#dev 2022-10-23
2022-10-23 UTC
jacky and geoffo joined the channel
# vikanezrimaya !tell jacky IPFS nodes have a built-in gateway, might wanna have that exposed. Alternatively, https://ipfs.io/ is a thing
# [snarfed] slyduda true! the client redirect support in webmention.py was for backfeed, eg based on https://github.com/snarfed/bridgy/issues/1322
# slyduda[m] oh no i think i understand what is happening correctly now! i wasnt sure how the app backfed and thought that it needed the follow_meta_refresh from the initial publish for some reason. i will do a bit more reading to make sure i understand backfeed workflow can work with a static site well before i ask a follow up!
# slyduda[m] i guess my biggest question is, do folks run backfeed manually after they publish? i have a CLI that publishes new content. is there an endpoint for backfeed?
[jeremycherfas] joined the channel
# @kevinmarks ↩️ So Webmention but with 2 explicit middlemen rather than enabling that as an option? https://indieweb.org/Webmention (twitter.com/_/status/1584114655047270400)
# Saphire Wait
# Saphire So `rel=authorization_endpoint` actually refers to the base URI for the auth stuff?
barnaby joined the channel
# Saphire AH
# Saphire Nevermind, the wiki flip-flops between showing a path with last segment being "auth" and showing a rel with none of that
# Saphire So I was getting worried "/auth" is silently added
# Saphire Whew
# Saphire nodnod
jjuran, gRegorLove_, gRegor, [schmarty], jacky and mro joined the channel
# Saphire Oh also
# Saphire Is the authorization endpoint dual duty? :<
# Saphire "If the client only needs to know the user who logged in and does not need to make requests to resource servers with an access token, the client exchanges the authorization code for the user's profile URL at the authorization endpoint."
# Saphire Well okay, GET and POST can be easily separated out, but... still
# Saphire Makes it a requirement for you to properly split them out and such
# Saphire barnaby: now that's a good question..
# Saphire ...would be nice if we had some kind of public test suite and results of "does this client actually check for this"
# Saphire BTW what do you do if the rel and header are duplicated, or worse conflict?
# barnaby well there’s http://indieauth.rocks/
# Saphire ...ironically HTTP with no redirect
# Saphire > Testing your Server - Coming Soon...
# Saphire barnaby: guess you can log a warning or something if there are multiple
# Saphire IMHO I would just straight up refuse to process something with conflicting ones tho
# Saphire ...though you could argue that you need that due to some outdated clients, hm
# Saphire Or just quirky ones that do not check on or the other
# barnaby the only reason I can think of to completely reject sites with conflicting links would be concerns about fake links being injected into the site somewhere (e.g. in a 3rd party comment on a post which wasn’t properly sanitised), but taking the first available value and searching headers first is almost always going to mitigate that
jacky joined the channel
# Loqi jacky: vikanezrimaya left you a message 11 hours, 50 minutes ago: IPFS nodes have a built-in gateway, might wanna have that exposed. Alternatively, https://ipfs.io/ is a thing
# @hallam ↩️ I will add in a reference to WebMention. I suspect it came at the wrong time Spec was 2017, work was a bit earlier but Facebook hadn’t really abused our trust like they did in 2016. (twitter.com/_/status/1584198651651313664)
# @hallam ↩️ Webmention plus cryptography plus one middleman expressed in a format suited for append only list.
As with RSS, Webmention notifications can be converted by a gateway. But they obviously aren’t going to be end-to-end encrypted. (twitter.com/_/status/1584198066655363073)
mro joined the channel
geoffo, mro and petermolnar joined the channel; petermolnar left the channel
# barnaby released another minor taproot/indieauth version, with corrected cache management headers, removed dependencies and allowed the latest version of php-mf2 https://github.com/Taproot/indieauth#v031
# vikanezrimaya barnaby: huh, maybe I should check if Kittybox emits those headers properly, I think I didn't bother to implement it
# vikanezrimaya I do remember reading that, but since I was more oriented to make things at least work, I didn't bother
# vikanezrimaya Thank you, I will definitely consider adding that!!!
# barnaby this page is a much easier to read summary of auth page security concerns than the OAuth 2 spec https://www.oauth.com/oauth2-servers/authorization/security-considerations/
sp1ff joined the channel
# capjamesg [tantek] Would you be in support of 0 BSD for IndieWeb Utils? If so, would you mind expressing that you give permission to relicense the project as 0 BSD? https://github.com/capjamesg/indieweb-utils/issues/73
gRegorLove_, petermolnar, gRegorLove__, geoffo, gxt and jacky joined the channel
# barnaby Zegnat: the token exchange response ehaders are mentioned here https://www.rfc-editor.org/rfc/rfc6749#section-5.1
jacky, asdf1 and gRegorLove_ joined the channel
# IWDiscordGateway <slyduda> snarfed: sorry to bug you, after doing a bit of research i think i have the necessary background to understand next steps, but i am having an issue finding what information to use for the post_id and the source for the discover endpoint. for the post_id i am assuming i can use the id that is returned by the silo, for the source, i am unsure of what value to use. i have tried multiple values but cannot figure it out. i h
geoffo, jacky, [tw2113_Slack_] and jeeyoon joined the channel
# [snarfed] slyduda sure! I don't think you have to do any of that, I think just adding follow_meta_refresh=True to the discover call on https://github.com/snarfed/bridgy/blob/e83a8f13a61bd46910eb0d80e74472f24e74d8e1/tasks.py#L595 should be enough