect ratios: https://pbs.twimg.com/media/Ee7KStrWAAAGUOJ.png (twitter.com/_/status/1292279430199431168)
gRegorLove, nickodd, [Rose] and swentel joined the channel
# Loqi reactions refer to the subset of responses/interactions with a post that are quicker, more impulsive, but still a conscious act, typically a simple UI gesture without writing any content, such as likes (reacji), reposts, bookmarks, or perhaps multiple simple UI gestures, such as selection a text range and posting a quotation of part of a post, or picking a person from a list to post an invitation as a response to seeing an event https://indieweb.org/reaction
# jacky lol the facepile wallllll https://aaronparecki.com/2019/01/11/28/
# jacky so I'm thinking about CTA to interact with things on my site when they're visited. this is what I have so far http://noctule.jacky.wtf:443/s/PWQZKKfrrLHYztd
# @rMdes_ ↩️ Fiy : Another brick of #Indieweb is called #indieauth = your site is your identity to login to other #Indieweb enabled site to react or use the wiki http://indieweb.org
Also check out #micropub and #microsub regarding RSS/syndication & following other blogs :) (twitter.com/_/status/1292886620211945473)
[KevinMarks], lahacker, leg, enpo, geoffo and [tb] joined the channel; nickodd left the channel
# [tb] Made a little foundational PR to start with [aaronpk] https://github.com/aaronpk/omniauth-indieauth/pull/4
[tantek] joined the channel
# @havemysecrets [token] in PR by craftyphotons
https://github.com/aaronpk/omniauth-indieauth/pull/4
Sample: ` 'change_me'` (twitter.com/_/status/1292911134589300738)
# [tb] Three things I can see to add right now are: 1) Support for PKCE 2) Parsing the h-card data we talked about in the popup on Saturday 3) Having this fetch a token instead of just doing the authentication flow (or giving the option to either of one)
# [tb] Oh right the biggest first thing to do!
# [tb] I was gonna say haha
# [tb] That's what it looks like, though was it Loqi who handed off my PR to the bot? 😄
# geman does anyone know, it seems granary.io does not support fetching like'd tweets from my twitter account (this is maybe a limitation of the twitter api?)
geoffo joined the channel
[snarfed] joined the channel
# geman ah sorry my bad, I wanted to fetch my likes, not who liked my tweets, i.e. my "favourites"
# geman I have not seen brid.gy before, need to look at that, this place is a gold mine for these glue-services :-)
# geman thanks
# geman ah, brid.gy seems to allow me to send likes of my tweets to my micrblog, but I don't see any ability to do things based on my favourites, no idea if it's possible
# geman so to be clear, my goal is to "archive" all my likes somewhere, preferably as they happen, and if possible archive the whole thread, with for example the threadreader
# geman if anyone knows if this is possible or how to do this, I'm all ears
# geman clearly there seems to be an API for this https://developer.twitter.com/en/docs/tweets/post-and-engage/api-reference/get-favorites-list , so there should be some service that can do this, seems IFFTF has some offers
# [snarfed] also i use this minimal homegrown service to do what you want, geman: https://github.com/snarfed/ownyourresponses
# geman cool, thanks I will take a look
# geman never heard about integromat before
# geman meh, so far both IFFTF and Integromat wants _full_ access to my twitter account
# geman I kind of understand why, I guess it's easier for them, but for example brid.gy did the right thing and separate read and write access
# geman yeah, this is a really surprising thing for _a lot_ of services, they 1. don't provide fine grained access and even when they do, the app developers are generally lazy and ask for *
# geman as always you peps has thought about this :-)
# geman oh wow... zapier is even worse, really ugly dark pattern for following their twitter account
# [tb] aaronpk++ thanks for the merge
# [tb] Dependabot is gonna start bugging with PRs now it looks like haha
# [tb] But I'll get to work on the endpoint discovery piece now
# [tb] I need all this functionality so I can make other stuff I have in the works talk to my hub 😄
lahacker joined the channel
# [tb] Great to hear [jacky] I'll certainly take you up on it
# [tb] I don't do Ruby anymore for work as of a few years ago and so all of these IndieWeb side projects have really been reviving my old favorite language for me
# [tb] Seems like PHP is pretty prevalent around here! I'll admit I haven't done much with PHP going on a decade now — I've heard it's quite the different language nowadays
# [tb] I'll have to take a look here sometime and see what's new (or I guess old by now but new for me)
# geman IMO PHP was never bad, but you could write some horrible things with it if you wanted, just like most other languages
# [tb] Yeah
# [tb] Like Java is a fine language until you start running into FactoryBuilderAdapterGenericSpringBeans
# geman still few (any?) languages which can beat it when it comes to deploying small web projects or web-glue
# [tb] Yeah because you can still just drop PHP right onto a shared web host without worrying about app servers right?
# geman and the isolation, it crashed? no worries, nothing is down, just try again
# geman anyways, It seems I need to look at either deploying ownyourresponses myself or trusting IFTTT or Integromat but not today, thanks for the help everyone, have a good one
# [tb] I am like 19% of the way to owning my reponses
# [tb] I have a basic webmention receiver now that does some quick verification and then shoves it into a manual approval queue for me, but nothing to present them in my Hugo site yet
geoffo and sp1ff joined the channel
# [tb] Oh phew... [jgarber]++ and thank you for https://github.com/jgarber623/link-header-parser-ruby
[jgarber] joined the channel
# [tb] This is going to be a big help on both omniauth-indieauth as well as my own webmention implementation
# [tb] So the first thing is going to be the IndieAuth endpoint discovery I'm working on adding to omniauth-indieauth
# [tb] Actually now that I'm looking at your repos you have a lot of things I've been building into my own backend haha
# [tb] But much farther along than I am
cjw6k joined the channel
# [tb] Hehe like my own graveyard of dead repos [jgarber] 😄
# [tb] I did pull one thing out of my monolith this weekend, my URL shortener — https://github.com/brvs-io/brvs
# [tb] This is going to be the first home for the work I'm doing in omniauth-indieauth
# [tb] There's a ton of OSS link shorteners/branded URL managers out there but not a lot of them overengineered to include an entire OAuth2 provider!
geoffo joined the channel
# [tb] 🤣
# [tb] So was thinking some about PKCE just now — a client that supports PKCE should be able to safely send PKCE parameters in both the authorization and token requests even if the provider doesn't support it, since the provider should just silently drop the `code_challenge` / `code_challenge_method` / `code_verifier` parameters if that's the case?