#dev 2022-02-12
2022-02-12 UTC
prologic joined the channel
# prologic Hey all 👋
# prologic having a bit of trouble with my IndieAuth implemtnation
# prologic And it claims there are no valid rel=me links
# prologic Which I call BS on :)
# prologic Can someone help me out by pointing out my mistakes :D
# prologic Implementation here https://git.mills.io/yarnsocial/yarn/pulls/799
# prologic Oh
# prologic Damn
# prologic How do I properly test my IndieAuth support then?
# prologic Also that seems a bit silly when the webpage clearly says
# prologic "Enter your website" here to test
# jacky namely https://indielogin.com/setup (under "Add links to your existing profiles")
# prologic Or to signin rather
# jacky if you add a authentication endpoint on https://yarn.mills.io, it'll use that
# prologic I have
# prologic I'm clearly missing something
# prologic Oh I need one of those too?
# prologic Should this live on the user profile view?
# prologic Since it's tited to the user account
# prologic Becuase I'm pretty sure the way I've implemented this, the authoriziation endpoint is user specific
# prologic Alrighty
# prologic So really I'm missing the authorization_endpoint rel
# prologic I must have had this a bit backwards
# prologic Is it important to have the rel=me link anywhere at all then
# prologic if I'm basically making Yarn.social pods a valid IndieAuth provider?
# prologic It seems (to me) that rel=me links are more useful on your say home page, blog, and such
# prologic kk
# jacky https://indieauth.spec.indieweb.org/ is the main spec (with the latest changes for more security)
# prologic sorry can you explain to me what POSSE is again?
# Loqi POSSE is an abbreviation for Publish (on your) Own Site, Syndicate Elsewhere, the practice of posting content on your own site first, then publishing copies or sharing links to third parties (like social media silos) with original post links to provide viewers a path to directly interacting with your content https://indieweb.org/POSSE
# prologic it's unclear to me whether we actually follow POSSE tbh
# prologic I'm not sure
# prologic no no all good :)
# prologic I mean the way I think about it is like this
# prologic I have two Yarn.social pods (twtxt.net and yarn.mills.io)
# prologic the later is more of my own / private-use pod
# prologic the former is a multi-user pod with some ~50 active users
# prologic So technically by posting Twts (as we call them, because it's all based on Twtxt)
# prologic I can share the Twt permalinks around anyway as we support content addressing
# prologic e.g: https://yarn.mills.io/twt/gbhnffa
# prologic But I could be misinterpreting POSSE :)
# prologic Okay I'm still doing something wrong here :D
# prologic https://yarn.mills.io/user/james/
# prologic I have setup what I _think_ are the right link(s)
# prologic I might have to go back and re-read the spec
# prologic This is an old PR I'm trying to ressurect
# prologic jacky yeah that's correct, it's more of a decentralised/distributed social media and you're right about the p2p nature (this is actually a thing)
# prologic it's how we fill in missing context and avoiding having to "follow the world" (which is kind of dumb)
# prologic Oh!
# prologic Bahahahaha
# prologic No fucking wonder
# prologic This is totally my fault
# prologic Shit okay so this pod has open profiles turned off
# prologic hmmm
# prologic Is there a way I can do this without opening up profile views?
# prologic Can I just shove this on the / endpoint?
# prologic yeah this is what I'm thinking too
# prologic okay lemme refactor a bit and see how far I get
jan6 joined the channel
# prologic 1 supported and verified providers were found!
# prologic 🥳
# prologic no such template: prompt
# prologic fuck :)
# prologic Something went horribly wrong!
# prologic I'm sorry, there's not much other information available. You should probably file an issue.
# prologic 400 Bad Request
# prologic Hmm
# prologic I'm not sure if it was IndieAuth.com or my implementation
jacky joined the channel
# prologic I'll check my server logs
# prologic yarn_yarn.1.9qrjjqf1yp79@dm6.mills.io | [yarnd] 2022/02/12 01:04:30 (172.70.211.74) "POST /indieauth/auth HTTP/1.1" 400 12 123.259µs
# prologic Hmm I think it happened on my side
# prologic hmm?
# prologic Ok
# jacky (this slightly reminds me to ask what's needed for https://indieauth.rocks)
# prologic yarn_yarn.1.sicxexf4s4p3@dm6.mills.io | time="2022-02-12T01:15:35Z" level=warning msg="error retrieving client information from https://indielogin.com/" error="error: no entry found"
# prologic Hmmm
strugee joined the channel
# prologic OMG
# prologic I literally can't figure out why this isn't working
# prologic I keep getting a 400 on the POST /indieauth/auth request on my side
# prologic But none of my logging codepaths are hit
# prologic wtf?!
# prologic oh!
# prologic I know why
# prologic CSRF!
# prologic I need to exclude this endpoint
# prologic LOL
# prologic foiled by my own security code
# prologic :P
# prologic I mean who doesn't build shit without CSRF protection these days? :D
# prologic Success! 🥳
# prologic 1!
# prologic is that all :D
# prologic geez :)
# prologic I'll have you know Yarn.social supports WebMentions, mf2 and now IndueAuth :P
# prologic we're probably the only IndieWeb compatible social media platform out there :D
# prologic Now...
# prologic Are there any actual real/useful IndieAuth supported websites or services I can really give this a proper go with?
# prologic Of course :D
# prologic But micro.blog is centralised
# prologic and not open source
# prologic So -- for me :)
# prologic part the reason I built yarn.social in the first place :D
# prologic micro.Blob is centralised and NOT open source so -- for me
# prologic Err
# prologic I can't type :D
# prologic Loqi needs to grow some machine learning :P
# prologic into the IndieWeb wiki?
# prologic Nice! I'll give that a go with my @james@yarn.mills.io identity
# prologic *nods*
# prologic I might do that one day
# aaronpk or sunlit for photos https://www.sunlit.io/
# prologic Just because it does make a lot of sense
# prologic And it doesn't violate any of my project's goals
# prologic I can just support the one content type
# prologic Yeah bt micro.blog itself is though
# prologic Yarn.social is decentralised 100%
# prologic HUGE difference
# prologic I'm _trying_ to convince Manton to support Twtxt on microBlog for the "micro blogging"
# prologic But we'll see how that goes
# prologic Yes yes but you're missing my point
# prologic I cannot run my own micro.Blog instance
# prologic it is not open source
# prologic there is no possibility to do self-host
# prologic I've tried all this onece before
# prologic I actually have a micro.Blog account btw ;)
# prologic And https://prologic.blog uses it
# prologic It's good for "full blogging"
# prologic But that's all I use it for
# prologic I'm not really following you sorry
# prologic Perhaps you/I can get on a video call when I'm not about to entertain guests at home
# prologic It's okay :)
# prologic I think we are approaching the same ideals from different angles
# prologic Mien is mostly around the UX and Ease of oeprations
# prologic That's walso we we've open speced everythign :)
# prologic https://dev.twtxt.net
# prologic yarnd is not the only client/software either
# prologic But it's striking a balnace between ease of use/operations and convenience
# prologic In any case, I will consider adding micro.pub support at some point when I understand it a bit more
# prologic Let's find some time to jump on a video call though some day?
# prologic I think we have some ideas that line up, just in slightly different ways
# prologic Sweet 👌
# prologic I'd like that
# prologic And btw I wouldn't implement many of the IndieWeb specs if I didn't find value in them :)
# prologic Which I obviously do :D
# prologic Think of Yarn.social as a combination of Twtxt, WebMentions, Microformatsv2 and IndieAuth (soon) over ya know standard HTTP/Web :D
# prologic No worries!
# prologic I'll def try out the Wiki though
# prologic Next up I'll try to implement IndieAuth login support itself
# prologic So anyone can create an account andn login to any valid Yarn.social pod (at least the multi-user listed ones) easily with their IndieWuth identity
# prologic I find a bit an issue with the wiki
# prologic it assumes http://
# prologic :/
# prologic it perhaps should assume https:// instead?
# prologic Ooops
# prologic my pod is crashing :)
# prologic Bahaha
# prologic I deployed the wrong branch
# prologic Awesome! 👌
# prologic Oh nice!
# prologic That's that radio streaming software right?
# prologic It's kind of funny how I accidentally joined the Indie Web movement :D
# prologic Ooops I think you broke something :D
# prologic :D
# prologic Oh?
# prologic Fuck ok lemme do that :)
# prologic Lovely!
# prologic Now I just wonder what else I have to implement or fix
# prologic But at least the "login" part works
# prologic Some of this don't look right
# prologic But I'll have to figure that out later
gRegor joined the channel
# prologic Username: Yarn.mills.io
# prologic This for example
# prologic I _assume_ this has to do with the JSON data that is returned?
# prologic of which I have very little
# prologic my implemtnation is quite minimal atm
# prologic https://yarn.mills.io/
# prologic Which executed the flows correctly
# prologic Oooh
# prologic I see
# prologic So nothing I've done wrong then
# prologic I was thining I could do something more
# prologic like return back the fact my identity is actually
# prologic @james@yarn.mills.io
# prologic or something
# prologic Ahh
# prologic I see
# prologic Well this won't work very well for multi-user pods then
# prologic So do you have a suggestion for how to improve upon this?
# aaronpk you can do https://yarn.mills.io/james
# prologic Could I also do https://james@yarn.mills.io ?
# aaronpk "Some examples of invalid profile URLs are: https://user:pass@example.com/ - contains a username and password"
# prologic And in your example it would actually be more like https://yarn.mills.io/~james
# prologic So with my current implemtnation
# prologic it won't really matter whether I enter https://yarn.mills.io or https://yarn.mills.io/~james right?
# prologic But in the later case it'll set my username to Yarn.mills.io/~james ?
# prologic Yeah the authorization_endpoint is on all views
# prologic I don't think I can delete this account?
Seirdy joined the channel
# prologic Oh I see
# prologic LOL
# prologic Fine I'll just logout then and try again with https://yarn.mills.io/~james
# prologic Bt what did you mean by different profilles?
jacky and GWG joined the channel
# prologic Yes which pods already have; e.g: https://twtxt.net/~prologic
# prologic which you can validate yourself with an mf2 validation tool
# prologic But what's the relation/improtance here with indieauth?
KartikPrabhu joined the channel
sp1ff joined the channel
# prologic [14:39:40] <+aaronpk> so if your IndieAuth endpoint returns profile URLs with a path component, then every user of that server will be treated as a different user. If it only returns the domain name part then every user will look the same <-- How do I do this in my implemtnation?
# Loqi It looks like we don't have a page for "indieauth servers" yet. Would you like to create it? (Or just say "indieauth servers is ____", a sentence describing the term)
# Loqi It looks like we don't have a page for "indieauth providers" yet. Would you like to create it? (Or just say "indieauth providers is ____", a sentence describing the term)
# jacky indieauth providers is /IndieAuth#IndieAuth_Providers
zachburau[d], hans63us[d], rattroupe[d], Jeremiah[d], wackycity[d], mossymaker[d], shaunix[d], aaronpk[d], Zegnat[d], Ramon[d], sarahd[d], aspenmayer[d], petermolnar, Asaf_Agranat[d], sayanarijit[d], edburns[d], daiyi[d], corenominal[d], Christian_Olivie, antrdnv[d], dovedozen[d], Seb[d], MarkJR84[d], Eddy04[d], hoenir, Myst[d], marksuth[d], capjamesg[d], balupton[d], Murray[d] and P1000[d] joined the channel
# prologic hmm
# prologic There are 3 endpoints GET /indieauth/auth POST /indieauth/auth and GET /indieauth/callback
# prologic The POST endpoint returns some JSON data
# prologic Hmm
# prologic I think I've read enough about the spec to understand Profile URLs
# prologic But I think the problem I have is if I don't tie the authorization endpoints to users somehow, e.g: /indueauth/:username/auth
# prologic I lose that piece of information
# prologic hmmm
tetov-irc, doosboox0, Noidea, prologic, nertzy, Ruxton and baracurda joined the channel
# Zegnat https://indieweb.org/website-analytics#Offen seems like a really cool analytics project, and I now wished everyone was using it. It is so interesting to go and see my browsing history for a site, _on the site_.
# Zegnat h/t doubleloop[m] who linked to https://resonate.is/ where I first discovered this
P1000[d] and [manton] joined the channel
# aaronpk but if i add me=http://localhost:8080 then it works
# EvanBoehs[m] Is there any active attempts to work on indieauth? There seems to be no flagship implementation on the wiki page
# aaronpk but what i would like to see on /IndieAuth is both: a list of places you can log in to once you have your own indieauth set up, and a list of ways to set up indieauth on your website
# EvanBoehs[m] <Zegnat> "What would a "flagship implement..." <- Sorry, I meant services like indielogin, listed [here](https://indieweb.org/IndieAuth#Implementations). To be clear, I'm looking to self host one on my own server, but indielogin/indieauth looks designed to be for many people, and the other ones lack documentation, examples, etc
# EvanBoehs[m] indie login is great, but I'm just not convinced it's the best service to selfhost for my domain, and I'm not positive there is one of these services
# EvanBoehs[m] * aar''onpk's 's indie login is great, but I'm just not convinced it's the best service to selfhost for my domain (looks like it was built for many many users), and I'm not positive there is one of these services that is designed to be used by one user only
# EvanBoehs[m] If not, I'll just write it myself
jacky and barnaby joined the channel
# capjamesg[d] I need a bit of help planning how to recrawl sites for IndieWeb search.
# capjamesg[d] Is it worth recrawling whole sites every few days?
# capjamesg[d] Right now the engine only recrawls feeds which isn’t ideal.
# EvanBoehs[m] <aaronpk> "indielogin.com is not an..." <- Yeah, are there any?
# jacky prologic: someone actually wrote IndieAuth logic in Go https://github.com/hacdias/indieauth
# capjamesg[d] I also have my own open-source IndieAuth implementation but there isn't a public hosted version.
# EvanBoehs[m] Yeah ok most of these looks like libraries, time to write my own!
baracurda joined the channel
# Zegnat A lot of the time people already have some form of auth they use on their own site. To access a CMS or for other things. By offering lots of libraries, hopefully it will be easy for people to use their existing login experiences as an indieauth provider. Atleast that is how I have always thought of it.
alex11, balupton[d], hoenir, shaunix[d], indieweb-irc-bri, wackycity[d], Nezteb[d], capjamesg[d], rattroupe[d], Jeremiah[d], Myst[d], edburns[d] and aspenmayer[d] joined the channel
dovedozen[d] joined the channel
# [KevinMarks] It's in the enclosure spec for podcasts so makes sense to have that for mf2 as well
petermolnar, aspenmayer[d], shaunix[d], hoenir, indieweb-irc-bri, Jeremiah[d], balupton[d], edburns[d], rattroupe[d], Nezteb[d], wackycity[d] and Myst[d] joined the channel
# [snarfed] [jacky] granary goes to some effort to both consume and emit duration for audio and video: https://indieweb.org/duration
# [snarfed] also file size, https://indieweb.org/size , which there's less consensus/precedent for
capjamesg[d] joined the channel
# [snarfed] I had to write an ISO 8601 duration parser too, both directions. did not appreciate it. https://github.com/snarfed/webutil/blob/main/util.py#L804-L855
daiyi[d] joined the channel
tracydurnell[d], nertzy, jamesravey[m], barryf[d], Asaf_Agranat[d], baracurda, Murray[d] and tetov-irc joined the channel; prologic left the channel