#dev 2020-12-13

2020-12-13 UTC
geoffo, [Raphael_Luckom], [tw2113_Slack_], [snarfed], [KevinMarks], ethanyoo, gRegorLove, KartikPrabhu and [tantek] joined the channel
# 07:40 
@wbrakowski365 After spending hours last night trying to integrate Webmentions into my blog and giving up desperately, I solved it in 10 minutes this morning. I'm learning from this: tackle difficult tasks in the morning rather than in the evening.
The result: (twitter.com/_/status/1338025299179659264)
nickodd and ethanyoo joined the channel
# 18:10 
@voxpelli ↩️ When it comes to passwords – are you sure you want the hassle of dealing with those and the security implications around it?

Maybe opt for OpenID Connect or IndieAuth instead? Or eg. simple OAuth based auth with eg. GitHub?

I do OpenID Connect in my current project. (twitter.com/_/status/1338184329860698115)
Loqi joined the channel
# 20:07 
GWG I'm fiddling with my IndieAuth code now to get it to 1.1
# 20:07 
GWG Wonder if mine works
# 20:08 
GWG I got, 'request is missing one or more required parameters"
# 20:08 
GWG On Monocle
# 20:09 
GWG Wait...I forgot about 'me'.
KartikPrabhu joined the channel
# 20:11 
GWG Hmm...this is fun. Micropublish.net had a PKCE validation error.
# 20:12 
GWG Okay, got Monocle working.
blade82 and KartikPrabhu joined the channel
# 20:40 
@voxpelli ↩️ Yeah, and adding eg opengraph data or other non-user specific stuff there, this is what I do in eg https://webmention.herokuapp.com/, with it being mostly parsed microformats there, and then a link table linking the source to the individual mention targets (twitter.com/_/status/1338221010907230209)
[barryf] joined the channel
# 20:41 
[barryf] Hey GWG. I've been working on updating Micropublish this weekend to support 1.1. Finding it tricky to test my implementation, but thanks to you and jamietanna for helping test.
# 20:41 
GWG [barryf]: I'm reasonable certain mine works. At the time, I had aaronpk check the PKCE code, though it was many revisions ago.
# 20:45 
@nhoizey ↩️ Same for me.
Most Webmentions come from Twitter, some from Mastodon, and a few from other sites.
Much less spam than with comments. (twitter.com/_/status/1338223215756279808)
# 20:47 
[barryf] I'll do some more debugging
# 20:48 
GWG [barryf]: Only one suggestion. Can you surface the full error response? You are only surfacing the status code
jamietanna joined the channel
# 20:54 
jamietanna I've added a unit test for an example challenge + verifier from my logs, and it gets rejected - but I'm not sure why, as it seems to match up :thinking:
# 20:57 
GWG jamietanna: Where are those tests?
# 20:57 
GWG Might give me some ideas
# 20:58 
[barryf] I'm adding the response body as you suggest, GWG. Are jamietanna's tests part of his IndieAuth server?
# 20:59 
jamietanna https://gitlab.com/jamietanna/www-api/-/commit/a81f3c85887983ce3871a8c124756131e0a38117
# 20:59 
GWG [barryf]: Likely, just thought I could reproduce
# 20:59 
jamietanna They are - see the link above for the Java code, see if it works your side GWG?
# 20:59 
GWG I can easily write that in PHP
# 21:00 
GWG Have to chop some vegetables for dinner first, but...
# 21:01 
jamietanna[m] As an aside this is another great point for an IndieAuth test suite 😁
# 21:02 
[barryf] jamietanna If I construct a code_challenge using your code_verifier from that unit test they match. There may be something else. +1 for a test suite!
# 21:02 
GWG jamietanna[m]: Agreed, but until then I need to add more tests than I have currently for something that could compromise so many sites
# 21:03 
jamietanna[m] Yep, definitely! I didn't mean just for you, GWG I mean this situation as a whole shows we need a suite. I had a similar bug with padding in PKCE that I only found when testing in the wild
# 21:04 
jamietanna[m] Barryf are you able to see what Micropublish generates when you give it a static verifier ie one from the spec?
ShadowKyogre and ethanyoo joined the channel
# 21:17 
[barryf] Using the spec's code_verifier (a6128783714cfda1d388e2e98b6ae8221ac31aca31959e59512c59f5) I get `MzlmNjAwYzZkZjMzNTM2NzQwM2MzNTkwYzUzMDE0MjJkNzkxY2NjYjI4OGZkNDAxNzRjMjE1MTAzMzg0YWQ0YQ`
# 21:19 
jamietanna[m] Does that match?
# 21:19 
jamietanna[m] Also is it worth rolling back micropublish.net for now? If possible
# 21:21 
[barryf] Sorry, where am I looking to match? Yes, I'll rollback.
# 21:23 
jamietanna[m] It should be in the spec to show what is expected. Sorry away from my laptop so can't check
# 21:29 
[barryf] No worries jamietanna[m]. Thanks for your help this evening. I'll do some more reading. I've rolled back.
# 21:35 
jamietanna[m] Thanks for being responsive and sorry it didn't quite work - let us know how you get on or if you're still diagnosing, and if you need a hand testing when resolved
ethanyoo and leg joined the channel
# 22:00 
[barryf] I think I've got something worth testing again on a staging URL, but I'll save it for tomorrow.
DanC and geoffo joined the channel
# 22:31 
jamietanna Send a link over when you get a chance and I'll see what happens :)
DanC joined the channel; ShadowKyogre left the channel