#dev 2021-02-22

2021-02-22 UTC
ccchapman, ShadowKyogre, [tantek], jeremycherfas, nertzy, wagle, jeremy, Seirdy, samwilson, [fluffy], gRegorLove, btrem, [chrisaldrich], alex11, mblaney and jamietanna joined the channel; ShadowKyogre and mblaney left the channel
#
jamietanna Is anyone able to give me a hand trying to get micropub.rocks running locally? There's no setup guide and as a non-PHP dev I'm not 100% sure where to start D:
#
jamietanna I'm looking to get one of my PRs ready to go, so as part of that I'll raise a PR for a local setup guide, too
ShadowKyogre, samwilson1, [pfefferle], [Murray] and [Ana_Rodrigues] joined the channel; ShadowKyogre left the channel
#
GWG My new consent screen got reviewed this morning. I opted for the notice about using PKCE over the warning about not using it.
jamietanna joined the channel
#
jamietanna Fair enough :)
#
GWG jamietanna: I debated it. I don't want to scare people. This is WordPress... how many users know what PKCE is?
#
GWG The same with the redirect URL message..that one is a warning
#
GWG Not having PKCE is not automatically unsafe.
[KevinMarks] joined the channel
#
jamietanna That's fair. I guess as long as users are confident that _not_ seeing the lock is bad, that's good. For my use case, I'm more likely to remember / be happy with the absense == all's good
#
GWG jamietanna: I'm going with seeing the lock is better. But once most implementations are on PKCE.. I may reverse that..the same way that browsers have gradually changed their padlock symbols
#
GWG This is the first time I have revealed PKCE is being used or not, and it's been in my implementation for a long time
#
jamietanna[m] Sounds good
#
GWG Next is expiring tickets after another prep PR is reviewed
#
GWG I added a recurring job that expires tokens in advance of expiring tokens
#
GWG Does any client support refresh tokens?
#
jamietanna Only clients I've written for my own personal use, I'd love to see more using it!
#
GWG jamietanna: I did a check... I can add refresh tokens rather easily, but nothing to test them with.
#
jamietanna Interesting - have you looked at using a plain OAuth2 library just to look at what they're like? I.e. what is needed to do the `refresh_token` grant, whether a refresh token is issued fresh and the old one revoked, etc?
[benatwork] joined the channel
#
GWG jamietanna: Only read the spec
#
GWG https://www.oauth.com/oauth2-servers/access-tokens/refreshing-access-tokens/ And this
#
jamietanna And https://www.jvt.me/posts/2021/01/31/refresh-token-indieauth/ ? :D
#
Loqi [Jamie Tanna] Implementing the Refresh Token Grant in my IndieAuth Server
#
GWG It's been an open tab for me ever since January
#
jacky opens link
#
GWG It notes how you can test from the cli... but I'm reluctant to add the feature without at least one full client to pair with
#
GWG I just made sure it would be trivial to do
#
GWG A refresh token has the same properties as an auth code or a token...
#
GWG So just a new type
#
jacky you know that URL that's meant to be like "display a code" for OAuth2?
#
jacky I wanna use something like that for audiences to be like 'completely public'
#
jacky I think I might use `https://indieweb.org/audience#Public` for now
#
jamietanna Not sure I know what you mean Jacky?
#
jacky https://oauth.net/2/grant-types/device-code/
#
jacky I _think_
#
jacky I know Mastodon does it sometimes when it's presenting a code you can enter into a device
#
jacky it's like in situations where polling can't be done or there's no web browser
#
jamietanna Ahh yes - we've had some chats about that before. I'm tempted to make a Linux PAM handler so I can use IndieAuth over SSH connections, but otherwise not really sure where else we'd use it
#
jacky haa that'd be interesting for shared hosting via IndieAuth
[snarfed] joined the channel
#
[snarfed] dangerous though. you’d need a fallback, otherwise when your site breaks, you couldn’t log in to fix it 😆
#
jamietanna :D definitely!
#
jacky haha
[tantek] joined the channel
#
jamietanna GWG would you be able to add different expiry to the refresh_token compared to others? / allow a refresh_token to create an access_token? (is this kinda built into WP?)
[KevinMarks] and [chrisaldrich] joined the channel
#
GWG jamietanna: Yes, not yet. Expiry I built into the implementation, but only use it to expire auth codes. Modifying it now to expire all codes
#
GWG Adding a default expiry config setting is trivial
#
jamietanna Nice
#
GWG I have a token class that handles both authorization codes and tokens...again, just a matter of adding a new type.
gRegorLove, [Murray], benwerd, alex11, nickodd and btrem joined the channel
#
GWG I need a term
#
GWG Watch, listen, read, play are all examples of what type of posts?
#
GWG I want to create a custom archive and need a slug for the URL
#
GWG Looking for other combos
#
aaronpk media?
nickodd left the channel
#
[tantek] eating
#
GWG I did /food for eat+drink
#
GWG aaronpk: I was worried media might be thought to be audio and video I posted
#
GWG For example, the Indieweb podcast
#
aaronpk if it weren't for "play" then "consume" covers all of them too
#
[chrisaldrich] media consumption is the closest I can get, but it sounds/feels clunky... the opposite being media creation for the other types as a group.
#
[chrisaldrich] entertainment is sometimes a catch-all for watch, listen, read, but isn't always applicable for large swaths of things that would otherwise be lumped in (at least in my case).
#
aaronpk and eating isn't always entertainment either
#
[chrisaldrich] you could always make up a new word like Last.fm did for music listens as scrobbles... rewablies?!?
#
aaronpk you could also call them scrobbles
#
[chrisaldrich] I don't think he's lumping in eat/drink/food with the watch/read/listen...
#
[tantek] GWG, this is the point, if you're looking for abstract/arbitrary categories, there's basically three: consume, react, produce
#
[tantek] aaronpk, reading isn't always entertainment either, or at least that's what I remember from school (sometimes)
#
aaronpk true
#
GWG I don't want the word to necessarily become a thing.. just want some easy ones.
#
[chrisaldrich] reminds me that I've noodled around with a learn (category), but not yet implemented it yet....
#
GWG I like react or reactions.
#
GWG That covers a few
#
[tantek] GWG, I feel like sometime in the past someone said "experiences"
#
GWG Activity maybe?
#
[tantek] lol
#
[tantek] "activity" means anything, hence why they named it ActivityStreams in the first place
#
GWG But people think exercise not reading for activity
#
aaronpk sounds like the page would be an... activity stream
#
GWG Darn
#
[chrisaldrich] I think the wiki has responses as a thing...
#
GWG Naming things is hard
#
[tantek] yes [chrisaldrich]
#
[tantek] (to both)
#
[tantek] what are responses
#
Loqi responses, or interactions, in the context of the indieweb, refer to all the different ways and things people explicitly do to and with others’s posts, from written replies to quick likes, in other words responses = replies + reactions https://indieweb.org/responses,
#
[chrisaldrich] I do like tantek's framing of the three broad things as consume, react/response, and produce.
#
[tantek] feels a bit They Live but maybe it's ok
#
jacky lol
#
jacky I was wondering this too re: what to call them
#
jacky they're not 'reactions' but they're not necessarily like some outward content that's easily shared
#
jacky I settled on Activity myself (I haven't built out my feed for it since I don't think giving each action a dedicated page makes explicit sense right now for me)
#
Saphire Hm
#
Saphire Is there any recommendations or standards for applications checking that the user who logged/is trying to login has permissions to do things?
#
Saphire Like, if one wanted to store that as something outside of the application, rather than having a user management system internally
#
[chrisaldrich] then there's the question of human doings or human beings, but that's getting maybe too meta...
KartikPrabhu joined the channel
#
GWG I have one confusing url pattern on my site now
#
GWG The /photos generates a page with all photos posted, whereas /kind/photo only shows photo posts
#
[tantek] only one? that's not bad GWG 🙂
#
GWG [tantek]: One that I just recently created
[KevinMarks], [tw2113_Slack_] and [snarfed] joined the channel
#
[snarfed] Saphire: the general term is access control. (apologies if you already knew!)
#
[tantek] applies to corps but definitely applies to our work on our own websites (and their code) https://twitter.com/johncutlefish/status/1360354543398129665
#
@johncutlefish ...or it will happen. https://pbs.twimg.com/media/EuDzKlTVEAIPxgd.jpg (twitter.com/_/status/1360354543398129665)
#
aaronpk hah one of the mini-games in the game i'm helping design is basically about exactly that
#
jacky argh I def need a 'util' section of my site
#
jacky don't wanna do things via the terminal
#
jacky and it's easier than expecting a client to pick up some behaviors
jamietanna joined the channel
#
jamietanna What you thinking, jacky?
#
jacky ha, mainly for internal things, cleaning up posts that might need a 'migration' to a new format
#
aaronpk ah yea i have a few buttons like that
#
aaronpk like "rebuild index"
#
jacky precisely that
#
jacky I'm looking at some stuff I _tend_ to do and see if I can make it into a job that runs every so often
#
jacky like for my nodeinfo endpoint, it runs that like once every 10 minutes to generate those stats
[Ana_Rodrigues] joined the channel
#
jacky but it'd be nice to kick off something like that or processing async webmentions a bit sooner
#
jacky this is definitely just fuel for me to continue working on Lwa
#
jamietanna that makes sense
#
@ReadyToDial ↩️ You should implement webmentions though (twitter.com/_/status/1363959627302334466)
[KevinMarks], samwilson and lahacker joined the channel
#
@mxdietrich First tweet via my website! 23 Feb-2021 This tweet was published on my own site http://mxd.codes and syndicated on twitter via http://brid.gy. #IndieWeb #POSSE (https://mxd.codes/notes/2021-02-23) (twitter.com/_/status/1363989561492312068)