#dev 2022-09-04
2022-09-04 UTC
neceve, neceve_, gRegorLove_, bterry, geoffo, cjw6k, [Jamie_Tanna]1, voxpelli, jonnybarnes, klez_, Demi, vikanezrimaya, kushal, rockorager, ancarda, srushe, eb, Feoh, capjamesg, jbove, rrix, aaronpk, sebsel, Saphire, Xe, [chrisaldrich], IWDiscordGateway, [Jamie_Tanna], Ruxton_, gxt, sivoais, jeremycherfas, tommorris, s[_], benji, lanodan, Kaja, rhiaro, alecjonathon, willnorris, jan6, GWG, chenghiz_, omz13, jjuran, Zegnat, joshproehl, sebbu, Pyroxtheythem[m], Steve[m]1231, zack[m], AramZ-S[m], mambang[m], strugee, angelo, sknebel, Seirdy, pmlnr, Guest5425, ben_thatmust, [manton], nsh, lagash, kandr3s, tetov-irc, gerben, superkuh, oodani_, t0nic, kloenk, nathan[m], walkah, BinarySavior_, moose333, h4kor[m], totertats, BinarySavior, sara, [manton]1, [jeremycherfas] and barnaby joined the channel
# barnaby for the IWC Berlin hack day I’m working on long-overdue issues in taproot/indieauth, starting with https://github.com/Taproot/indieauth/issues/12
# barnaby relevant previous chat: https://chat.indieweb.org/dev/2022-07-28#t1659023548487400
# Loqi [[schmarty]] in other news i think owncast's indieauth implementation is slightly broken? when starting an indieauth flow on their test server at https://watch.owncast.online/ the `client_id` they send does not include a path component. is it OK to assume `/` if ...
# barnaby the indieauth client library has normalizeMeURL which performs this normalisation, but additionally rejects URLs with fragments. Does this restriction apply to client_id and redirect_uri as well, or do I need to write a different normalisation function which allows client_id/redirect_uri with fragments?
geoffo joined the channel
# [schmarty] I think in my workaround I just apply normalizeMeURL() to client_id whenever it is in a request. Also yay! barnaby++
neceve_ joined the channel
[James_Van_Dyne] joined the channel
# [James_Van_Dyne] Sweet, I’ll give it a look
# Zegnat barnaby: I cannot find the definition of the redrect Uri in the indieauth spec. But in OAuth it looks like it MUST NOT have a fragment: https://www.rfc-editor.org/rfc/rfc6749#section-3.1.2
# [James_Van_Dyne] Almost bedtime for me 😄
# [schmarty] barnaby: re: unfetchable client_id - I have non-web microsub (scripts) and Micropub (iOS shortcuts) where it doesn't make sense to have a web page for them
# [schmarty] Heh oops left the word "clients" out of that sentence
# barnaby Zegnat: my assumption that normalisation was necessary was based on the previous question about in-the-wild client_ids without path segments, where the consensus was that they should be normalised. I was only asking about fragments to check whether I could use the indieauth client library normalisation function
tetov-irc joined the channel
# Zegnat I agree that unfetchable client_id should not be hard fails, it just means no client information can be discovered. I guess there is no harm in normalising them (or canonicalising, as the indieauth spec calls it) because that is what all HTTP clients I know of do anyway (if you do not provide a path, it is set to / on request). But it is probably still a faulty client URI if no path is provided *shrug*
# barnaby [schmarty]: did this bug cause a problem for you, or did you find it just by reading through the source? https://github.com/Taproot/indieauth/issues/13
# barnaby I actually had a test for that already https://github.com/Taproot/indieauth/blob/main/tests/FunctionTest.php#L132
jamietanna joined the channel
# jamietanna Is `2022-09-04T12:45:00+0100` a valid date we should be allowing in Micropub? Or should it have a colon in the offset i.e. `2022-09-04T12:45:00+01:00` ? Go, by default, only allows a colon, but thought I'd check as Indigenous for Android sends without one
# jamietanna I notice we don't specify exactly what date formats are expected, likely to allow folks to choose themselves? Or is ISO8601/RFC3339 implied?
# jamietanna Ah gotcha, I'll add support for falling back to colon-less as well then :)
kloenk joined the channel
# Zegnat But there too both with and without colon is valid: https://html.spec.whatwg.org/multipage/text-level-semantics.html#the-time-element:valid-time-zone-offset-string
# Zegnat barnaby: I heard you ask something re ticket auth. Probably not very useful, but here is the code of my test implementation from last year: https://gist.github.com/Zegnat/116b29ed0ef0e3f346583c48388ecc41
# [Jamie_Tanna] Although not officially in the hack day, I've been making some progress on my private journal site, and getting closer to open sourcing the Go micropub library portions, so folks can get a drop-in micropub endpoint 🙌
# sknebel Zegnat capjamesg there was this discussion re "whats the token valid for" https://github.com/indieweb/indieauth/issues/83
# barnaby Another IndieAuth question: https://indieauth.spec.indieweb.org/#access-token-response uses “expires_in” as the key for access token lifetime on issuing, whereas the response from the token introspection endpoint uses “exp” for the same thing https://indieauth.spec.indieweb.org/#access-token-verification-response
# barnaby huh, looks like both are part of OAuth. weird https://github.com/indieweb/indieauth/issues/81#issuecomment-907687677
# [tantek]4 w3schools-- w3fools++
# barnaby more info here https://github.com/Taproot/indieauth/issues/5
gRegorLove__ joined the channel
# [schmarty] barnaby++ thanks for so many taproot/IndieAuth updates!! I recall I ran into issue 13 and had to change something. I should have documented. 🤔
# [tantek]4 confirmed barnaby, "blog" is in the auto-linker: https://github.com/tantek/cassis/blob/master/cassis.js#L1313
# [tantek]4 barnaby, it's been there for 5 years 😂 how old of a version are you running?!? https://github.com/tantek/cassis/commit/9b9c78519e85b1a7025ffa3b7f692d7607943565
gRegorLove_, geoffo, cjw6k, AramZS and gRegorLove__ joined the channel
# IWDiscordGateway <capjamesg> 🤣
jacky joined the channel
[fluffy] joined the channel
tetov-irc, jacky and gRegorLove_ joined the channel