#dev 2021-06-07

2021-06-07 UTC
jjuran, rrix, gerben, gRegor, [tantek], capjamesg and hendursa1 joined the channel
# 09:50 
capjamesg What is rss?
# 09:50 
Loqi RSS is a set of XML feed file formats of varying degrees of use for syndicating time-stamped content from web sites, and sometimes used to refer more broadly to feed file formats as a whole including Atom, or even more broadly in vernacular as a synonym for feed file or even feeds or syndication as a concept https://indieweb.org/RSS
hendursa1 and mikeputnam joined the channel
# 13:20 
@freekmurze Webmentions are awesome!
https://freek.dev/1406-how-to-add-webmentions-to-a-laravel-powered-blog

https://twitter.com/vaugenwake/status/1401889444811182080 (twitter.com/_/status/1401890511468777478)
hendursaga, barnaby, [tw2113_Slack_], reed, [KevinMarks], calebjasik, batkin[m], Abhas[m], nekr0z, [tantek], capjamesg and shoesNsocks joined the channel
# 16:03 
GWG barnaby: I would love to read your library for improvement ideas, although I have already implemented in php for WordPress
chenghiz_, capjamesg, gRegor, [jgmac1106], [schmarty], [kimberlyhirsh], [jacky] and jujudario joined the channel
# 18:13 
gRegor I'm working on IndieAuth server for ProcessWire and was wondering what people thought about the flow when the person isn't logged in to the CMS yet. Should I combine the login + consent in one screen? Or prompt for login like normal, then follow that with the consent screen?
# 18:13 
gRegor I'm leaning towards the latter
# 18:15 
sknebel That is afaik the more common pattern
[jeremycherfas] joined the channel
# 18:15 
sknebel Two simpler screens
# 18:16 
gRegor Yeah, seems it would make it less likely for people to gloss over the permissions they're granting that way. Easier for me to implement, too. :)
# 18:16 
sknebel (also makes integrating 2FA etc easier likely)
# 18:17 
barnaby agreed, split them into two stages
# 18:39 
Zegnat I would also split it up. In part because of what sknebel mentioned with 2FA. But also because maybe the CMS can have other plugins modify the login flow behaviour and you should not be getting in the way of that
# 18:41 
barnaby good point. also, it’s not inconceivable that the options displayed on the consent screen might be different for different users
# 18:42 
Zegnat Here is another one: some password managers might remember checkbox states etc and auto-fill those when filling in passwords. This could potentially really mess up consent screens
KartikPrabhu joined the channel
# 18:43 
barnaby what is authorization endpoint
# 18:43 
Loqi An authorization endpoint is an HTTP endpoint that micropub and IndieAuth clients can use to identify a user or obtain an authorization code (which is then later exchanged for an access token) to be able to post to their website https://indieweb.org/authorization-endpoint
# 18:43 
barnaby ^^^ this all definitely belongs somewhere here
# 18:44 
gRegor what is consent screen
# 18:44 
Loqi consent screen is the page you see during an OAuth flow that asks whether you want to allow the application you're logging in to to be able to access the data it's requesting https://indieweb.org/consent_screen
# 18:44 
gRegor Thanks for confirming my suspicions, all. Will keep them separate
# 18:44 
barnaby oh cool, I’d not seen that page. great to have a collection of UI examples
# 18:45 
gRegor yeah it's been helpful!
[tantek], [tw2113_Slack_], KartikPrabhu, capjamesg, reed, batkin[m] and jamietanna joined the channel
# 19:46 
jamietanna Zegnat re "1 hour" = "shortlived", I've worked with APIs with a much smaller lifetime. And I guess going to refresh straight away if the token isn't used often can make sense
# 19:47 
jamietanna I'm sure I saw a popular client recently looking at refresh_tokens - maybe Indigenous for Android?
# 19:54 
jamietanna nope it wasn't hmm
reed, calebjasik, Abhas[m], batkin[m] and nekr0z joined the channel
# 20:00 
jamietanna do many servers support expiring tokens? I think not
[jacky] joined the channel
# 20:01 
[jacky] My old site did passively and I'm carrying that functionality into Sele
# 20:01 
jamietanna expiry? awesome
# 20:04 
[jacky] yeah - I felt like it's handy to have to also encourage token hygiene
# 20:09 
GWG I still need to add the expiry interface to mine
[chrisaldrich] and [kimberlyhirsh] joined the channel