#dev 2021-07-04

2021-07-04 UTC
#
@mattbd
↩️ I've also set it up to enable use of IndieAuth. Current site does this too, but only with Twitter and Github. New one will also support mail, PGP and OpenID
(twitter.com/_/status/1411473929517084678)
[tantek] joined the channel
#
[tantek]
aaronpk++ wow for the Foursquare exporter! One of these days I will stress test that script 😂
#
Loqi
aaronpk has 52 karma in this channel over the last year (141 in all channels)
#
aaronpk
decided to style these like my food posts
#
[tantek]
karaoke? like food?
#
[tantek]
I mean I suppose eating food could be a noisy performance
#
aaronpk
i just mean the visual design of the post
#
aaronpk
now to go update the wiki..
#
aaronpk
lol naming conflict
#
aaronpk
what is performance?
#
Loqi
Performance typically refers to the speed, responsiveness, and initial load of a website https://indieweb.org/performance
samwilson joined the channel
#
aaronpk
oh god
#
aaronpk
all my old posts are going out via activitypub
#
aaronpk
stooooopppp
#
[jacky]
_yikes_
#
aaronpk
i think i caught it after only 2
#
aaronpk
i follow myself from mastodon.social to see this
[fluffy] joined the channel
#
[fluffy]
sure love how much statefulness needs to be maintained on all parties’ parts for activitypub to work right :P
#
aaronpk
huh i don't rememebr when i imported my twitter archive but that's all in there too
#
aaronpk
oh hey i just got the foursquare download link
#
aaronpk
lol "If you would like to download the photos you’ve uploaded to the Foursquare apps, please use the reference links in the file called "photos" to download them to your device.
#
aaronpk
that's a nice hack
#
cambridgeport90[
How'd you get those
#
Loqi
cambridgeport90[: jacky left you a message on 2021-02-14 at 2:52am UTC: I agree to a degree. Things like Gemini are a bit akin to a 'reset' of the Web so that might be harder
[jacky] joined the channel
#
aaronpk
I don't know! This time I finally got a download link a few hours later
#
cambridgeport90[
Is that a new thing, though? I have never been able to download anything directly from Foursquare. Probably because I haven't touched the API?
[tantek] joined the channel
#
[tantek]
TBH I prefer that they didn't bundle all the photos into the download
#
[tantek]
jacky, there's been some brainstorming here that might interest you: https://indieweb.org/h-card#Brainstorming
#
GWG
Okay, I have proof of concept code, I just need a way to test it. Right now it should support receiving and redeeming a code. Next I need to store it
[fluffy], capjamesg, samwilson, [Murray] and jamietanna joined the channel
#
jamietanna
GWG what about querying Micropub config?
Jamietanna1 joined the channel
#
Jamietanna1
(reason being most folks require authentication to access it i.e. https://aaronparecki.com/micropub?q=config so could be a way to prove the token works, although i.e. https://aaronparecki.com/micropub?q=config may (rightfully) require the token to be issued to Aaron, not just by his auth server)
capjamesg joined the channel
#
aaronpk
Yea I would not use micropub config to test an access token issued to an external user...
#
aaronpk
you shouldn't need to test whether the access token works, you can just use it to access something and that will tell you whether it works
[KevinMarks] joined the channel
chenghiz_ joined the channel
#
GWG
aaronpk: Just trying to decide what to access.
#
GWG
Probably the restricted resource
[snarfed] and capjamesg joined the channel
#
GWG
Zegnat: Same question as main?
#
Zegnat
GWG: I have a page where you can request a ticket, and then a ticket is sent to you. Redeeming the ticket for an access token is like 95% in.
#
GWG
So, by my evening?
#
GWG
Not rushing, just planning my day
#
Zegnat
Depends on if I get it done before D&D starts.
ben_thatmustbeme joined the channel
#
Zegnat
What time is it for GWG?
#
Loqi
In GWG's timezone, America/New_York, it is currently 11:27am on July 4
#
Zegnat
Ah, depending on when you think evening starts, I might be able to do a little work after D&D too :P
#
GWG
I might work on this in my evening a bit more. If not, I also have tomorrow off, and may give it some time.
#
GWG
Have a few other things I want to try to do
#
Zegnat
I guess I could flip the question around to: when do you have a ticket endpoint ready for me to send tickets to? ;)
#
GWG
The code is written. I want to test it a bit, and then deploy it. Also, right now it retrieves, but neither stores it nor uses it, so I need to add that
#
Zegnat
Sounds like we both got about equally as far into our implementations, haha
#
GWG
Well, we committed to the 10th
#
Zegnat
Easily going to make that
#
GWG
By tonight I should have the opportunity to build the storage part.
#
GWG
Even if it isn't the final form
#
Zegnat
Also, for requesting a ticket, I have gone the way of a POST with action=ticket, inspired by action=revoke. Not sure if I like it, but could be a fairly acceptable extension on top of this. Maybe.
#
sknebel
GWG: re "what to use for testing", don't you have an API to fetch and parse remote content in one of the plugins? giving that the option to use a token sounds like a useful building block, and its testing UI could be the first demo
#
GWG
sknebel: I do, but I wasn't storing external tokens, so I have to build the store first
#
GWG
I was thinking more how can I programmatically know I got the right version if Zegnat's example is an enhanced version of the same page?
#
GWG
Zegnat: Can I redeem for a page that 404s or 401s otherwise?
#
sknebel
if you include a token, it should throw an error if the token isn't valid
#
aaronpk
also, what would you do differently if you know you got the "right" version?
#
aaronpk
i suspect it doesn't matter if you know
#
Zegnat
GWG: you can do an IndieAuth Token Verification call to check if the token is still valid
#
Zegnat
But requesting my homepage with or without token will always 200
#
sknebel
with wrong token should error IMHO
#
Zegnat
Hmm. True. Just easier to not do so for my first try :P
#
Zegnat
My request ticket form describes that it will not, and points at doing a verification call instead, that is enough documentation for v1
#
sknebel
right now wondering if should shoehorn ticket auth into my existing token auth system
#
sknebel
or if this is a good point of redoing that mess
#
GWG
Okay...I just want to make sure that it's working
#
Zegnat
also a problem with giving an error when the token is wrong: hard to check the token for static resources unless you put the checking on e.g. the server layer
#
GWG
For now, I'll try token verification
#
Zegnat
Yeah, so on my implementation you will be able to do normal indieauth token verification after redeeming a token :) Should work!
#
Zegnat
Now D&D though ... I can ping if I get it uploaded to my site later tonight, GWG
#
GWG
Zegnat: Ditto
#
Zegnat
GWG and anyone else who has a ticket endpoint: https://vanderven.se/martijn/token/ should work, but as I do not have a ticket endpoint yet, it hasn’t been fully tested all the way through :P
#
Zegnat
My homepage does not have any special features yet for when you send a token along, but you can use IndieAuth token verification against that URL for now
#
Zegnat
For the verification, tokens will put your identity in `me` and your ticket endpoint in the `client_id`. I am not sure if it would be a good idea to change that or not. Or if I might want to extend it to add the `resource`.
capjamesg joined the channel
#
GWG
Zegnat++
#
Loqi
Zegnat has 18 karma in this channel over the last year (56 in all channels)
#
Zegnat
Let me know if it works out for you :D
#
GWG
Zegnat: I will shout it to the rooftops
#
Zegnat
Also let me know if it does not work, but maybe not publicly announce my failures just as loudly ;)
#
GWG
Zegnat: It could be my failures too
#
GWG
Hard to tell without investigation
[chrisaldrich] and jamietanna joined the channel
#
Zegnat
has a hand at setting up own code hosting
Guest39 joined the channel
#
GWG
Zegnat: Tried a few tests
#
Zegnat
Any problems? I am just rounding off the D&D set, so I would have time for some questions
#
GWG
I have to check my access logs to see if I got something
#
Zegnat
Gotcha. Hopefully you did, haha. I am not sure what my User-Agent is set as... I should check that tomorrow and add something recognisable
#
GWG
Zegnat: What are you looking for in discovery?
#
GWG
I just watched my logs.
#
GWG
I just see a German IP crawling my root
#
GWG
It isn't doing anything else.
#
GWG
So it's failing at discovery
#
Zegnat
I am looking for ticket_endpoint
#
Zegnat
Either as a Link header, or as a <link> element
#
GWG
rel = what?
#
Zegnat
ticket_endpoint
#
GWG
ticket_endpoint?
#
GWG
Because I have one and I'm not seeing a POST to it
#
Zegnat
What URL?
#
GWG
My test site
#
Zegnat
Give me a minute to get my test env, I'll see if it crawls it detects it when running locally
#
GWG
It isn't necessarily working beyond that point. But...
#
Zegnat
Sure, but you should be getting a POST if you have the endpoint nevertheless
#
GWG
Exactly
#
Zegnat
Can you see if you got a POST now?
#
GWG
Yes.
#
GWG
It just proved I need to fix my code too, but a post came in.
#
GWG
I fixed the first problem.
#
Zegnat
Hmm. That means if comes through if I run it locally :/
#
GWG
How can I trigger more?
#
GWG
I meant my problem. I need to send a bunch of tickets to track my mistakes.
#
Zegnat
There, I got another one triggered
#
Zegnat
The weird thing is, I just load my code locally and paste it in there. Should not be any different from using the live version :/
#
Zegnat
Hmm, yeah, something is wrong with my hosted instance
#
GWG
You just helped me find a bug in code I didn't even write for this.
#
GWG
Want to send a few more?
#
Zegnat
Give me a sec, I might know why my hosted instance is not working. Going to try fix that, so you can send unlimited tickets to yourself while I sleep ;)
#
GWG
Zegnat: Don't let me keep you up too late
#
Zegnat
There! Did you get a request?
#
GWG
Looks like it
#
Zegnat
https://vanderven.se/martijn/token/ should now work! You see it is succesful if you get redirected to my homepage after submitting. It was giving a white page before. Apparently I forgot to chown the SQLite db, so PHP treated it as readonly
#
GWG
I thought the white page was normal
#
Zegnat
The server is set to not publicly write out the PHP errors. And as PHP otherwise renders the site up to the first error … it send basically nothing.
#
Zegnat
I should have tested myself, but I did not have a public place with a ticket_endpoint. Locally I tested by going at local IPs…
#
Zegnat
Thanks for confirming my failure, Loqi! Here, have a cookie :)
#
Loqi
you're welcome, Zegnat
#
Zegnat
Just saw you were able to request a new ticket yourself, GWG. Cool! :)
#
GWG
Zegnat: Still working on figuring out why this code I haven't written today isn't fetching your token endpoint but fetched mine.
#
Zegnat
Shutting down for the night then. Looking forward to checking if you were able to redeem any when I wake up tomorrow ;)
#
GWG
Zegnat: You have no token endpoint header on your subject
#
GWG
The resource you are sending is vanderven.se. No headers though
#
GWG
That's why I'm not redeeming
#
GWG
I hard coded it to change on my end, and I got a token.
#
GWG
Wee..
jamietanna joined the channel
#
jamietanna
Nice work GWG++ and Zegnat++
#
Loqi
Zegnat has 19 karma in this channel over the last year (57 in all channels)
#
Loqi
GWG has 14 karma in this channel over the last year (102 in all channels)
#
GWG
jamietanna: Since Zegnat is the only one sending tickets, I can continue to work on my code till he wakes up tomorrow and fixes the resource
#
GWG
Next I need a token store and UI
#
GWG
Right now, I am just seeing success in the console log
#
jamietanna
Nice - I'm hoping I may get to being able to send / allow redeeming tickets, but not sure
#
Zegnat
GWG. Aah. Hmm. That is an interesting question. But I guess we want the resource to always advertise the token endpoint then?
#
GWG
Zegnat: Otherwise, how would one find it from the ticket?
#
Zegnat
I was not thinking about that. I just set the resource to be the root domain. As I would expect the token to be allowed on any subpage I might host, and not just /martijn
#
Zegnat
Yeah, you are right
#
GWG
At least for now
#
Zegnat
I just saw the resource as a realm alternative, and not neccessarily as the place that had to have the token endpoint
#
GWG
If the endpoint was in the top level header..
#
Zegnat
checks if there is a quick fix
#
GWG
Zegnat: Sorry, thought you went to bed
#
jamietanna
I wonder if maybe we could add a `me` to show who it's allowing access _for_ which then allows looking up the rel=token_endpoint from there?
#
GWG
I just hard coded it for now
#
GWG
Resource is what, subject is who is being invited...I suppose me could be the inviter.
#
Zegnat
iss / issuer I think is the sort of standard name for that in the token space
#
jamietanna
Yeah - for instance I'd also be expecting resource to be possible to be `https://www-api.jvt.me/micropub` which then wouldn't have a rel=token_endpoint
#
Zegnat
GWG do you check http headers for token endpoint or only HTML?
#
Zegnat
jamietanna: yeah, that was my thinking. But GWG is right that would make it impossible to redeem the ticket
#
jamietanna
Zegnat `iss` / `issuer` for what, the me? I'd see `iss` as i.e. `indieauth.jvt.me` rather than `www.jvt.me`, hence thinking `me`
#
Zegnat
I think it would not be a weird requirement for ticket auth to make it possible to find the token endpoint based on iss?
#
GWG
Zegnat: I check for one then the other
#
Zegnat
GWG: then you should now be able to find the token_endpoint in the HTTP headers for vanderven.se
#
jamietanna
Would you think `iss` would be communicated by the POST to `/ticket`? I think naming wise that'd make more sense to be the IndieAuth server's base URL (that could then lead to https://github.com/indieweb/indieauth/issues/43 to auto-discover token_endpoint)
#
Loqi
[aaronpk] #43 Consider using OAuth Server Metadata
#
jamietanna
but not sure we want to require that to be added, too?
#
GWG
jamietanna: One challenge at a time
#
Zegnat
Might as well write it down while we are experimenting
#
Zegnat
Hopefully you no longer need to hard-code now that I added an HTTP header, GWG
#
Zegnat
That should get you unstuck
#
Zegnat
But after 5 hours of D&D, I can only telll you what my character would do with a server, and feel like I do not have the mindspace to come up with alternative solutions right now ;) So I am off to bed. Back in 7 hours or so!
#
jamietanna
Zegnat rethinking further, your point about `iss` makes sense so :+1
[KevinMarks] joined the channel
#
GWG
We can update the ticket page to discuss
#
jamietanna
It's in the Open Questions Zegnat updated :)
#
GWG
For now, I'll have a stable receiver by morning