#dev 2020-11-18
2020-11-18 UTC
# [chrisaldrich] they were two different people I think... it's in the wordpress chat...
[schmarty] joined the channel
# [chrisaldrich] Turns out they're the same person with two different screen names.
[KevinMarks], [tw2113_Slack_], [snarfed], petermolnar, geoffo and [jgmac1106] joined the channel
# [jgmac1106] so what I meant between poetry, syndication and what what a CMS does...Bridgy to Twitter got my author intent correct: https://twitter.com/jgmac1106/status/1328803024945471490 but the canonical copy does not: https://quickthoughts.jgregorymcverry.com/2020/11/17/in-shades-of-indiscriminate-waves
# @jgmac1106 In shades of indiscriminate waves he plays on troughs of time cresting on hopes approaching shore #smallpoems #writingcommunity (https://quickthoughts.jgregorymcverry.com/s/N5Iim) (twitter.com/_/status/1328803024945471490)
[Simon_Willison] joined the channel
# [Simon_Willison] OK! I have a fully working implementation of IndieAuth now, I think! Try it out at https://datasette-indieauth-demo.datasette.io/-/indieauth - if you sign in with a URL that supports full IndieAuth (has a `authorization_endpoint` rel link) it will redirect to your chosen authorization provider. If you use a domain that supports rel=me authentication it will instead bounce you through indielogin.com
# [Simon_Willison] https://github.com/simonw/datasette-indieauth is the repo - it’s on PyPI, so `pip install datasette-indieauth` will install the Datasette plugin
# [Simon_Willison] I’ve kept as much of the IndieAuth code as possible in a `utils.py` module which I should be able to extract out into a separate Python library in the future https://github.com/simonw/datasette-indieauth
# [Simon_Willison] see also the tests for the utils.py module here: https://github.com/simonw/datasette-indieauth/blob/main/tests/test_utils.py
# [Simon_Willison] I imagine that means you implement the “profile” extension and I didn’t properly test for that
# [Simon_Willison] https://github.com/simonw/datasette-indieauth/issues/16
# [Simon_Willison] https://github.com/simonw/datasette-indieauth/blob/cf726da7a5d5aa7791bb50e4badbdcd440fee310/datasette_indieauth/__init__.py#L145-L146 looks like a dumb bug
# [Simon_Willison] fix on the way
# [Simon_Willison] OK, try again now - I just deployed a fix
# [Simon_Willison] Just released 0.3.1 to PyPI with the fix (love GitHub Actions CI)
[chrisaldrich] joined the channel
# [chrisaldrich] [Simon_Willison]++ I just tested with my WordPress set up and didn't see anything out of place. Now I'm wondering what to do with the "fixtures" data... 🙂
# [Simon_Willison] The best fixtures page is this one https://datasette-indieauth-demo.datasette.io/fixtures/roadside_attractions
[tantek] joined the channel
# [tantek] that's on a Error 500 from https://datasette-indieauth-demo.datasette.io/-/indieauth/done?code= (bunch of numbers)
# [Simon_Willison] thanks, I’ll take a look
# [Simon_Willison] could you trigger that again? I don’t get persistent logs unfortuanetyl, but I can see them if you hit it live
# [Simon_Willison] Tantek - you have this on tantek.com
# [Simon_Willison] I didn’t know indieauth.com supported being used like that - I thought it only worked using rel=me - do you know how I can set my own site up to use indieauth.com/auth as the authorization_endpoint so I can test that myself?
# [Simon_Willison] ```<link rel="authorization_endpoint" href="https://indieauth.com/auth"/>```
# KartikPrabhu [Simon_Willison]: I think you add exactly the rel-markup that [tantek] has
# Loqi It looks like we don't have a page for "starter site" yet. Would you like to create it? (Or just say "starter site is ____", a sentence describing the term)
# [tantek] starter site is https://github.com/indieweb/blank-gh-site
# [Simon_Willison] OK Tantek I’ve replicated that bug
# [Simon_Willison] Will indielogin.com still work as a way to keep RelMeAuth working?
# [Simon_Willison] It strikes me that RelMeAuth needs at least on centralized provider that holds the keys for GitHub OAuth etc
# [Simon_Willison] https://github.com/simonw/datasette-indieauth/issues/18 - that’s the issue, working on a fix now
# [Simon_Willison] Aha, it looks like indieauth.com sometimes returns a body that looks like `me=https%3A%2F%2Fsimon-indieauth.vercel.app%2F&scope` rather than retuning JSON `
{"me": "…"}
`# [Simon_Willison] [tantek] OK try that now, I think I just shipped a fix
# [Simon_Willison] Tantek no I’d love to do Netflix, not sure where I’d get it from though
# [Simon_Willison] I guess I could scrape their site somehow?
# Loqi Netflix is a subscription service for on-demand video streaming and a silo of lists of shows you want to watch, shows you have watched, and lists of shows you like (or dislike) https://indieweb.org/Netflix
# [Simon_Willison] We recently setup Plex and that actually uses a SQLite database already, so I may pull that in soon
# [Simon_Willison] It’s the fixtures database from the Datasette test suite, so it’s not particularly interesting to look at!
# [Simon_Willison] just a very quick `.db` file I can drop into a demo
# [Simon_Willison] the only interesting thing about the demo is the way it shows you that you’re signed in at the top of the page
# [Simon_Willison] oh - and you can visit https://datasette-indieauth-demo.datsaette.io/-/actor to see your profile
# [Simon_Willison] oops https://datasette-indieauth-demo.datasette.io/-/actor
# [Simon_Willison] here’s the code that deploys the demo https://github.com/simonw/datasette-indieauth/blob/ce873e16aa2e747fd3ccdf659e70fde192bdf6ea/.github/workflows/test.yml#L56-L63
# [Simon_Willison] Every time I deploy the site it resets the signing secret which logs everyone out, I should fix that
# [Simon_Willison] [aaronpk] so currently I have this on https://simonwillison.net/
# [Simon_Willison] ```<link href="https://github.com/simonw" rel="me">```
# [Simon_Willison] I can use simonwillison.net to sign in using my datasette-indieauth plugin because it has code that looks for `<link rel="authorization_endpoint" …` on the page and, if that’s missing, redirect to `https://indieauth.com/auth?me=…` and rely on that to scan for RelMeAuth and redirect back again if it works
# [Simon_Willison] If indieauth.com goes away will I be able to use the same trick against indielogic.com ?
# [Simon_Willison] indielogin.com
# [Simon_Willison] it looks like the answer is no, because hitting `https://indielogin.com/auth?me=http%3A%2F%2Fsimonwillison.net%2F&client_id=https%3A%2F%2Fdatasette-indieauth-demo.datasette.io%2F-%2Findieauth&redirect_uri=https%3A%2F%2Fdatasette-indieauth-demo.datasette.io%2F-%2Findieauth%2Findieauth-com-done` right now gives me an error saying `This client_id is not registered (https://datasette-indieauth-demo.datasette.io/-/indieauth)`
nickodd joined the channel
# [Simon_Willison] Oh that’s a shame - my particular use-case benefits enormously from not needing to register, because the idea with Datasette is to support easily deploying dozens or even hundeds of websites
# [Simon_Willison] having to manually register them kills the magic of being able to do `datasette publish cloudrun my.db --install=datasette-indieauth`
# [Simon_Willison] The plugin will still be able to support raw IndieAuth but it won’t be easy to support RelMeAuth if there’s a registration requirement - well, that partly depends on the registration requirement. If it’s lighttweight and gives me a token I could set it up to work something like this:
# [Simon_Willison] ```datasette publish vercel my.db --project --my-database --install datasette-indieauth --plugin-secret datasette-indieauth indielogin_token XXXXXXX```
# [Simon_Willison] My stuff is a very weird edge-case, I can’t imagine there are many people building tools to actively encourage deploying semi-throwaway sites at a moments notice
# [Simon_Willison] Also a problem: sometimes you don’t even know the URL that your site will be deployed to when you run the command - but if indielogin.com lets me change the redirect URL after registering the site that shouldn’t be a show-stopper
# [Simon_Willison] or how about if indielogin.com provided a registration API that my deployment script could call during the deploy?
# aaronpk what I'm trying to do with indielogin.com is provide a tool for a small number of websites to use directly while also demonstrating the idea of having users authenticate as their own domain name so that hopefully more people will implement that idea or even spin up their own instances of that software
# [Simon_Willison] Not wanting to take responsibility for being the holder of the GitHub API key does make sense to me
# [Simon_Willison] to implement it myself
# [Simon_Willison] I think I may have been abusing indieauth.com via an undocumented feature - I can’t quite remember how I figured out that bouncing people to `https://indieauth.com/auth?me=http%3A%2F%2Fsimonwillison.net%2F&client_id=https%3A%2F%2Fdatasette-indieauth-demo.datasette.io%2F-%2Findieauth&redirect_uri=https%3A%2F%2Fdatasette-indieauth-demo.datasette.io%2F-%2Findieauth%2Findieauth-com-done` was a trick for getting `rel=me` auth without havin
# [Simon_Willison] When indieauth.com is replaced, will it still be possible for users to configure their domain for IndieAuth by following these steps?
# [Simon_Willison] 1. Add `<link href=“https://github.com/simonw” rel=“me”>` to your homepage
# [Simon_Willison] 3. Add `<link rel=“authorization_endpoint” href=“https://indieauth.com/auth”/>` to your homepage? (swapping indielogin.com in place of indieauth.com)
# [Simon_Willison] 2. Make sure your GitHub profile links back to your homepage
# [Simon_Willison] Or will users have to run the WordPress plugin or use some other `authorization_endpoint` provider?
# [Simon_Willison] Ok I think I understand the plan
Zegnat, jeremycherfas, schmudde, [tantek] and swentel joined the channel; nickodd left the channel
# @_maximization ↩️ Cool way of implementing webmentions! (twitter.com/_/status/1329001835882016768)
# @Rommudoh A simple setup for webmentions: just a Nginx server that logs the data, like described here:… https://twitter.com/i/web/status/1328799452388339714 (twitter.com/_/status/1328799452388339714)
[jgmac1106], jeremych_, swentel, [Ian_Forrester], oenone, [Sadik_Shahadu], swentie and DanC joined the channel
# superkuh Aw man.
# superkuh I tried to respond to that guy with webmentions but his webserver only accepts bleeding edge TLS versions. And *no* http. How lame.
p, geoffo and geoffo_ joined the channel
# petermolnar Zegnat: you are a test case :P
Kaja, nickodd and [tantek] joined the channel
# Loqi HTTP/2 is an IETF working group project to define and standardize the successor to HTTP/1.1 that currently drives the modern world wide web, see https://http2.github.io for more https://indieweb.org/HTTP2
[Ian_Forrester] joined the channel
[chrisaldrich], [asuh], [tantek], KartikPrabhu, leg, leg1, anemoiac, [jacky] and [Simon_Willison] joined the channel; nickodd left the channel
# [Simon_Willison] I removed the indieauth.com fallback from datasette-indieauth and shiped v1.0 https://github.com/simonw/datasette-indieauth/releases
# [Simon_Willison] (since the indieauth.com fallback was using what I think is an unsupported and undocumented feature, and wasn’t really necessary for the plugin - more details on that here https://github.com/simonw/datasette-indieauth/issues/14 )
[asuh] and [KevinMarks] joined the channel
# [Simon_Willison] https://simonwillison.net/2020/Nov/18/indieauth/