#dev 2021-12-23

2021-12-23 UTC
#
edgeduchess[d] wait do i need an account to edit the wiki? and do i need an indieauth endpoint to have an account?
#
aaronpk no and no. there are no wiki "accounts", but you do need to sign in to the wiki. you can sign in with indieauth, or you can sign in via one of the other supported providers linked to your domain https://indielogin.com/setup
#
Loqi How to Set Up Your Website for IndieLogin.com
#
edgeduchess[d] good to know, thank you! I don't have time get this setup done now but I'm going to make a note and I'll make sure to put this up next time I go update my website
feoh and gRegor joined the channel
#
GWG I had this idea of adding additional importers/exporters to WordPress, but wasn't a priority
#
[tantek] GWG, I think the question is one of would it be worth it trying to spin that out as a project separate from WordPress as a general import/export utility for blog-like things
#
[tantek] and then yes, add additional importers/exporters to that
#
GWG [tantek]: Didn't [manton] propose a standard for export at the second IWC Austin?
KartikPrabhu joined the channel
#
[tantek] yes and I believe he subsequently implemented it!
#
GWG [tantek]: I was trying to find the reference.
#
[tantek] what was IWC Austin
#
Loqi IndieWebCamp Austin 2020 is February 22-23, 2020 in Austin, Texas; the third IndieWebCamp in Austin https://indieweb.org/IWC_Austin
#
GWG It was 2020?
#
GWG I was remote in 2020. I was there in 17 and 19.
#
[tantek] GWG, it looks like it got somewhat discussed in https://indieweb.org/2019/Austin/webio but I don't see any specific details
#
[jacky] I'd like to pair on something like that once I get my grounding for my social reader going (again)
chrisaldrich and gRegor joined the channel
#
gRegor what is blog archive format
#
Loqi blog archive format is a data format proposed by Manton Reece for the export of a blog, based on a zip file and top level HTML h-feed inside, that is supported by micro.blog https://indieweb.org/blog_archive_format
#
gRegor yeah, 2019. https://indieweb.org/2019/Austin/Demos#Manton_Reece
#
[tantek] export << blog archive format
#
Loqi ok, I added "[[blog archive format]]" to the "See Also" section of /export https://indieweb.org/wiki/index.php?diff=78549&oldid=75460
#
[tantek] import << blog archive format
#
Loqi ok, I added "[[blog archive format]]" to the "See Also" section of /import https://indieweb.org/wiki/index.php?diff=78550&oldid=41939
#
[tantek] blog archive format << import
#
Loqi ok, I added "[[import]]" to the "See Also" section of /blog_archive_format https://indieweb.org/wiki/index.php?diff=78551&oldid=66143
#
[tantek] blog archive format << export
#
Loqi ok, I added "[[export]]" to the "See Also" section of /blog_archive_format https://indieweb.org/wiki/index.php?diff=78552&oldid=78551
#
GWG I'm trying to figure out why this RSVP isn't parsing properly.. https://tracydurnell.com/2021/10/25/indieweb-friday-funday/ Anyone?
#
aaronpk looks like there's some extra escaping happening
#
aaronpk maybe because of this? https://i.imgur.com/PYmKv8k.png
#
GWG aaronpk: I'm trying to figure out what. It's something on the wordpress side, but only in that theme
#
[tantek] GWG, I stopped when I noticed no p-rsvp in the JSON: https://pin13.net/mf2/?url=https://tracydurnell.com/2021/10/25/indieweb-friday-funday/
#
[tantek] inlinestyleattribute--
#
Loqi inlinestyleattribute has -1 karma over the last year
#
Loqi [Tracy Durnell] IndieWeb Friday Funday
#
GWG [tantek]: Inline style was to avoid a fatwigoo situation. But either way, there is a p-rsvp. Something is messing it up
#
[tantek] GWG, did you try the W3C validator?
#
aaronpk check that part i highlighted, it's messing up the html parser
#
[tantek] which the W3C validator would catch as well. GWG, https://validator.w3.org/
#
GWG aaronpk: I just took it out on a test page and it didn't seem to fix.
#
aaronpk GWG: new theory: there is no h-entry class
#
[jacky] is it intended behavior for indielogin.com to _not_ provide `grant_type=authorization_code` ? I think my indieauth server might be out of whack but I'm noticing that it doesn't seem to provide that when redeeming at the authorization-endpoint
#
aaronpk [jacky]: uhoh no that doesn't sound right
#
GWG aaronpk: That would make much more sense
#
[jacky] I don't see it in the query string coming back to my server
#
aaronpk [jacky]: i think it's using an old version of the indieauth client!
#
[jacky] ahh gotcha!
#
aaronpk i didn't realize i forgot to update that one, my bad
#
gRegor does that mean it didn't have pkce? I could have sworn it did when I was updating indiebookclub
#
gRegor er, not indiebookclub. my indieauth endpoint
#
aaronpk i think i added pkce earlier than the spec update
#
GWG [tantek], aaronpk: Thanks for that. It's fixed now on tracydurnell[d]'s site
#
tracydurnell[d] thank you all!
#
gRegor I need to rethink how I link author information in my permalinks. Notes use u-author to the homepage for the h-card there, but I'd like to use different profile photos over time
#
gRegor so probably back to including a mini h-card in each post
#
[jacky] no prob! I was debating having my client default to `authorization_code` but I think it's best to expect it
#
gRegor Ah, I do default it to authorization_code if grant_type isn't provided, probably why I didn't catch it
#
[jacky] I'm tempted to add that tbh
#
[jacky] only so I can log into the wiki lol
#
gRegor Seems reasonable for backcompat
#
gRegor Hm https://github.com/aaronpk/indielogin.com/issues/69
#
gRegor has no recollection of starting that issue, hah
#
gRegor looks right at a glance. not sure. https://github.com/aaronpk/indielogin.com/blob/d233e371851e88ec66072c4c5d5fc2c2983e1b85/app/Provider/IndieAuth.php#L62
#
gRegor wait these are sent by POST, right? Wouldn't be in the query string
#
aaronpk Oh right I forgot it doesn't use all the library and it does a bunch of it manually for debugging
#
aaronpk yeah POST
#
aaronpk So it should be there already
[snarfed] joined the channel
#
[snarfed] gRegor: sorry for the trouble! what do you see in the Bridgy browser extension's options page? it has status and debugging info. does it show your domain as registered, and Instagram as logged in, connected, and polling?
#
[snarfed] actually, I see the right requests. odd, most of it is working fine, but we're not finding a post in the permalink HTML it's sending. mind filing an issue? not sure what's going on yet, will debug.
#
GWG That PKCE comment reminds me of the question of when I should start rejecting non PKCE attempts at my endpoint
#
capjamesg[d] !tell gRegor Could you assist me with an indiebookclub login issue?
#
Loqi Ok, I'll tell them that when I see them next
#
capjamesg[d] (it's probably an issue with my IndieAuth endpoint)
saptaks, neceve, tetov-irc, kogepan and jamietanna joined the channel
#
jamietanna GWG re your client information, what about fetching + storing the data in the WP database, then you can centrally manage it? I.e. I've got https://gitlab.com/jamietanna/jvt.me/-/tree/master/data/apps that I then look up each client's info from on rendering, so at least it's only done once?
#
jamietanna Not sure what deduplication you'd want to do per token though :thinking:
Eddy04[d] joined the channel
#
GWG jamietanna: Each client would have a local id number... and the token would just store that id to look up the data.
#
GWG The same id can then be attached to posts to indicate attribution
#
GWG I probably should use the url over the id
[JampiDotNet], KartikPrabhu1 and [manton] joined the channel
#
@MeritzPress Where a flower blooms tonight, Devout and purple, With a rift for a hollow power, That shivers it springs from a root - from Pluck At The Offering, Barbarity. Free excerpts. Order at http://amzn.to/2CF8fts or kindle http://amzn.to/2CV3tw4 #literature #writer #indieauth (twitter.com/_/status/1474059987177590796)
KartikPrabhu joined the channel
#
jamietanna aaronpk any reason Aperture only uses `read` scope instead of `channels`?
#
aaronpk i think because it *is* the microsub server, it's not asking for access to the microsub server
#
aaronpk the scope would be if a microsub client wanted to manage the channels in Aperture
#
jamietanna Ah gotcha, that's fair
#
aaronpk might need some further thought on that though
#
jamietanna I guess yeah it doesn't really matter which scopes it has, cause as you say it can do what it wants
#
jamietanna I wonder if moving to `channels` would make more sense at a first glance? Or whether there's a different scope wanted / whether we even need a token?
#
aaronpk i'm starting to wonder if there's a better solution for the case of resource servers being completely separate from the rest of someone's website, to avoid the need for looking up the token info on every request
#
aaronpk in oauth terms we're forced into the model of using the token introspection endpoint, since we haven't forced everyone to use JWTs for access tokens or whatever
#
sknebel is there some general suggestions a la "you can cache that 120 seconds as long as requests are from the same IP"?
#
aaronpk i think it's pretty specific to the particular request being made
#
aaronpk like a read-only request might be okay with a longer cache time than a request to do something destructive like delete a channel
pmn joined the channel
#
pmn how do i match div but not img inside that div?
#
pmn this is for userContent.css to do a simple dark theme by reverting color and background-color
#
KartikPrabhu pmn: this is in JS?
#
KartikPrabhu or CSS?
#
KartikPrabhu oops sorry just saw you said CSS
#
KartikPrabhu in CSS a ".div" only matches a <div> element
#
pmn KartikPrabhu: css
#
pmn div.not(img) ?
#
KartikPrabhu yes that also works but you have be mindful of specificity
#
KartikPrabhu is a "div" CSS rule not working for some reason?
#
pmn div works but then images are all black
#
pmn https://gist.github.com/269867eae8c4d17dc4bc5944d3857534
#
KartikPrabhu holy moly! so many !important things
#
KartikPrabhu I don't even know where to start since you'd have to figured out the specificity of everything
#
pmn oh, sorry, just grep for div.not
#
pmn or let me clean that up; the ``:root`` bit doesn't matter, i guess
#
pmn s/root/reset-this/
#
KartikPrabhu "div.not(img)" does not so anything. it is saying "pick a div which is not img"
#
KartikPrabhu do*
#
pmn https://gist.github.com/31b724306ea29ad7ee0d756c13130042
#
pmn KartikPrabhu: right, i want to pick *all* elements div and subclasses(?) of div and rever the color on them
#
KartikPrabhu by subclasses you mean children in the HTML
#
KartikPrabhu div>* picks all children of a div
#
KartikPrabhu https://developer.mozilla.org/en-US/docs/Web/CSS/Child_combinator
#
pmn and how do i exclude 'img' from that set of children?
#
pmn i'm reading the doc
#
KartikPrabhu div>*.not(img) I guess
#
KartikPrabhu note ">" only picks direct children for all children use https://developer.mozilla.org/en-US/docs/Web/CSS/Descendant_combinator
gRegor joined the channel
#
gRegor capjamesg, sure, how can I help?
#
Loqi gRegor: capjamesg[d] left you a message 9 hours, 25 minutes ago: Could you assist me with an indiebookclub login issue?
#
pmn KartikPrabhu: thanks, good stuff
#
KartikPrabhu MDN docs are very useful
#
capjamesg[d] MDN++
#
Loqi MDN has 1 karma over the last year
#
capjamesg[d] gRegor I get a "The authorization server did not return a valid response" message. I'm getting a message from my bot telling me that the auth went through.
#
capjamesg[d] Maybe there's something wrong with my response?
#
pmn KartikPrabhu: more general question i have, what's the order of evaluation? is css procedural? where does userContent.css fit it? is it "injected" at the top or or bottom? (before/after?)
#
KartikPrabhu CSS is executed in the order that it appears in the HTML document
#
gRegor I think that's an IndieAuth\Client (PHP lib) message, let me check the conditions that happens.
#
KartikPrabhu and within one file CSS is executed top to bottom unless over ruled by "specificity"
#
KartikPrabhu which is why I was stunned by the (frankly absurd) amount of "!important"
#
KartikPrabhu "!important" overrules almost everything
#
pmn KartikPrabhu: that's the idea i guess. i want all pages, more or less, look the same.
#
capjamesg[d] Thank you gRegor. I can authenticate with other clients so I wondered what could be wrong.
#
gRegor capjamesg[d], it looks like the response doesn't have a `me` and that's a fallback error message https://github.com/indieweb/indieauth-client-php/blob/2ebd8396913ae8c72438dc24f037c8e1717b66ed/src/IndieAuth/Client.php#L121
#
capjamesg[d] That's strange. Let me see what's going on.
#
gRegor Let me see if I can safely expose more error information on indiebookclub end though
#
KartikPrabhu pmn: it will depend on when your useContent.css is called by the browser
#
gRegor capjamesg[d], what's your site btw? Do you have a micropub endpoint too, or just authenticating?
#
capjamesg[d] https://jamesg.blog
#
KartikPrabhu pmn: is this a user-side style sheet?
#
capjamesg[d] The auth endpoint discovery works fine. I do have a Micropub endpoint too.
#
gRegor Is the headline on the error page "indieauth_error" or something else?
#
pmn KartikPrabhu: yes
#
capjamesg[d] invalid_request
#
KartikPrabhu ok then most likely the browser gives this stylesheet more weight that any the page loads
#
pmn toolkit.legacyUserProfileCustomizations.stylesheets
#
KartikPrabhu so you should not need to use "!important" on everything
tetov-irc joined the channel
#
capjamesg[d] Do you query /token or /auth gRegor?
#
pmn KartikPrabhu: not exactly, in dev console i see things coming after userContent.css from the side. on MDN e.g. webpack://path/to/_base.scss
tetov-irc joined the channel
#
KartikPrabhu hmm those might be browser defaults or something
tetov-irc joined the channel
#
pmn hightly doubt it since say wikipedia.org doesn't have that
#
KartikPrabhu weird
#
gRegor capjamesg[d], Can you check your code for the conditions where it sets "invalid_request"? I'm wondering if it's balking at the PKCE `code_verifier` when the authorization code is exchanged.
#
gRegor IndieAuth\Client will use rel=authorization_endpoint and rel=token_endpoint as appropriate, so I don't think that's it. Those rels all look in order on your end.
#
capjamesg[d] Which one does indiebookclub query?
#
gRegor Both. Authorization flow starts at the authn endpoint, after you sign in and approve on your end, sends an authn code back to IBC. IBC then exchanges that code with the token endpoint for an access token.
#
capjamesg[d] https://cdn.discordapp.com/attachments/866577430886350869/923633813064646756/Screenshot_from_2021-12-23_17-50-51.png
#
capjamesg[d] Let me know if you can't see the screenshot.
#
gRegor That's almost all in IndieAuth\Client so I'm pretty sure that's working correctly
#
capjamesg[d] Yep. It must be on my end. I just haven't seen this before 🤦
#
capjamesg[d] Oh wait...
#
gRegor that code looks like part of the authn endpoint. you want to look for "code_verifier"
#
gRegor This part of the spec: https://indieauth.spec.indieweb.org/#request
#
capjamesg[d] I know what the issue is now.
#
capjamesg[d] Thank you gRegor++
#
Loqi gRegor has 3 karma in this channel over the last year (19 in all channels)
#
gRegor Oops, used abbreviations too quickly. Meant authz.
#
gRegor Welcome!
[chrisbergr] joined the channel
#
capjamesg[d] It's working now!
#
capjamesg[d] Is there an antipattern for introducing too many taxonomies onto your site?
#
capjamesg[d] (i.e. watches, reading, articles, likes, reposts)
angelo joined the channel
#
gRegor Yay capjamesg[d]!
#
Loqi giggles
#
GWG aaronpk: Speaking of token introspection endpoints...
#
capjamesg[d] What is a taxonomy?
#
Loqi taxonomy is an explicitly curated, often designed, set of categories or labels, often hierarchical as well, in contrast to the folksonomy of tags and hashtags https://indieweb.org/taxonomy
[Joe_Crawford], kogepan and [tonz] joined the channel
#
[tantek] just had to help my dad find the sign-in link on GitHub.com because it was so hidden in the top right corner as compared to the giant green Sign-up button, and when he tried to enter his username or email in the large text box next to Sign-up, instead of being directed to a sign-in flow, he was given an error that someone else already has an account with that username/email
#
[tantek] WTAF GitHub--
#
Loqi GitHub has -1 karma in this channel over the last year (-2 in all channels)
#
[tantek] I thought this was like sign-up/sign-in flow 101
#
[tantek] how are sites still getting this wrong?
tetov-irc joined the channel