#dev 2022-05-20

2022-05-20 UTC
cybi, Hollie, nixer, gRegor and cyborganicLion joined the channel
#
cyborganicLion Is it overkill to have my clients authorize their application and pipe in data from a server each time they run my software application?
#
cyborganicLion For a front facing server application
#
GWG Depends. Why each time?
#
cyborganicLion For IP protection I have a license server but I think the authorisation mechanism would probably melt my server if I let it run authorisations each time somebody loads the program, I am trying to devise a caching mechanism
#
cyborganicLion So on authorisation through api my server will response with javascript context theoretically after authorisation by key
#
cyborganicLion respond*
#
cyborganicLion How can I cache data out to a file which will expire after so long
#
cyborganicLion Or should I just let it run by live authorisation?
#
GWG I think your users might not like authenticating each time.
#
cyborganicLion The authentication method is automated
#
cyborganicLion I am just worried whether my raspberry pie is up to the task lol
#
GWG Okay. I may not be the best person to ask though, never built anything like that
#
cyborganicLion Ah OK thanks for your help
angelo, cybi and mro joined the channel
#
petermolnar most solution have a period based auth, eg our vpn lets me back in without new auth if it's a short disconnect and I'm within 24 hours of the previous full auth
#
petermolnar you could cook up a solution like tha
gxt joined the channel
#
Zegnat Not sure I fully grasp what sort of auth*ation you you there. Normally I would expect me to authenticate myself once and then be given some form of proof-of-authentication after the process. And then I only need to provide said proof afterwards. The API server can often very efficiently check whether the proof is still valid or whether to ask for re-authentication. So the cache would be built into the proof-validity. I.e. basically
#
Zegnat how OAuth works with Bearer tokens.
mro, nixer, tetov-irc, gRegor and [tonz] joined the channel; nixer left the channel
#
IWDiscordGateway <capjamesg> Is there an abbreviation for the terms authorization and authentication 🤣
mro and cybi joined the channel
#
IWDiscordGateway <capjamesg> tantek How would the webaction idea we discussed work?
#
IWDiscordGateway <capjamesg> I provide a nice poll voting UI, a user clicks and then is asked to enter their domain name, IndieAuth dance, then I send a Micropub request to the user’s endpoint?
#
IWDiscordGateway <capjamesg> Is there a PHP indieauth library that handles the auth part of a PHP app? I’d like to try my hand at this in PHP
#
IWDiscordGateway <capjamesg> My site is static so I could only initiate the flow from my site.
#
IWDiscordGateway <capjamesg> What would the request body look like?
#
IWDiscordGateway <capjamesg> “I vote for [option]” or something else? Should users be able to customize this?
mro joined the channel
#
sknebel capjamesg: authN and authZ are sometimes used
#
sknebel But not good terms and very specific to the niche
nixer and jacky joined the channel
#
[KevinMarks] Authorization is abbreviated as can-i-haz and Authentication as it-me
mro, nixer and cybi joined the channel
#
@lordmatt What ways are there to discover blogs that use #WebMention? (twitter.com/_/status/1527652651088871425)
#
@OpenMentions Well, @lordmatt found the bug with zero error messages. The naughty page now allows #WebMention pings like it should. (twitter.com/_/status/1527618793702584320)
jacky, mro, gRegor and gRegorLove_ joined the channel
#
[tantek] capjamesg, no we don't want to suggest or make a pattern of or teach users to give random websites Micropub permissions
#
[tantek] this is why we designed WebActions as a method for handing over handling of posting to the person's site, so they deal with it directly, and the auth-dance or whatever happens on *their site* not yours
#
[tantek] take a look at /webactions and feel free to ask specific questions about the stuff there
#
IWDiscordGateway <capjamesg> I see. How would a webaction work in this case?
#
IWDiscordGateway <capjamesg> I read over the page but I’m a bit confused about how it would work.
#
[tantek] vote is just a special reply, see the section on the webaction for replying
jacky and mro joined the channel
#
jacky so w.r.t https://indieweb.org/scope#Scoped_by_Post_Types, should we have a note in the spec for backward compatibility support for clients that couldn't understand something like `create:note`? There's a case where something like a Micropub client might not set that kind of scope but a IndieAuth server allows tweaking of a scope to restrict post types during the request flow
#
jacky (wonders if this should be opened as an issue on the indieauth repo)
#
jacky err, not Micropub
jacky, superkuh, [chrisaldrich], mro and mro_ joined the channel
#
jacky what are expired posts
#
Loqi It looks like we don't have a page for "expired posts" yet. Would you like to create it? (Or just say "expired posts is ____", a sentence describing the term)
#
jacky well
#
jacky what is expired
#
Loqi Expiring content is content that is only temporarily (ephemerally) relevant, and also part of a larger post, that can and should be (preferably automatically) removed once a particular datetime has passed (the expiration date) https://indieweb.org/expired
#
jacky expired posts is /expiring_content#Why_ephemeral_posts
#
Loqi ok
[fluffy], AramZS, ShinyCyril and jacky joined the channel
#
jacky went a bit overboard with my cursor implementation for my site
#
jacky it'll support both date-based pagination for things like entries but also lexical paging for things like contacts, categories, etc
#
jacky all using the same 'logic' (so technically, I could also use lexical based paging for entries but I'd have to write the implementation for that)
jacky joined the channel
#
jacky looking at /webactions, I do think/grumble at the verbosity of HTML for actions
#
jacky maybe I'm lazy (most likely)
tetov-irc, jacky, [chrisaldrich]1 and [schmarty]1 joined the channel