#dev 2021-02-22

2021-02-22 UTC
ccchapman, ShadowKyogre, [tantek], jeremycherfas, nertzy, wagle, jeremy, Seirdy, samwilson, [fluffy], gRegorLove, btrem, [chrisaldrich], alex11, mblaney and jamietanna joined the channel; ShadowKyogre and mblaney left the channel
#
jamietanna
Is anyone able to give me a hand trying to get micropub.rocks running locally? There's no setup guide and as a non-PHP dev I'm not 100% sure where to start D:
#
jamietanna
I'm looking to get one of my PRs ready to go, so as part of that I'll raise a PR for a local setup guide, too
ShadowKyogre, samwilson1, [pfefferle], [Murray] and [Ana_Rodrigues] joined the channel; ShadowKyogre left the channel
#
GWG
My new consent screen got reviewed this morning. I opted for the notice about using PKCE over the warning about not using it.
jamietanna joined the channel
#
jamietanna
Fair enough :)
#
GWG
jamietanna: I debated it. I don't want to scare people. This is WordPress... how many users know what PKCE is?
#
GWG
The same with the redirect URL message..that one is a warning
#
GWG
Not having PKCE is not automatically unsafe.
[KevinMarks] joined the channel
#
jamietanna
That's fair. I guess as long as users are confident that _not_ seeing the lock is bad, that's good. For my use case, I'm more likely to remember / be happy with the absense == all's good
#
GWG
jamietanna: I'm going with seeing the lock is better. But once most implementations are on PKCE.. I may reverse that..the same way that browsers have gradually changed their padlock symbols
#
GWG
This is the first time I have revealed PKCE is being used or not, and it's been in my implementation for a long time
#
jamietanna[m]
Sounds good
#
GWG
Next is expiring tickets after another prep PR is reviewed
#
GWG
I added a recurring job that expires tokens in advance of expiring tokens
#
GWG
Does any client support refresh tokens?
#
jamietanna
Only clients I've written for my own personal use, I'd love to see more using it!
#
GWG
jamietanna: I did a check... I can add refresh tokens rather easily, but nothing to test them with.
#
jamietanna
Interesting - have you looked at using a plain OAuth2 library just to look at what they're like? I.e. what is needed to do the `refresh_token` grant, whether a refresh token is issued fresh and the old one revoked, etc?
[benatwork] joined the channel
#
GWG
jamietanna: Only read the spec
#
Loqi
[Jamie Tanna] Implementing the Refresh Token Grant in my IndieAuth Server
#
GWG
It's been an open tab for me ever since January
#
jacky
opens link
#
GWG
It notes how you can test from the cli... but I'm reluctant to add the feature without at least one full client to pair with
#
GWG
I just made sure it would be trivial to do
#
GWG
A refresh token has the same properties as an auth code or a token...
#
GWG
So just a new type
#
jacky
you know that URL that's meant to be like "display a code" for OAuth2?
#
jacky
I wanna use something like that for audiences to be like 'completely public'
#
jacky
I think I might use `https://indieweb.org/audience#Public` for now
#
jamietanna
Not sure I know what you mean Jacky?
#
jacky
I _think_
#
jacky
I know Mastodon does it sometimes when it's presenting a code you can enter into a device
#
jacky
it's like in situations where polling can't be done or there's no web browser
#
jamietanna
Ahh yes - we've had some chats about that before. I'm tempted to make a Linux PAM handler so I can use IndieAuth over SSH connections, but otherwise not really sure where else we'd use it
#
jacky
haa that'd be interesting for shared hosting via IndieAuth
[snarfed] joined the channel
#
[snarfed]
dangerous though. you’d need a fallback, otherwise when your site breaks, you couldn’t log in to fix it 😆
#
jamietanna
:D definitely!
[tantek] joined the channel
#
jamietanna
GWG would you be able to add different expiry to the refresh_token compared to others? / allow a refresh_token to create an access_token? (is this kinda built into WP?)
[KevinMarks] and [chrisaldrich] joined the channel
#
GWG
jamietanna: Yes, not yet. Expiry I built into the implementation, but only use it to expire auth codes. Modifying it now to expire all codes
#
GWG
Adding a default expiry config setting is trivial
#
GWG
I have a token class that handles both authorization codes and tokens...again, just a matter of adding a new type.
gRegorLove, [Murray], benwerd, alex11, nickodd and btrem joined the channel
#
GWG
I need a term
#
GWG
Watch, listen, read, play are all examples of what type of posts?
#
GWG
I want to create a custom archive and need a slug for the URL
#
GWG
Looking for other combos
#
aaronpk
media?
nickodd left the channel
#
GWG
I did /food for eat+drink
#
GWG
aaronpk: I was worried media might be thought to be audio and video I posted
#
GWG
For example, the Indieweb podcast
#
aaronpk
if it weren't for "play" then "consume" covers all of them too
#
[chrisaldrich]
media consumption is the closest I can get, but it sounds/feels clunky... the opposite being media creation for the other types as a group.
#
[chrisaldrich]
entertainment is sometimes a catch-all for watch, listen, read, but isn't always applicable for large swaths of things that would otherwise be lumped in (at least in my case).
#
aaronpk
and eating isn't always entertainment either
#
[chrisaldrich]
you could always make up a new word like Last.fm did for music listens as scrobbles... rewablies?!?
#
aaronpk
you could also call them scrobbles
#
[chrisaldrich]
I don't think he's lumping in eat/drink/food with the watch/read/listen...
#
[tantek]
GWG, this is the point, if you're looking for abstract/arbitrary categories, there's basically three: consume, react, produce
#
[tantek]
aaronpk, reading isn't always entertainment either, or at least that's what I remember from school (sometimes)
#
GWG
I don't want the word to necessarily become a thing.. just want some easy ones.
#
[chrisaldrich]
reminds me that I've noodled around with a learn (category), but not yet implemented it yet....
#
GWG
I like react or reactions.
#
GWG
That covers a few
#
[tantek]
GWG, I feel like sometime in the past someone said "experiences"
#
GWG
Activity maybe?
#
[tantek]
"activity" means anything, hence why they named it ActivityStreams in the first place
#
GWG
But people think exercise not reading for activity
#
aaronpk
sounds like the page would be an... activity stream
#
GWG
Darn
#
[chrisaldrich]
I think the wiki has responses as a thing...
#
GWG
Naming things is hard
#
[tantek]
yes [chrisaldrich]
#
[tantek]
(to both)
#
[tantek]
what are responses
#
Loqi
responses, or interactions, in the context of the indieweb, refer to all the different ways and things people explicitly do to and with others’s posts, from written replies to quick likes, in other words responses = replies + reactions https://indieweb.org/responses,
#
[chrisaldrich]
I do like tantek's framing of the three broad things as consume, react/response, and produce.
#
[tantek]
feels a bit They Live but maybe it's ok
#
jacky
I was wondering this too re: what to call them
#
jacky
they're not 'reactions' but they're not necessarily like some outward content that's easily shared
#
jacky
I settled on Activity myself (I haven't built out my feed for it since I don't think giving each action a dedicated page makes explicit sense right now for me)
#
Saphire
Hm
#
Saphire
Is there any recommendations or standards for applications checking that the user who logged/is trying to login has permissions to do things?
#
Saphire
Like, if one wanted to store that as something outside of the application, rather than having a user management system internally
#
[chrisaldrich]
then there's the question of human doings or human beings, but that's getting maybe too meta...
KartikPrabhu joined the channel
#
GWG
I have one confusing url pattern on my site now
#
GWG
The /photos generates a page with all photos posted, whereas /kind/photo only shows photo posts
#
[tantek]
only one? that's not bad GWG 🙂
#
GWG
[tantek]: One that I just recently created
[KevinMarks], [tw2113_Slack_] and [snarfed] joined the channel
#
[snarfed]
Saphire: the general term is access control. (apologies if you already knew!)
#
[tantek]
applies to corps but definitely applies to our work on our own websites (and their code) https://twitter.com/johncutlefish/status/1360354543398129665
#
aaronpk
hah one of the mini-games in the game i'm helping design is basically about exactly that
#
jacky
argh I def need a 'util' section of my site
#
jacky
don't wanna do things via the terminal
#
jacky
and it's easier than expecting a client to pick up some behaviors
jamietanna joined the channel
#
jamietanna
What you thinking, jacky?
#
jacky
ha, mainly for internal things, cleaning up posts that might need a 'migration' to a new format
#
aaronpk
ah yea i have a few buttons like that
#
aaronpk
like "rebuild index"
#
jacky
precisely that
#
jacky
I'm looking at some stuff I _tend_ to do and see if I can make it into a job that runs every so often
#
jacky
like for my nodeinfo endpoint, it runs that like once every 10 minutes to generate those stats
[Ana_Rodrigues] joined the channel
#
jacky
but it'd be nice to kick off something like that or processing async webmentions a bit sooner
#
jacky
this is definitely just fuel for me to continue working on Lwa
#
jamietanna
that makes sense
#
@ReadyToDial
↩️ You should implement webmentions though
(twitter.com/_/status/1363959627302334466)
[KevinMarks], samwilson and lahacker joined the channel
#
@mxdietrich
First tweet via my website! 23 Feb-2021 This tweet was published on my own site http://mxd.codes and syndicated on twitter via http://brid.gy. #IndieWeb #POSSE (https://mxd.codes/notes/2021-02-23)
(twitter.com/_/status/1363989561492312068)