#LoqiRSS is a set of XML feed file formats of varying degrees of use for syndicating time-stamped content from web sites, and sometimes used to refer more broadly to feed file formats as a whole including Atom, or even more broadly in vernacular as a synonym for feed file or even feeds or syndication as a concept https://indieweb.org/RSS
hendursaga, barnaby, [tw2113_Slack_], reed, [KevinMarks], calebjasik, batkin[m], Abhas[m], nekr0z, [tantek], capjamesg and shoesNsocks joined the channel
#GWGbarnaby: I would love to read your library for improvement ideas, although I have already implemented in php for WordPress
chenghiz_, capjamesg, gRegor, [jgmac1106], [schmarty], [kimberlyhirsh], [jacky] and jujudario joined the channel
#gRegorI'm working on IndieAuth server for ProcessWire and was wondering what people thought about the flow when the person isn't logged in to the CMS yet. Should I combine the login + consent in one screen? Or prompt for login like normal, then follow that with the consent screen?
#gRegorYeah, seems it would make it less likely for people to gloss over the permissions they're granting that way. Easier for me to implement, too. :)
#sknebel(also makes integrating 2FA etc easier likely)
#ZegnatI would also split it up. In part because of what sknebel mentioned with 2FA. But also because maybe the CMS can have other plugins modify the login flow behaviour and you should not be getting in the way of that
#barnabygood point. also, it’s not inconceivable that the options displayed on the consent screen might be different for different users
#ZegnatHere is another one: some password managers might remember checkbox states etc and auto-fill those when filling in passwords. This could potentially really mess up consent screens
#LoqiAn authorization endpoint is an HTTP endpoint that micropub and IndieAuth clients can use to identify a user or obtain an authorization code (which is then later exchanged for an access token) to be able to post to their website https://indieweb.org/authorization-endpoint
#barnaby^^^ this all definitely belongs somewhere here
#Loqiconsent screen is the page you see during an OAuth flow that asks whether you want to allow the application you're logging in to to be able to access the data it's requesting https://indieweb.org/consent_screen
#gRegorThanks for confirming my suspicions, all. Will keep them separate
#barnabyoh cool, I’d not seen that page. great to have a collection of UI examples
[tantek], [tw2113_Slack_], KartikPrabhu, capjamesg, reed, batkin[m] and jamietanna joined the channel
#jamietannaZegnat re "1 hour" = "shortlived", I've worked with APIs with a much smaller lifetime. And I guess going to refresh straight away if the token isn't used often can make sense
#jamietannaI'm sure I saw a popular client recently looking at refresh_tokens - maybe Indigenous for Android?