#dev 2020-11-29

2020-11-29 UTC
strugee joined the channel
#
aaronpk
the next question is whether i want to go full client-side and have the extension make the post request itself, risking other people having CORS issues if their servers don't support it, or have the extension send the contents to my server and make the request from my server
#
aaronpk
i wasn't going to go to the trouble of figuring out the client side indieauth flow for this cause i'm not that good at javascript, but if I had a server-side component i could make the whole setup experience a lot smoother for others
#
aaronpk
omg it works
#
vilhalmer
server seems fine, people who mind that sort of thing can probably spin up their own instance
fauno joined the channel
#
[tantek]
is this the new IG PESOS approach then?
[grantcodes] joined the channel
#
[grantcodes]
[aaronpk] I think at some point I found that js fetch requests are all fine with cors from an extension but couldn't read response headers. But the older xmlhttprequest could
#
aaronpk
true vilhalmer
#
[grantcodes]
But omnibear and postrchild both are fully client side extensions without cors issues
#
aaronpk
[grantcodes]: oh yeah i was reading that about Fetch, but my XMLHTTPRequest one can read the location header no problem
#
aaronpk
maybe i can convince someone who's better with javascript to touch this code up and make the indieauth flow work better :)
#
[grantcodes]
They both use my micropub script which does indieauth too. It's on npm or is a single modern js class
#
aaronpk
good docs [grantcodes]++
#
Loqi
[grantcodes] has 7 karma in this channel over the last year (17 in all channels)
#
[grantcodes]
Or it might be the other way round to be honest. Written for node and compiled for browser. But should be minimal changes either way
#
aaronpk
i don't see a single file download, just npm instructions
#
aaronpk
and yarn
#
[grantcodes]
Yeah it's honestly easier to provide that than a single file that's always up to date
#
aaronpk
can't you make github actions make a build or something?
#
aaronpk
i've never used yarn and i try to avoid npm if possible
#
[grantcodes]
Probably. This is from before github actions
#
[grantcodes]
I should probably rewrite it now to be browser & modern node js without any compiling or other garbage
#
aaronpk
this looks good though, looks pretty straightforward to use
#
[grantcodes]
Other issue is not much unit tests. But real world tested πŸ˜…
#
aaronpk
we've got a few spec changes to keep in mind now too :)
#
aaronpk
i should probably do a blog post writeup of that so you don't have to read through all the spec diffs
#
[grantcodes]
Indieauth changes rather than micropub right?
#
Loqi
I agree
#
[grantcodes]
Actually have a separate indieauth library that's very similar to the auth part of the micropub library but a bit more correct and I've been meaning to offload the auth stuff in micropub to that library but want to have unit tests first and never got around to finishing them
#
[grantcodes]
The classic time and motivation factors have held that back
[snarfed] joined the channel
#
vilhalmer
a blog post would be good, I read through the entire github issue to get background on the reasoning for the change
#
vilhalmer
which worked, but is not the smoothest method :)
#
aaronpk
yeah, i feel like we've finally hit a mostly stable spot with things now too
#
vilhalmer
I spent some time self-confused about how it was intended to work without the me param because I forgot my implementation is weird by not having a box to type your url into
#
vilhalmer
but in the end I was able to delete a bunch of code like you expected
#
vilhalmer
though implementing the code challenge made it about even
#
sebbu
Zegnat, before i get ready to re-do my auth tommorow, is there any more fix to selfauth and mintoken apart from the 2 other branchs (the pull requests) ? especially since i heard the indieauth spec was modified a few days/weeks ago and thoses fix are already 3 months old
#
sebbu
(this is for selfauth, for mintoken there seems to be no update apart from thoses old branches, older than the default)
[snarfed] joined the channel
#
@leozera
Today's work: added webmentions support to my website based on @shindakun post https://bit.ly/3fNzpD2 and @mxbck https://bit.ly/3lhKsWa Here is one example: https://bit.ly/2E32HP9 #webmentions
(twitter.com/_/status/1332932991463538691)
#
sebbu
damn bitly, hate thoses ad-filled redirectors websites that 99% of the time don't work on mobile
#
sebbu
(or adf.ly)
schmudde and [KevinMarks] joined the channel
#
Zegnat
sebbu: I do not think selfauth needed anymore patching. I have not really ran into any problems. But that said, I am writing a full replacement so it is not at the foremost of my mind.
#
Zegnat
I am currently not running MinToken as I have no need for tokens. So I would not be surprised if something breaks there, honestly. I am merging it into my selfauth replacement, so I am not sure what sort of updates I would be putting into it.
#
Zegnat
If it has been working for you a week or 2 ago, it should still work. We did not touch token endpoint logic in the latest indieauth release.
#
Zegnat
Mintoken probably does not do the new(ish) profile scope yet. But I also do not know how many apps are even asking for that.
#
sebbu
what's/where's the replacement ? :D
#
Zegnat
In a private repo :P I hoped to get it done during IWC East, but didn't make it. So currently it is just screenshots from the hack day that go around, haha
#
Zegnat
sebbu: it looks very much like Selfauth. So if you are on Selfauth/Mintoken, chances are this will be a very simple switch over (if that is what you want to do) https://indieweb.org/consent_screen#Martijn_van_der_Ven
[suze_shardlow1], ethanyoo and [eddie] joined the channel
#
[eddie]
Hmm, I get the feeling Slack image uploads to IRC is broken πŸ€”
#
[eddie]
Yep it is
#
[eddie]
Working on image optimization so I'm not shipping huge photos to my website. Something I haven't bothered with until now. For my Watch Posts I often show the TV/Movie cover art, and for Play posts, I show the game art. These three images are the game art for Zelda: Link's Awakening. Original JPG: 1mb, Optimized JPG: 218k, Optimized WebP: 168k. I can't believe that, 1mb to 168k!
#
[eddie]
Looking at the images in Google Chrome on my Retina MBP I can see no visible difference... 😲
#
sebbu
using a self-signed, expired certificate on https://localhost/ doesn't help me debug ssl issues :D
[jgmac1106] joined the channel
#
[jgmac1106]
okay wiki all fixed. dokuwiki, or at least my installatron install versions sets all users, without authentication, to have all rights
#
[eddie]
Lol isn’t that... dangerous?? πŸ˜„
#
sebbu
( ! ) Warning: array_merge(): Expected parameter 2 to be an array, null given in D:\htdocs\auth2\php-mintoken\endpoint.php on line 281
#
sebbu
i'm failing in php-mintoken, there doesn't seems to be a 'me' $_GET parameter
#
sebbu
(or any GET parameter)
#
sebbu
Zegnat, ?
#
Zegnat
Oh, did I make the me still be required? Thought I fixed that.
#
Zegnat
I'll check my code, might be a simple patch
#
sebbu
it was removed in selfauth, but not mintoken ?
#
Zegnat
Selfauth does not talk to Mintoken at all. Mintoken needs to check the access code with Selfauth before it can issue a token.
#
Zegnat
That was a weird quirk where IndieAuth was speccing things that OAuth clients did not support by default, so it was removed. Mintoken may be relying on the quirk though.
#
Zegnat
It is not a problem when token endpoint and auth endpoint are the same service. Which is one of the reasons I am merging them.
#
sebbu
well, i'm testing with indieweb/indieauth-client-php right now (so fully on localhost for the tests)
#
sebbu
i even added my localhost root CA to my local cacert.pem file, so that i don't have to turn off ssl verifications
#
Zegnat
Interesting that it throws an error on array_merge(). Thought it would just give an "invalid_request" as response if it failed
#
Zegnat
Alright, I think I know what I need to change. Just need to decide if I still want Mintoken to work for multiple sites from one instance, or just have it work for one site per installation
#
sebbu
well, it throws an invalid request afterwards
#
sebbu
it's a warning, not a (fatal) error
#
Zegnat
Step 3 of the setup, where you add the endpoints it should check for, is currently impossible because IndieAuth clients no longer tell you an endpoint (they no longer send me)
#
Zegnat
So instead of matching the me, Mintoken should just always immediately go to your configured endpoint to exchange the code. And fail if that fails, or issue the token.
#
Zegnat
Let me see if I can do a relatively quick fix for this ...
#
Zegnat
Currently do not have a testing flow setup myself ... like it says in the project README, I am not a very active user myself
#
Zegnat
you should be able to just swap out endpoint.php files and see if it fixes it. If not, I will have to have a sitdown at my proper environment tomorrow. I am not really available this weekend :(
#
Loqi
definitely
geoffo joined the channel
#
sebbu
Zegnat, verifyCode returns null
#
Zegnat
that should not happen unless selfauth is giving a wrong response
#
sebbu
the $endpoint seems to contains my $clientID instead of the $authorization_endpoint
#
sebbu
so, the json_decode fails
#
Zegnat
Does the new getTrustedEndpoint not work? That should be getting the endpoint you have set in your sqllite file
#
sebbu
i'll redo the sqlite
#
Zegnat
Do you have an SQLite gui installed so you can easily check the db?
#
sebbu
no, but i know how to use the cli
#
sebbu
seems to work :)
#
Zegnat
I am looking forward to finish up merging it and selfauth into one single thing that I can actually keep support up on
#
sebbu
Your IndieAuth server did not return a valid response.
#
sebbu
Response Code: 307
#
sebbu
Maximum (8) redirects followed
#
sebbu
Error Details
#
sebbu
indieauth.com works, indielogin.com doesn't
#
Zegnat
Maximum redirects does not sound like an Selfauth/Mintoken issue
#
Zegnat
I don't think either do 3xx responses
#
sebbu
arf, forgot the INPUT_SERVER issue
#
Zegnat
Ah, haha, yeah
#
sebbu
works with indieauth-client-php
#
sebbu
but still not with indielogin.com
#
sebbu
aaronpk, any idea ?
#
aaronpk
What error message is indielogin showing you?
#
Zegnat
Interesting that indielogin.com is failing. That is not doing a scoped request, is it, aaronpk? So it does not go against the token endpoint? Then it should only be talking to selfauth...
#
sebbu
307 max redirect
#
sebbu
indieauth-client-php also works hosted on my site
[tantek] joined the channel
#
[tantek]
aaronpk, are the IndieAuth 2020-11-26 version fairly apparent from the changes section? or would it be better to wait for a blog post?
#
[tantek]
I'm asking because I'd like to get a blurb / summary about this IndieAuth spec update into the Redecentralize digest for November
#
[tantek]
(assuming their last day for submissions is tomorrow)
#
[tantek]
just to give you something to contrast with, almost the first third of last month's newsletter was spent on SSI β€” without anything practical for anyone as far as I can tell: https://redecentralize.org/redigest/2020/10
#
[tantek]
so I'm assuming we could write something up that's much more significant / applicable / real / implementable about IndieAuth in contrast
[Raphael_Luckom], nickodd and ethanyoo joined the channel
#
aaronpk
the changes are all listed out in the changelog, but i'd probably recommend waiting until i can write a blog post, i'm planning on writing it in a much more actionable "how to update to this version" kind of way
#
aaronpk
also describing some of the motivations for the changes
#
[tantek]
We can always talk about it twice
#
[tantek]
first as a minor update (summary of changes from the changelog)
#
[tantek]
and then later when you blog about it, that can be a featured thing
#
[tantek]
people like ongoing narratives like that
#
Loqi
Ok, I'll tell them that when I see them next
#
jeremycherfas
!tell zegant can I talk to you about the `core.js` you use on your `weight` page? In DM if you prefer.
#
[Raphael_Luckom]
petermolnar: when I was looking at exif stuff, there was some proprietary field that could be in the MBs range I think
#
petermolnar
emphasis on "could"
#
[Raphael_Luckom]
It was the "MakerNote" field
#
petermolnar
but I sort of doubt exif would allow that
#
petermolnar
are you sure it's not xml or iptc?
#
petermolnar
ah, those. Yes, I know about the provider blobs
#
sebbu
they've been reverse-engineer'ed
#
sebbu
amongst other thing, i might contain your camera serial number or GPS coordinates
[jgmac1106] joined the channel
#
[Raphael_Luckom]
yeah, it's really annoying when they stick gps in there. There's already a location field in exif proper--it's the first thing you want to set for recodkeeping, or delete for privacy. Adding it in obfuscated form in some other place breaks both those use cases
schmudde and [chrisaldrich] joined the channel
#
jeremycherfas
!tell Zegnat can I talk to you about the core.js you use on your `weight` page? In DM if you prefer.
#
Loqi
Ok, I'll tell them that when I see them next
#
Zegnat
!tell jeremycherfas of course! Always happy to discuss my own code :D If it does not feel like it is something others can use, happy to take it outside of this channel
#
Loqi
Ok, I'll tell them that when I see them next
#
Loqi
Zegnat: jeremycherfas left you a message 4 minutes ago: can I talk to you about the core.js you use on your `weight` page? In DM if you prefer.
#
jeremycherfas
It’s about how you build the page. I’ll go to DM
#
Loqi
jeremycherfas: Zegnat left you a message 9 minutes ago: of course! Always happy to discuss my own code :D If it does not feel like it is something others can use, happy to take it outside of this channel
geoffo and [tw2113_Slack_] joined the channel; nickodd left the channel
#
[Raphael_Luckom]
I think I finally wrapped my head around the HATEOAS part of REST: https://www.raphaelluckom.com/posts/revenge_of_hateoas.html
[KevinMarks] joined the channel
#
@eaton
Because it's evergreen, I find myself writing up another explanation of the distinctions between a Domain model, a Content model, and a Data model. For most folks this doesn't matter, but for some teams, it's a point of contention!
(twitter.com/_/status/1333126544848523264)
#
[KevinMarks]
(a key reason mf2 parses out the rel-urls is how handy they are for that kind of thing)
dylanharris joined the channel
#
[Raphael_Luckom]
cool, thanks!
schmudde, jamietanna, silo, [chrisaldrich], [jgmac1106], ethanyoo and geoffo joined the channel