#sparseMatrixthat was awesome... the hcard I had in place had rel/me and authorization endpoint(s) configured for my new(er) micropub server effort. I attempted to log in to the wiki with my my newer hcard uri, and indieauth.com redirected me to the auth endpoint at the dev site.
#sparseMatrixnot exactly handy for logging in right now, given it's barely started, but it gave me a perfectly clear picture of what my flask app needs to do next.
#sparseMatrixso I have been really struggling to articulate to myself with precision what it is I want my new service to do, beyond very generally saying, you know, microformats/micropub.
#sparseMatrixHowever, I only want to actually authorize one myself; that one being me.
#sparseMatrixSo essentially anyone would be able to use the endpoints on the server, so long as they could authenticate according to any of the accepted methods.
#sparseMatrixthat gives me the better parts of them having an account with classical permissions, vs. the pain of having to 'host' such accounts.
#sparseMatrixessentially a policy of 'any verifiable identity already has an account on my server'.
#sparseMatrixperhaps that is how it works anyway, and the light only just lit up for me ; )
#sparseMatrixbut in any case, that is where I think I'm headed
#barnabywaltersI’m also thinking about read vs read_public scopes, to control whether clients can access private content
#mgdmis h-entry markup only intended for the actual content of post? So I shouldn't add that to the index page that just has the title and summary
#barnabywaltersmgdm: probably not, but it depends a bit on exactly what th content is. typically, if it has content and a published datetime, it could be a valic h-entry
#barnabywaltersbut consider: is it something that people can reply to? how would it look if it showed up in someone’s feed reader?
#mgdmit might make sense but it wouldn't be the right place to get that I guess
#barnabywalterstypically, indieweb index pages have a prominent profile h-card, and maybe an h-feed containing h-entries
#mgdmIt's just my blog. https://mgdm.net/weblog/ is the index, I was going to add h-entry markup to the pages linked from there, but wondered if I could do something on the index
#barnabywaltersthat looks like an ideal candidate for an h-feed, with each item marked up with h-entry
#oodaniis there a clear way to indicate "this is the summary h-entry, there's a more detailed version of this h-entry at u-url"? that seems to be a common pattern
#barnabywalterse.g. I’d recommend putting h-feed on the <body> element, p-author h-card on the a.header-link for a minimal authorship h-card, and h-entry on each of the ul.post-list li elements
#barnabywaltersoodani: marking up only p-summary with no e-content should be sufficient
#GWGbarnabywalters: There's already a draft scope that behaves like your create_draft scope that people have implemented
#barnabywalterscool! yeah I think I saw it mentioned somewhere
#barnabywaltersbtw mgdm I just realised that you have very similar content on https://mgdm.net/, the same h-feed markup would also work fine there, but you could additionally mark up your bio as part of the author h-card, and mark up “Weblog” as the p-name of the h-feed, which is used as a human-friendly feed name in some reader UIs
#[KevinMarks]Yes, p-summary is the way, my homepage is like that kevinmarks.com
#barnabywaltersyeah I noticed that too, might be worth filing an issue or pinging aaronpk about
#barnabywaltersbtw [KevinMarks] etc, there are very few real-world examples on https://indieweb.org/feed, feel free to add yours, noting things like only publishing summaries etc
#sparseMatrixGreat seeing y'all so busy this morning, I thought I was the only one lol
#mgdmYeah it's cool! I use the live editor quite a bit to make diagrams for work
#barnabywaltersis there a “why are the authorization_endpoint and the token_endpoint different when the indieauth spec assumes that they’ll usually be part of the same service” explainer anywhere?
#mgdmguess so (I can see from an OIDC .well-known endpoint that there are separate entries for both of those)
#aaronpkyes it's from oauth, and it's a good design decision
#aaronpkthe authorization endpoint is used when interacting with the user, the token endpoint is used by the application
#barnabywaltershmm okay that doesn’t entirely explain it but I added it to the wiki FAQ
#barnabywaltersis the fact that tokenless login information can be obtained from the auth endpoint also based on OAuth2, or is that a simplicity/backcompat addition carried over from the earliest indieauth implementations?
#aaronpkanother way to say it is the authorization endpoint outputs HTML and deals with cookies and such, the token endpoint only responds to simple HTTP POST requests and outputs JSON
#barnabywalterssure, except for that exception I just mentioned
#aaronpkyep that's a carryover from the first use of indieauth that didn't include access tokens at all
#aaronpki'd like to converge that with oauth next but it's unfortunately a pretty significant breaking change for clients
#barnabywaltersthe fact that both endpoints can in theory be separate services, and that how they interact isn’t covered in detail in the spec, never fails to confuse me
#aaronpkso in practice we found that basically that wasn't happening
#aaronpkso we removed the communication between the two from the spec
#barnabywaltersam I right in thinking that micropub endpoints must not accept access_tokens via a query string parameter, e.g. on GET q=config requests where they can’t provide a request body?
#barnabywaltersand that in those cases, the authorization must be provided via an Authorization: Bearer header?
#jamietanna[m]Snarfed sorry, so I sorted the authentication issue I had, but now it looks like I've got a threading issue 😂 hopefully will get some progress on it this weekend
[tantek], [tw2113_Slack_] and aaronpk joined the channel
#[tw2113_Slack_]wrong twitter account and everything
[tw2113_Slack_], [tantek]1, jamietanna, [chrisaldrich], themaxdavitt, peterrother, stacktrust_, jbove, ludovicchabant and sparseMatrix joined the channel