#dev 2022-05-04

2022-05-04 UTC
[aciccarello]1, AramZS, Seirdy, [timothy_chambe] and [Chris_Lott] joined the channel
#
[fluffy] I don’t know of anything that supports indieauth-metadata yet
KartikPrabhu joined the channel
#
GWG [fluffy]: I do
#
[fluffy] ah, cool
#
[fluffy] wait, as a publisher, or as a consumer? I think lots of folks are publishing it now
#
GWG Publisher, I have not yet updated the little consuming code I have
#
@YourOnlyONEofcl Twitter as my comment platform for #Hugo, see example: https://im.youronly.one/snoworld/%EA%B7%B8%EB%A6%AC%EB%93%9C-grid-explained-2022116/ Powered by #IndieWeb #Webmention #Microformats2 with the help of #WebmentionIO and #Bridgy services. (twitter.com/_/status/1521709683656241153)
#
@ChengduLittleA webmention is also sort of hard to use? (twitter.com/_/status/1521714340436451328)
jamietanna joined the channel
#
jamietanna Soon the Go IndieAuth library will support it https://github.com/hawx/indieauth/pull/2
#
Loqi [jamietanna] #2 Add support for IndieAuth Metadata endpoint
#
@ChengduLittleA ↩️ LOL yeah I mean it's not hard technically, but if say I want to comment I need to send something on my website and send a webmention on to yours, it's not exactly noob-friendly XD I want something that's even easier to use so that I could push those things to artists and so on (twitter.com/_/status/1521748030806175744)
reed, [Chris_Lott]1, mambang[m], unrelentingtech, vladimyr, kinduff, Vikasheher[m], lkhrs[m], zack[m]1, cambridgeport90[, callym[m], AramZ-S[m], Caesar[m], AdriaanvanderBer, wiki[m], AshMcAllan[m], JPax[m], diegov, gxt, [tonz] and Seirdy joined the channel
#
omz13 [fluffy]: toolbox.imoxia.com will happily consume indieauth metadata and uses it specifically in its endpoint discovery and unsurprisingly also in its as metadata discovery utilities; those will also lint (in a highly opinionated manner) the data received
#
omz13 talking of toolbox.imoxia.com I recently updated the authorization gate so people using slightly non-compliant ASs should be able to log in and access the goodies behind
jamietanna1 joined the channel
#
jamietanna1 omz13 hmm, any idea why https://www.jvt.me/ breaks on rfc8414 discovery
#
jamietanna1 https://toolbox.imoxia.com/#endpointdisco seems to work for it
#
omz13 yes... the template is borked... though I fixed it... excuse me while I go reprogram it with a very large axe
#
jamietanna1 Ah phew :)
#
omz13 jamietanna1: did that oauth_introspection work?
#
jamietanna1 I didn't give it a real token, so no :D I'll give it one now
#
omz13 fyi oauth_introspection should be labeled very-very-alpha
#
jamietanna1 `json: cannot unmarshal array into Go struct field IndieAuthIntrospectionResponse.aud of type string`
#
jamietanna1 Looks like we're only allowing a string, but rfc7662 says:
#
jamietanna1 > string identifier or list of string identifiers
#
omz13 Which person writing the spec thought it would be a good idea to use multiple types?
#
omz13 And the phrasing in rfc7009 is not quite the same as rfc7662
#
omz13 not 7009 but the introspection spec rfc
#
jamietanna1 > In the special case when the JWT has one audience, the "aud" value MAY be a single case-sensitive string containing a StringOrURI value.
#
jamietanna1 (via rfc7519) so maybe you could just opt to ignore the MAY for now?
#
omz13 7662 says string identifier or list of string ... not array of strings
#
omz13 I'll see if I can tweak my parser... go really prefers strong types.
#
jamietanna1 list == array?
#
jamietanna1 (in JSON)
#
omz13 For an rfc it is a bit too ambiguous ... but as it defers to rfc5719 have to go with what that (string or []string)... am now setting its type to my ambiguous type type
#
@YourOnlyONEofcl Added myself in the #IndieWeb wiki for #Webmention ^_^ https://indieweb.org/Webmention#.E1.9C.8C.E1.9C.93.E1.9C.83.E1.9C.92_.28Yuki.29_with_Hugo_on_im.youronly.one #Hugo with Webmention (twitter.com/_/status/1521773077600043009)
#
omz13 jamietanna1: I pushed out some updates to toolbox.imoxia.com so, in theory, as metadata discovery should work now, and I tweaked oauth introspection but haven't fully tested (but do let me know if it works for your aud of []string)
tetov-irc joined the channel
#
@acegiak ↩️ and for connecting that to cross post to things like twitter and instagram I'm trying to decide if I want to write that functionality and add it to the open source microblogpub project or just use http://brid.gy which would do it automatically for me. (twitter.com/_/status/1521825497524621312)
#
[tantek] AshMcAllan[m], I myself built my own text-POSSE-to-Twitter code (that calls Twitter’s API) because there was no Bridgy at the time, and I was very picky about all the edge cases (documented on /Twitter).
#
[tantek] I updated it to thread @-replies also using the Twitter API
#
[tantek] However once I added support for posting photos/videos, I rather than add more Twitter API code, I put in a separate code path to use Bridgy to POSSE photos/videos to Twitter, Flickr
#
[tantek] and starting now I would definitely use Bridgy rather than write code, so I could focus on more UX-important things
m2m and villasv joined the channel; m2m left the channel
#
villasv Hi folks! I've been studying RelMeAuth and IndieAuth for a day or so but I'm having some trouble understanding the IndieAuth spec. In the Wiki, it says the Authorization Endpoint "is a page where applications can send users to and asking them to identify themselves". But the spec says "The client needs to discover the user's indieauth-metadata endpoint, which provides the location of the IndieAuth server's authorization endpoint".
#
villasv I'm confused because I don't provide "indieauth-metadata" in my personal website yet I'm able to use IndieAuth as an user 🤔 Are these different "users"?
#
villasv Or perhaps am confused about naming. Perhaps I'm actually not able to use IndieAuth the protocol, I'm able to use Web Sign-In thanks to RelMeAuth?
#
[tantek] what do you mean by "I'm able to use IndieAuth as an user" <-- which service / site are you "able to use"?
#
sknebel see the surrounding notes about compatiblity - the metadata-endpoint is new, so not required/supported by many things
AramZS and m2m joined the channel
#
villasv I'm able to use IndieAuth as an user meaning I'm able to sign in in the indie web wiki and the IndieAuth.com test sign in
#
sknebel both support relmeauth - so are you logging in through twitter/github/... then or through something on your site?
#
[tantek] a-ha!. The IndieWeb wiki uses the IndieLogin service. You should no longer use the IndieAuth.com test sign in
#
[tantek] IndieLogin supports RelMeAuth
#
[tantek] as well as IndieAuth
#
[tantek] so that's probably where the confusing is coming from
#
[tantek] Aside: more dev than end user, I met a few kind folks from StoryBlok the past two days (they were one of the sponsors of beyond tellerand) and it's an interesting IndieWeb-adjacent business model that may be worth looking into from the perspective of, perhaps there are other opportunities like this: https://www.storyblok.com/about
#
villasv Ah, definitely that, a naming confusion. So IndieAuth is an alternative to RelMeAuth, got it. Thank you both!
#
[tantek] IndieAuth and RelMeAuth are both protocols, and either (or both together) can be used to implement a Web Sign-in user experience
#
[tantek] IndieLogin.com is an implementation that implements them both
#
villasv Cool. And PGP is also a third alternative, right? Is there a catchy name for this PGP challenge protocol?
#
[tantek] IIRC the use of PGP is via rel=me to a PGP URL
#
[tantek] hence a method of RelMeAuth
#
[tantek] RelMeAuth can work with a variety of URL schemes, not just https
#
[tantek] though perhaps that's worth more explicitly documenting how it can / is expected to work
#
villasv Ah nice, I though RelMeAuth was for OAuth providers only. Thanks again
#
[tantek] RelMeAuth did start that way. Then with implementation experience it was demonstrated it could work for PGP, mailto:, sms: also
#
villasv How does it work with mailto and sms? Sending a link with a sign-in otp?
#
[tantek] yes, re-using the common technique of "click this link to sign-in / reset your pw" where the link is short lived
#
villasv Brilliant, gotta add more rel=me's to my website asap ;-)
#
[fluffy] FWIW this confusion is very common when entering IndieWeb spaces. I ran into the same thing when I started out and it seems like we have this conversation at least once a month with several newcomers. :)
#
[fluffy] Both with confusion over IndieAuth vs RelMeAuth and also the role of IndieLogin.com vs implementing a client yourself.
#
aaronpk Maybe I should stop pretending I'm gonna actually launch a replacement for the other half of IndieAuth.com any time soon and be more proactive about shutting it down
#
[fluffy] Personally I feel like RelMeAuth is sort of worst-of-both-worlds when it comes to splitting the difference between owning your identity and relying on third-party authentication providers, like it means users have to have their own website AND it means that site operators need to implement a whole bunch of stuff in order to support the miasma of multiple silo providers with additional identity verification steps on top of it.
#
aaronpk I just wish there was a good option people could use for integrating into a static site since that's the big missing piece right now. We have micro.blog as a full off the shelf solution, WordPress has a plug-in, and there's selfauth if you can run stuff on a server
#
aaronpk I tend to agree [fluffy]
#
[fluffy] I still self-host a SelfAuth instance for my IndieAuth provider. Hosting a simple PHP thing isn’t particularly onerous.
#
aaronpk getting API keys from these providers isn't trivial anymore and sometimes requires approval steps from them now
#
sknebel that was what indieauth.com did pretty much: be the as-a-service solution for static sites
#
[fluffy] And I still think about building the ‘IndieAuth profile’ service thing that I was talking about way back when I first got active here
#
[fluffy] [sknebel] that felt like the goal yeah but Aaron didn’t want to become a hosted service for that stuff and stopped allowing registration of new client_ids
#
[fluffy] Which is 100% valid
#
aaronpk No that's IndieLogin.com 😅
#
[fluffy] Oh, right :)
#
aaronpk I haven't limited IndieAuth.com at all other than not making updates to it
#
[fluffy] Now I forget why IndieAuth.com ended up being unsuitable for my needs
#
[fluffy] Maybe I was just too confused about what it did and felt more comfortable using SelfAuth?
#
[fluffy] idk this was like 4 years ago now
#
[fluffy] There was definitely a brief period of time when Authl supported IndieLogin.com as a backend when I still had some hope that you might start allowing new client_ids, until I realized that it was completely redundant anyway
#
[fluffy] and also probably added to the confusion
#
aaronpk Realistically what I should have done was launch it at login .indieweb.org and not even have a separate domain for it
#
aaronpk i suppose it's not too late to do that
#
[fluffy] I’ve also thought about maybe building something IndieLogin-esque from Authl so that I could host an “IndieAuth and silo login” service for folks to use since I really like the Authl philosophy (I’m biased, of course) and would like to make it available to folks who don’t want to go all-in on Python.
#
@thejuanlam ↩️ A lot of the features I added (besides the UI overhaul) were QoL improvements. Especially adding @NetlifyCMS for writing posts. Other fts: short story collections / novels are now possible, @indiewebcamp Webmentions, and @anchor widget for stories + poems (twitter.com/_/status/1521861507809787906)
#
jamietanna1 omz13 btw I get `active:𝒕𝒓𝒗𝒆` when doing introspection :thinking: it's returned as `"active": true` in the JSON response
#
jamietanna1 what does "lint: grant_types_supported implies tokens are granted... but response_types_supported inconsistent (no token indication)" mean - do you expect response_types_supported to include "token"?
#
[tantek] [fluffy] that's an inaccurate characterization of how most people that already have their own domains come mostly set up already with existing links to Twitter, GitHub.
#
[tantek] For that set of folks it's less work than IndieAuth proper and you can reuse 2factor from a provider like GH
#
aaronpk The criticism was more on the consuming side
#
aaronpk github is one of the few that still have a reasonable developer flow for registering OAuth apps tho so that's nice
#
[tantek] Yes the consuming code implementation documentation can and needs to be greatly improved no argument
#
[fluffy] it’s the “people that already have their own domain names” that is the problem for me
#
[tantek] I focused first on the user setup / flow since there's usually orders of magnitude more of those in any such system than there are consuming code implementations
#
[fluffy] I wanted to be able to let people log in to my site without owning their own site, and there’s a lot of general authentication use cases which call for that
#
villasv As a newcomer, I appreciate RelMeAuth as a starting point. I understand that I don't fully own my security if I have to rely on a silo, but it's a good first step (like using a custom email address but still rely on Gmail)
#
[tantek] Exactly
#
villasv But I imagine that it's a bit of a nightmare scenario for those implementing it
#
[tantek] [fluffy] I understand that use case too and that's why I implemented consuming Twitter auth directly as well as an alternative to RelMeAuth. Both can be done in the same Web Sign-in UI without any additional controls
#
[fluffy] Yeah, and that’s what Authl does as well.
#
[KevinMarks] OK, making https://indieweb-test.tumblr.com/ to try out adding mf2 to the theme
#
[fluffy] I mostly built Authl because I just wanted to make it easier to provide generic login to a bunch of things, not *just* my IndieWeb sites.
#
[tantek] It's not a reasonable criticism to say RelMeAuth doesn't solve the problems it wasn't designed to solve. That's either a feature request or a pitch for another protocol in addition
#
aaronpk Yeah I was going to say, general logging in to general sites is a huge problem space and not the problem RelMeAuth or even IndieAuth are trying to solve
#
villasv Now that I know that RelMeAuth works with Email and PGP, I think these are ones I'm going to try to focus on really
#
aaronpk in fact, entire billion dollar companies have been created to solve that problem 😉
#
[fluffy] I think it’s fair to criticize RelMeAuth on how difficult it is to implement on the consumer side and also to mention that it also doesn’t solve the problem I was trying to solve.
#
[fluffy] Which is what I thought I was doing.
#
[fluffy] IndieAuth.com as a RelMeAuth-to-IndieAuth proxy is a perfectly fine solution to things, even if it’ll always be limited to only a handful of RelMeAuth-supporting sites. But it also gets very confusing to someone new to the IndieWeb who is trying to understand where all these different protocols and providers fit.
#
@lordmatt Twitter is not exactly friendly for Webmentions https://lordmatt.co.uk/technology/the-internet/social-media/twitter-is-not-exactly-friendly-for-webmentions/ (twitter.com/_/status/1521867055636656130)
#
[tantek] And that's totally fine!
#
[fluffy] My point is just that, for my purposes, I didn’t see it as being useful to implement RelMeAuth directly, because it’s a heck of a lot of work for something that didn’t suit my use case.
#
[tantek] No point in saying this hammer doesn't unscrew screws for me
#
villasv I saw the naming confusion callout both in the Wiki and the Website, and I still got confused lol
#
aaronpk These scissors are terrible, I can't cut my fingernails with them at all
m2m joined the channel
#
villasv btw the name "RelMeAuth" is great, kudos to those involved
#
[fluffy] I feel like that’s an incredibly bad-faith response to what I’m saying, aaron.
#
[fluffy] And I do feel that there is a point in saying it, tantek, because it’s easy to go down a path of trying to use a tool for the wrong job without knowing what the tool is intended for in the first place.
#
[tantek] Now that's a valid criticism, that the tool should better document up front what it's solving and perhaps common misconceptions of what it's not (and what to use instead)
#
[fluffy] Yes, exactly.
#
[tantek] 👍
#
[fluffy] Like on the various wiki pages about setting up RelMeAuth on your website it should ALSO highly recommend adding an authorization_endpoint link to an IndieAuth provider that makes use of RelMeAuth. Adding RelMeAuth links to your profile helps you to log in to indieweb.org but it doesn’t do a whole lot to guide people towards the larger problem of being able to log in to other IndieWeb sites that don’t implement RelMeAuth themselv
#
[tantek] Depends. We know from OpenID 2.0 that any additional setup requests of users are often ignore or done wrong
#
[tantek] So disagree with that “should ALSO” because something very similar (that kind of user setup recommendation) has “user-tested” very poorly
#
[fluffy] I think it’s totally fine to say “after setting up rel=me links on your website, consider adding an authorization_endpoint link to indieauth.com or some other IndieAuth provider”
#
[fluffy] or at least point people to setting up IndieAuth as a recommended, but optional, next step.
#
[fluffy] And saying that indieauth.com is a useful endpoint which will provide IndieAuth functionality for sites which provide RelMeAuth links.
#
[fluffy] Maybe that’s what the wiki actually does say. It’s been a while since I’ve looked and I remember just being confused at the time.
#
villasv Maybe RelMeAuth -> IndieAuth could award some points on IndieMark? Don't know if that's still a thing
#
[tantek] I'd prefer to start removing advice to add indieauth-com as a provider to help break that dependency per what aaronpk was saying
#
[tantek] because I think that advice is actually causing more confusion
scojjac joined the channel
#
villasv The web-sign page doesn't really recommend neither RelMeAuth or IndieAuth, it just mentions both as alternatives
#
[tantek] yes the Web Sign-in page is more written for developers
#
villasv It was the IndieMark page that set me up in the direction of RelMeAuth
#
[KevinMarks] wow https://simonwillison.net/2022/May/4/datasette-lite/
#
omz13 jamietanna1: the introspection is dumb, it simply echoes what the AS returns (if it says true then you have a green light, but in the meta there's additional data to indicate if the time constraints are valid which needs to be taken separately into consideration too)
#
omz13 toolbox's as meta lint information is not quite perfect, and is more of a hint that something does not seem quite right: you've indicated in one place that something is supported/expected, and elsewhere support for that is not there, or vice versa
[Murray] joined the channel
#
omz13 aaronpk: is there a hard date when indieauth.com will be deprecated?
#
[tantek] I think the more interesting question is, how should an IndieAuth provider transition clients to a different service?
#
omz13 jamietanna1: for clarity, the true is displayed in that manner to distinguish between a boolean value and a string value... the dump format is interpretative not literal... if you want literal you need to use toolbox's api directly (and that is not quite yet public)
#
omz13 [tantek]: the more interesting question would be could IndieAuth providers federate so service transition (and HA provision) be easier/possible?
#
omz13 or are you talking about SCIM (System for Cross-domain Identity Management) or about how to redirect from one provider to another?
#
villasv The IndieAuth wiki page instructs the use of rel= authorization_endpoint, but IIUC the latest specs deprecates this in favor of rel= authorization-metadata. Should we edit this already?
#
villasv Oops, the new one is indieauth-metadata
#
[tantek] IndieAuth providers already do federate. Federation is different from /migration
scojj joined the channel
#
[tantek] Web sign-in << To do: clarify this page is written for developers, and where to go as a user.
#
Loqi ok, I added "To do: clarify this page is written for developers, and where to go as a user." to a new "See Also" section of /Web_sign-in https://indieweb.org/wiki/index.php?diff=81254&oldid=81118
#
[tantek] RelMeAuth << To-do: better document up front what it's solving and perhaps common misconceptions of what it's not (and what to use instead) — see https://chat.indieweb.org/dev/2022-05-04#t1651670148029400 and following for specific sources of confusion
#
Loqi ok, I added "To-do: better document up front what it's solving and perhaps common misconceptions of what it's not (and what to use instead) — see https://chat.indieweb.org/dev/2022-05-04#t1651670148029400 and following for specific sources of confusion" to the "See Also" section of /RelMeAuth https://indieweb.org/wiki/index.php?diff=81255&oldid=75674
#
[tantek] what is Tumblr
#
Loqi Tumblr is a popular content hosting silo, especially for found images & video, that explicitly supports multiple types of posts, and through free domain mapping, a content hosting service as well https://indieweb.org/Tumblr
#
[tantek] [KevinMarks] already done: https://indieweb.org/Tumblr#Add_microformats_support (I mean did you check the wiki before saying https://chat.indieweb.org/dev/2022-05-04/1651675787670000 ) ?
strugee_ joined the channel
#
[KevinMarks] I was looking at yours - no h-card or authorship? https://gist.github.com/tantek/ac27fb0f28c41c4fb2a7
#
villasv Answering myself here, looks like IndieAuth.com only supports rel=authorization_endpoint for now and not rel=indieauth-metadata yet. At least this is what it seems at a quick glance in the GitHub repo
#
sknebel Likely, yes
#
GWG IndieAuth.com won't be updated as it is no longer maintained, I believe
jacky and scojjac joined the channel
#
[KevinMarks] Also, the default template has changed since that guide was written
#
[KevinMarks] which is why I am testing it
scojj, jacky, cyborganicLion, scojjac and jjuran joined the channel
#
cyborganicLion Why cant I `import(remote-content-url)` from a javascript module? I can import at the top of a module using `import { * } as variable` but id like to programatically load remote content based on client variables, I am able to do this without wordpress in a browser envioronment but I receive a type error when I attempt to `import(remote-content-url)` within a wordpress envioronment.
#
[fluffy] isn’t `import` a function of requirejs and not actually native to client-side javascript?
#
[fluffy] oh wait sounds like you’re talking about something wordpress-specific. #indieweb-wordpress is probably a better place to ask about that.
#
@brianwisti Puttering on stuff in 15 minute increments is challenging. Floating in my head now: how to do #indieweb Webmentions and h-cards on multiple self-owned sites. A distinct h-card for each site, or point back to one as p-author for entries? (twitter.com/_/status/1521919403872370693)
#
callym[m] is there any easy way of testing an indieauth server (and client I guess) from localhost?
#
[fluffy] but anyway in javascript in general, import/require-type declarations are generally done at build time, not at run time.
#
callym[m] want to make sure things work before pushing things onto the real life open internet
#
jacky callym[m]: I'd say using something like ngrok might help
#
jacky to emulate Internet-facing identities
#
jacky if not that, lots of good unit tests :)
#
[fluffy] @callym What I usually do is run it locally on different ports and use localhost URLs
#
callym[m] cyborganicLion: these days you can do something like `<script type="module" src="LINK TO ES6 MODULE"></script>`, then `<script>import { whatever } from 'LINK TO ES6 MODULE'</script>`
#
cyborganicLion The import(module) expression loads the module and returns a promise that resolves into a module object that contains all its exports. It can be called from any place in the code.
#
[fluffy] oh neat, I didn’t know about that
#
jacky in vanilla JavaScript? I thought only Deno was capable of that
#
jacky b/c IIRC conventional JS can't do that yet
#
[fluffy] yeah it seems like a security nightmare
#
callym[m] https://caniuse.com/es6-module
#
[fluffy] ah, cool
#
callym[m] I guess it's not too different to when we'd do `<script src="cdn.com/jquery@whatever>` security-wise?
#
[fluffy] hm, probably
#
[fluffy] I guess as long as the modules have to be declared in a `<script>` tag and aren’t injectable from the JS side itself
#
callym[m] so if I ran my server through ngrok and used one of the indieauth testing sites (is there a preferred one?), it should work through that?
#
jacky it should (and there isn't a testing site _yet_)
#
[fluffy] I don’t know about a preferred indieauth testing site but if you want something quick-and-dirty to test indieauth you can use https://anyauth.beesbuzz.biz/
#
jacky there's some blog posts to help tho https://aaronparecki.com/2021/04/13/26/indieauth + https://www.jvt.me/posts/2020/12/09/personal-indieauth-server/
#
Loqi [Aaron Parecki] How to Sign Users In with IndieAuth
#
[fluffy] which lets you make arbitrary profile URLs with no access control, and you can also spoof the `me` response to test failures (which is the reason I built it)
#
jacky ooh nice
#
jacky [fluffy]++
#
Loqi [fluffy] has 8 karma in this channel over the last year (29 in all channels)
#
[fluffy] so for example https://anyauth.beesbuzz.biz/alice
#
callym[m] ah cool! so that'd be for testing a client, right?
#
[fluffy] yeah
#
[fluffy] and it’ll totally work with clients that run on localhost
#
callym[m] is there anything similar for a server?
#
[fluffy] indieauth doesn’t actually require that the provider is able to talk to the client
#
[fluffy] you mean like testing if the server will work with the indieauth client you’re developing? I’ve used selfauth running on localhost for that purpose.
#
[fluffy] with the client also running on localhost.
#
[fluffy] (different ports)
#
[fluffy] or if you’re fine with python, running autoauth locally works too 🙂
#
callym[m] the other way round - seeing if my server will work
#
[fluffy] er, anyauth, not autoauth (brainfart)
#
[fluffy] oh, I see
#
callym[m] I'm also working on a client but I can't really run them against each other because they could both be equally wrong
#
[fluffy] authl’s test suite would work for that too
#
[fluffy] yeah
#
cyborganicLion Wait is this channel for all indie web developers or for a specific software package?
#
[fluffy] https://github.com/PlaidWeb/Authl - it comes with a little test client that you can run on localhost (with `./test.sh` which should set up your environment automagically) and that’ll be able to talk to your server also running on localhost
#
[fluffy] it’s for all indie web developers
#
Loqi [PlaidWeb] Authl: A library for managing federated identity
#
[fluffy] I’m only recommending my own stuff because it’s what I’m familiar with 🙂
#
cyborganicLion Cool
#
callym[m] ah perfect, I'll give that a go!
#
callym[m] it looks like the ecosystem is mostly a lot of people rolling their own packages?
#
[fluffy] yeah pretty much
#
[fluffy] that’s why it’s “indie”web 🙂
#
jacky :)
#
jacky artistinal Web
#
[fluffy] art-is-anal web
#
cyborganicLion This is my first time on this server
#
callym[m] same here
#
jacky [fluffy]: lol
#
cyborganicLion I thought for a second there i was in a channel that was specific to a software package lol
#
[fluffy] nope, there’s a couple of packge-specific channels for the bigger ones like Wordpress and Known but this is general development stuff
#
[fluffy] like for the interop protocols and the people trying to implement them
#
[fluffy] well, development in general
#
cyborganicLion I am a self taught developer
#
[fluffy] Lots of us are! Welcome. 🙂
#
[fluffy] (I’m technically self-taught although I did get a degree, primarily to consummate my knowledge)
#
jacky I'm still debating going to school for CS
#
[fluffy] (in the eyes of recruiters, I mean)
#
jacky Evan just posted something about that (about it helping with work)
#
[fluffy] yeah, I can’t say I’ve used much of what I learned from formal education in my career
#
[fluffy] my time in grad school was still mostly self-directed self-taught stuff, so like while I learned a lot of things while *in* school I didn’t learn it *from* school, if that makes sense
[Will_Monroe] joined the channel
#
cyborganicLion I dont think you can ever stop learning about the web
#
jacky never ever
#
cyborganicLion If alien robots land our best bet is html and javascript 😄
jacky joined the channel
#
jacky you know I never considered RelMeAuth to be a 'protocol'
#
jacky I've always seen it as a 'convention'
jacky joined the channel
#
[fluffy] Yeah that makes sense
#
[fluffy] It's in a similar domain to mf2
strugee, jacky, scojjac and scojj joined the channel
#
[tantek] sorta. "rel=me" is in a similar domain to mf2, it's literally a rel microformat
#
[tantek] the authentication protocol built on top of it is RelMeAuth
#
[tantek] on another subject, I saw this but I'm not sure how "real" it is and how much it is basically a piece about a couple of nice-looking websites that seem to be built by one specific web agency: https://www.triplepundit.com/story/2022/internet-sustainable-web/742191
[Scott_Jack], scojjac, scojj, jacky, lagash, joshproehl, [aciccarello] and tetov-irc joined the channel
#
[KevinMarks] wasn't there an h-feed preview built into monocle or xray?