#aaronpkthe next question is whether i want to go full client-side and have the extension make the post request itself, risking other people having CORS issues if their servers don't support it, or have the extension send the contents to my server and make the request from my server
#aaronpki wasn't going to go to the trouble of figuring out the client side indieauth flow for this cause i'm not that good at javascript, but if I had a server-side component i could make the whole setup experience a lot smoother for others
#[grantcodes][aaronpk] I think at some point I found that js fetch requests are all fine with cors from an extension but couldn't read response headers. But the older xmlhttprequest could
#[grantcodes]Actually have a separate indieauth library that's very similar to the auth part of the micropub library but a bit more correct and I've been meaning to offload the auth stuff in micropub to that library but want to have unit tests first and never got around to finishing them
#[grantcodes]The classic time and motivation factors have held that back
[snarfed] joined the channel
#vilhalmera blog post would be good, I read through the entire github issue to get background on the reasoning for the change
#vilhalmerwhich worked, but is not the smoothest method :)
#aaronpkyeah, i feel like we've finally hit a mostly stable spot with things now too
#vilhalmerI spent some time self-confused about how it was intended to work without the me param because I forgot my implementation is weird by not having a box to type your url into
#vilhalmerbut in the end I was able to delete a bunch of code like you expected
#vilhalmerthough implementing the code challenge made it about even
#sebbuZegnat, before i get ready to re-do my auth tommorow, is there any more fix to selfauth and mintoken apart from the 2 other branchs (the pull requests) ? especially since i heard the indieauth spec was modified a few days/weeks ago and thoses fix are already 3 months old
#sebbu(this is for selfauth, for mintoken there seems to be no update apart from thoses old branches, older than the default)
#Zegnatsebbu: I do not think selfauth needed anymore patching. I have not really ran into any problems. But that said, I am writing a full replacement so it is not at the foremost of my mind.
#ZegnatI am currently not running MinToken as I have no need for tokens. So I would not be surprised if something breaks there, honestly. I am merging it into my selfauth replacement, so I am not sure what sort of updates I would be putting into it.
#ZegnatIf it has been working for you a week or 2 ago, it should still work. We did not touch token endpoint logic in the latest indieauth release.
#ZegnatMintoken probably does not do the new(ish) profile scope yet. But I also do not know how many apps are even asking for that.
#ZegnatIn a private repo :P I hoped to get it done during IWC East, but didn't make it. So currently it is just screenshots from the hack day that go around, haha
#[eddie]Working on image optimization so I'm not shipping huge photos to my website. Something I haven't bothered with until now. For my Watch Posts I often show the TV/Movie cover art, and for Play posts, I show the game art. These three images are the game art for Zelda: Link's Awakening. Original JPG: 1mb, Optimized JPG: 218k, Optimized WebP: 168k. I can't believe that, 1mb to 168k!
#ZegnatOh, did I make the me still be required? Thought I fixed that.
#ZegnatI'll check my code, might be a simple patch
#sebbuit was removed in selfauth, but not mintoken ?
#ZegnatSelfauth does not talk to Mintoken at all. Mintoken needs to check the access code with Selfauth before it can issue a token.
#ZegnatThat was a weird quirk where IndieAuth was speccing things that OAuth clients did not support by default, so it was removed. Mintoken may be relying on the quirk though.
#ZegnatIt is not a problem when token endpoint and auth endpoint are the same service. Which is one of the reasons I am merging them.
#sebbuwell, i'm testing with indieweb/indieauth-client-php right now (so fully on localhost for the tests)
#sebbui even added my localhost root CA to my local cacert.pem file, so that i don't have to turn off ssl verifications
#ZegnatInteresting that it throws an error on array_merge(). Thought it would just give an "invalid_request" as response if it failed
#ZegnatAlright, I think I know what I need to change. Just need to decide if I still want Mintoken to work for multiple sites from one instance, or just have it work for one site per installation
#sebbuwell, it throws an invalid request afterwards
#ZegnatStep 3 of the setup, where you add the endpoints it should check for, is currently impossible because IndieAuth clients no longer tell you an endpoint (they no longer send me)
#ZegnatSo instead of matching the me, Mintoken should just always immediately go to your configured endpoint to exchange the code. And fail if that fails, or issue the token.
#ZegnatLet me see if I can do a relatively quick fix for this ...
#ZegnatCurrently do not have a testing flow setup myself ... like it says in the project README, I am not a very active user myself
#Zegnatyou should be able to just swap out endpoint.php files and see if it fixes it. If not, I will have to have a sitdown at my proper environment tomorrow. I am not really available this weekend :(
#aaronpkWhat error message is indielogin showing you?
#ZegnatInteresting that indielogin.com is failing. That is not doing a scoped request, is it, aaronpk? So it does not go against the token endpoint? Then it should only be talking to selfauth...
#sebbuindieauth-client-php also works hosted on my site
[tantek] joined the channel
#[tantek]aaronpk, are the IndieAuth 2020-11-26 version fairly apparent from the changes section? or would it be better to wait for a blog post?
#[tantek]I'm asking because I'd like to get a blurb / summary about this IndieAuth spec update into the Redecentralize digest for November
#[tantek](assuming their last day for submissions is tomorrow)
#[tantek]just to give you something to contrast with, almost the first third of last month's newsletter was spent on SSI β without anything practical for anyone as far as I can tell: https://redecentralize.org/redigest/2020/10
#[tantek]so I'm assuming we could write something up that's much more significant / applicable / real / implementable about IndieAuth in contrast
[Raphael_Luckom], nickodd and ethanyoo joined the channel
#aaronpkthe changes are all listed out in the changelog, but i'd probably recommend waiting until i can write a blog post, i'm planning on writing it in a much more actionable "how to update to this version" kind of way
#aaronpkalso describing some of the motivations for the changes
#[Raphael_Luckom]yeah, it's really annoying when they stick gps in there. There's already a location field in exif proper--it's the first thing you want to set for recodkeeping, or delete for privacy. Adding it in obfuscated form in some other place breaks both those use cases
schmudde and [chrisaldrich] joined the channel
#jeremycherfas!tell Zegnat can I talk to you about the core.js you use on your `weight` page? In DM if you prefer.
#Zegnat!tell jeremycherfas of course! Always happy to discuss my own code :D If it does not feel like it is something others can use, happy to take it outside of this channel
#LoqiZegnat: jeremycherfas left you a message 4 minutes ago: can I talk to you about the core.js you use on your `weight` page? In DM if you prefer.
#jeremycherfasItβs about how you build the page. Iβll go to DM
#Loqijeremycherfas: Zegnat left you a message 9 minutes ago: of course! Always happy to discuss my own code :D If it does not feel like it is something others can use, happy to take it outside of this channel
geoffo and [tw2113_Slack_] joined the channel; nickodd left the channel
#@eatonBecause it's evergreen, I find myself writing up another explanation of the distinctions between a Domain model, a Content model, and a Data model. For most folks this doesn't matter, but for some teams, it's a point of contention! (twitter.com/_/status/1333126544848523264)
#[KevinMarks](a key reason mf2 parses out the rel-urls is how handy they are for that kind of thing)