#dev 2022-05-04
2022-05-04 UTC
[aciccarello]1, AramZS, Seirdy, [timothy_chambe] and [Chris_Lott] joined the channel
KartikPrabhu joined the channel
# @YourOnlyONEofcl Twitter as my comment platform for #Hugo, see example: https://im.youronly.one/snoworld/%EA%B7%B8%EB%A6%AC%EB%93%9C-grid-explained-2022116/
Powered by #IndieWeb #Webmention #Microformats2 with the help of #WebmentionIO and #Bridgy services. (twitter.com/_/status/1521709683656241153)
# @ChengduLittleA webmention is also sort of hard to use? (twitter.com/_/status/1521714340436451328)
jamietanna joined the channel
# jamietanna Soon the Go IndieAuth library will support it https://github.com/hawx/indieauth/pull/2
# @ChengduLittleA ↩️ LOL yeah I mean it's not hard technically, but if say I want to comment I need to send something on my website and send a webmention on to yours, it's not exactly noob-friendly XD
I want something that's even easier to use so that I could push those things to artists and so on (twitter.com/_/status/1521748030806175744)
reed, [Chris_Lott]1, mambang[m], unrelentingtech, vladimyr, kinduff, Vikasheher[m], lkhrs[m], zack[m]1, cambridgeport90[, callym[m], AramZ-S[m], Caesar[m], AdriaanvanderBer, wiki[m], AshMcAllan[m], JPax[m], diegov, gxt, [tonz] and Seirdy joined the channel
jamietanna1 joined the channel
# jamietanna1 omz13 hmm, any idea why https://www.jvt.me/ breaks on rfc8414 discovery
# jamietanna1 https://toolbox.imoxia.com/#endpointdisco seems to work for it
# jamietanna1 Ah phew :)
# jamietanna1 I didn't give it a real token, so no :D I'll give it one now
# jamietanna1 `json: cannot unmarshal array into Go struct field IndieAuthIntrospectionResponse.aud of type string`
# jamietanna1 Looks like we're only allowing a string, but rfc7662 says:
# jamietanna1 > string identifier or list of string identifiers
# jamietanna1 > In the special case when the JWT has one audience, the "aud" value MAY be a single case-sensitive string containing a StringOrURI value.
# jamietanna1 (via rfc7519) so maybe you could just opt to ignore the MAY for now?
# jamietanna1 list == array?
# jamietanna1 (in JSON)
# @YourOnlyONEofcl Added myself in the #IndieWeb wiki for #Webmention ^_^
https://indieweb.org/Webmention#.E1.9C.8C.E1.9C.93.E1.9C.83.E1.9C.92_.28Yuki.29_with_Hugo_on_im.youronly.one
#Hugo with Webmention (twitter.com/_/status/1521773077600043009)
tetov-irc joined the channel
# @acegiak ↩️ and for connecting that to cross post to things like twitter and instagram I'm trying to decide if I want to write that functionality and add it to the open source microblogpub project or just use http://brid.gy which would do it automatically for me. (twitter.com/_/status/1521825497524621312)
# [tantek] AshMcAllan[m], I myself built my own text-POSSE-to-Twitter code (that calls Twitter’s API) because there was no Bridgy at the time, and I was very picky about all the edge cases (documented on /Twitter).
m2m and villasv joined the channel; m2m left the channel
# villasv Hi folks! I've been studying RelMeAuth and IndieAuth for a day or so but I'm having some trouble understanding the IndieAuth spec. In the Wiki, it says the Authorization Endpoint "is a page where applications can send users to and asking them to identify themselves". But the spec says "The client needs to discover the user's indieauth-metadata endpoint, which provides the location of the IndieAuth server's authorization endpoint".
# villasv I'm confused because I don't provide "indieauth-metadata" in my personal website yet I'm able to use IndieAuth as an user 🤔 Are these different "users"?
# villasv Or perhaps am confused about naming. Perhaps I'm actually not able to use IndieAuth the protocol, I'm able to use Web Sign-In thanks to RelMeAuth?
AramZS and m2m joined the channel
# villasv I'm able to use IndieAuth as an user meaning I'm able to sign in in the indie web wiki and the IndieAuth.com test sign in
# [tantek] Aside: more dev than end user, I met a few kind folks from StoryBlok the past two days (they were one of the sponsors of beyond tellerand) and it's an interesting IndieWeb-adjacent business model that may be worth looking into from the perspective of, perhaps there are other opportunities like this: https://www.storyblok.com/about
# villasv Ah, definitely that, a naming confusion. So IndieAuth is an alternative to RelMeAuth, got it. Thank you both!
# villasv Cool. And PGP is also a third alternative, right? Is there a catchy name for this PGP challenge protocol?
# villasv Ah nice, I though RelMeAuth was for OAuth providers only. Thanks again
# villasv How does it work with mailto and sms? Sending a link with a sign-in otp?
# villasv Brilliant, gotta add more rel=me's to my website asap ;-)
# [fluffy] Personally I feel like RelMeAuth is sort of worst-of-both-worlds when it comes to splitting the difference between owning your identity and relying on third-party authentication providers, like it means users have to have their own website AND it means that site operators need to implement a whole bunch of stuff in order to support the miasma of multiple silo providers with additional identity verification steps on top of it.
# [fluffy] I’ve also thought about maybe building something IndieLogin-esque from Authl so that I could host an “IndieAuth and silo login” service for folks to use since I really like the Authl philosophy (I’m biased, of course) and would like to make it available to folks who don’t want to go all-in on Python.
# @thejuanlam ↩️ A lot of the features I added (besides the UI overhaul) were QoL improvements. Especially adding @NetlifyCMS for writing posts. Other fts: short story collections / novels are now possible, @indiewebcamp Webmentions, and @anchor widget for stories + poems (twitter.com/_/status/1521861507809787906)
# jamietanna1 omz13 btw I get `active:𝒕𝒓𝒗𝒆` when doing introspection :thinking: it's returned as `"active": true` in the JSON response
# jamietanna1 what does "lint: grant_types_supported implies tokens are granted... but response_types_supported inconsistent (no token indication)" mean - do you expect response_types_supported to include "token"?
# villasv As a newcomer, I appreciate RelMeAuth as a starting point. I understand that I don't fully own my security if I have to rely on a silo, but it's a good first step (like using a custom email address but still rely on Gmail)
# villasv But I imagine that it's a bit of a nightmare scenario for those implementing it
# [KevinMarks] OK, making https://indieweb-test.tumblr.com/ to try out adding mf2 to the theme
# villasv Now that I know that RelMeAuth works with Email and PGP, I think these are ones I'm going to try to focus on really
# [fluffy] IndieAuth.com as a RelMeAuth-to-IndieAuth proxy is a perfectly fine solution to things, even if it’ll always be limited to only a handful of RelMeAuth-supporting sites. But it also gets very confusing to someone new to the IndieWeb who is trying to understand where all these different protocols and providers fit.
# @lordmatt Twitter is not exactly friendly for Webmentions https://lordmatt.co.uk/technology/the-internet/social-media/twitter-is-not-exactly-friendly-for-webmentions/ (twitter.com/_/status/1521867055636656130)
# villasv I saw the naming confusion callout both in the Wiki and the Website, and I still got confused lol
m2m joined the channel
# villasv btw the name "RelMeAuth" is great, kudos to those involved
# [fluffy] Like on the various wiki pages about setting up RelMeAuth on your website it should ALSO highly recommend adding an authorization_endpoint link to an IndieAuth provider that makes use of RelMeAuth. Adding RelMeAuth links to your profile helps you to log in to indieweb.org but it doesn’t do a whole lot to guide people towards the larger problem of being able to log in to other IndieWeb sites that don’t implement RelMeAuth themselv
# villasv Maybe RelMeAuth -> IndieAuth could award some points on IndieMark? Don't know if that's still a thing
scojjac joined the channel
# villasv The web-sign page doesn't really recommend neither RelMeAuth or IndieAuth, it just mentions both as alternatives
# villasv It was the IndieMark page that set me up in the direction of RelMeAuth
[Murray] joined the channel
# villasv The IndieAuth wiki page instructs the use of rel= authorization_endpoint, but IIUC the latest specs deprecates this in favor of rel= authorization-metadata. Should we edit this already?
# villasv Oops, the new one is indieauth-metadata
# [tantek] IndieAuth providers already do federate. Federation is different from /migration
scojj joined the channel
# Loqi ok, I added "To do: clarify this page is written for developers, and where to go as a user." to a new "See Also" section of /Web_sign-in https://indieweb.org/wiki/index.php?diff=81254&oldid=81118
# [tantek] RelMeAuth << To-do: better document up front what it's solving and perhaps common misconceptions of what it's not (and what to use instead) — see https://chat.indieweb.org/dev/2022-05-04#t1651670148029400 and following for specific sources of confusion
# Loqi ok, I added "To-do: better document up front what it's solving and perhaps common misconceptions of what it's not (and what to use instead) — see https://chat.indieweb.org/dev/2022-05-04#t1651670148029400 and following for specific sources of confusion" to the "See Also" section of /RelMeAuth https://indieweb.org/wiki/index.php?diff=81255&oldid=75674
# Loqi Tumblr is a popular content hosting silo, especially for found images & video, that explicitly supports multiple types of posts, and through free domain mapping, a content hosting service as well https://indieweb.org/Tumblr
# [tantek] [KevinMarks] already done: https://indieweb.org/Tumblr#Add_microformats_support (I mean did you check the wiki before saying https://chat.indieweb.org/dev/2022-05-04/1651675787670000 ) ?
strugee_ joined the channel
# [KevinMarks] I was looking at yours - no h-card or authorship? https://gist.github.com/tantek/ac27fb0f28c41c4fb2a7
# villasv Answering myself here, looks like IndieAuth.com only supports rel=authorization_endpoint for now and not rel=indieauth-metadata yet. At least this is what it seems at a quick glance in the GitHub repo
jacky and scojjac joined the channel
# [KevinMarks] Also, the default template has changed since that guide was written
# [KevinMarks] which is why I am testing it
scojj, jacky, cyborganicLion, scojjac and jjuran joined the channel
# cyborganicLion Why cant I `import(remote-content-url)` from a javascript module? I can import at the top of a module using `import
{ * }
as variable` but id like to programatically load remote content based on client variables, I am able to do this without wordpress in a browser envioronment but I receive a type error when I attempt to `import(remote-content-url)` within a wordpress envioronment.# @brianwisti Puttering on stuff in 15 minute increments is challenging.
Floating in my head now: how to do #indieweb Webmentions and h-cards on multiple self-owned sites. A distinct h-card for each site, or point back to one as p-author for entries? (twitter.com/_/status/1521919403872370693)
# callym[m] is there any easy way of testing an indieauth server (and client I guess) from localhost?
# callym[m] want to make sure things work before pushing things onto the real life open internet
# callym[m] cyborganicLion: these days you can do something like `<script type="module" src="LINK TO ES6 MODULE"></script>`, then `<script>import
{ whatever }
from 'LINK TO ES6 MODULE'</script>`# cyborganicLion The import(module) expression loads the module and returns a promise that resolves into a module object that contains all its exports. It can be called from any place in the code.
# callym[m] https://caniuse.com/es6-module
# callym[m] I guess it's not too different to when we'd do `<script src="cdn.com/jquery@whatever>` security-wise?
# callym[m] so if I ran my server through ngrok and used one of the indieauth testing sites (is there a preferred one?), it should work through that?
# [fluffy] I don’t know about a preferred indieauth testing site but if you want something quick-and-dirty to test indieauth you can use https://anyauth.beesbuzz.biz/
# jacky there's some blog posts to help tho https://aaronparecki.com/2021/04/13/26/indieauth + https://www.jvt.me/posts/2020/12/09/personal-indieauth-server/
# [fluffy] so for example https://anyauth.beesbuzz.biz/alice
# callym[m] ah cool! so that'd be for testing a client, right?
# callym[m] is there anything similar for a server?
# callym[m] the other way round - seeing if my server will work
# callym[m] I'm also working on a client but I can't really run them against each other because they could both be equally wrong
# cyborganicLion Wait is this channel for all indie web developers or for a specific software package?
# [fluffy] https://github.com/PlaidWeb/Authl - it comes with a little test client that you can run on localhost (with `./test.sh` which should set up your environment automagically) and that’ll be able to talk to your server also running on localhost
# cyborganicLion Cool
# callym[m] ah perfect, I'll give that a go!
# callym[m] it looks like the ecosystem is mostly a lot of people rolling their own packages?
# cyborganicLion This is my first time on this server
# callym[m] same here
# cyborganicLion I thought for a second there i was in a channel that was specific to a software package lol
# cyborganicLion I am a self taught developer
[Will_Monroe] joined the channel
# cyborganicLion I dont think you can ever stop learning about the web
# cyborganicLion If alien robots land our best bet is html and javascript 😄
jacky joined the channel
jacky joined the channel
strugee, jacky, scojjac and scojj joined the channel
# [tantek] on another subject, I saw this but I'm not sure how "real" it is and how much it is basically a piece about a couple of nice-looking websites that seem to be built by one specific web agency: https://www.triplepundit.com/story/2022/internet-sustainable-web/742191
[Scott_Jack], scojjac, scojj, jacky, lagash, joshproehl, [aciccarello] and tetov-irc joined the channel
# [KevinMarks] wasn't there an h-feed preview built into monocle or xray?