#dev 2023-11-07

2023-11-07 UTC
[nsmsn], alephalpha0, gRegor, gxt and sknebel joined the channel
#
[jacky]
and feels like the "modern replacement" for jQuery UI
#
[jacky]
but also none of this stuff seems to "boil down" to just HTML when it's possible (like https://component.kitchen/elix/DateComboBox falling back to a `<input type=date>`)
#
[jacky]
not easy
#
[tantek]
It should either fallback to simple HTML or should have a linked issue in the OpenUI task force
#
[schmarty]
Perhaps of interest to people who like to bridge (all the) things: https://berjon.com/ap-at/
#
Loqi
ok, I added "https://interconnected.org/more/2023/partykit/facepiles.html (also cites IndieWeb!)" to the "See Also" section of /facepile https://indieweb.org/wiki/index.php?diff=90417&oldid=89146
#
[tantek]
^ GWG since I know you're a fan of facepiles
sebbu2, gerben, CRISPR, tbbrown, AramZS, [nsmsn], barnabywalters, [jeremycherfas], [Joe_Crawford], joshproehl and gRegor joined the channel
#
[schmarty]
sounds like bluesky is about to move an infrastructure mountain as a step towards real federation https://github.com/bluesky-social/atproto/discussions/1832
neceve and [jacky] joined the channel
#
[jacky]
using `bsky.network` as a firehouse
#
[jacky]
I guess that's what https://stream.indieweb.org/ is too
[nsmsn] joined the channel
#
[tantek]
That makes sense as a logical "eat your own cooking" step to test their federation architecture before rolling it out to nodes not controlled by the same org.
#
Zegnat
“it looks like the great python library […] had an issue with additional fields included in JWTs”, stop reading tokens if you are not the server...
#
Zegnat
But some really interesting stuff!
#
sknebel
Zegnat: on one hand they say "treat tokens as opaque", on the other hand it seems the only information about the expiry timing is ... inside the JWT
geoffo joined the channel
#
[snarfed]
iirc they also include expiration info in HTTP headers. but yeah one common best practice right now is to just attempt to use the token and refresh it if that fails due to expiration
#
Zegnat
Ah, no introspection anywhere? That is the otherwise “correct” way
#
Zegnat
I did not look carefully. The comment just stood out to me
#
[snarfed]
right, they say clients should treat them as opaque. introspection is nice, but not requiring JWT is nice too
#
Zegnat
I am not really a fan of JWTin the best of cases. When people start parsing them, even less so, haha
#
sknebel
[snarfed]: ah ok, just went what I saw in the docs
tbbrown joined the channel
#
[tantek]
HTML << {{edent}}: 2021-01-26 [https://shkspr.mobi/blog/2021/01/the-unreasonable-effectiveness-of-simple-html/ The unreasonable effectiveness of simple HTML]
#
Loqi
ok, I added "{{edent}}: 2021-01-26 [https://shkspr.mobi/blog/2021/01/the-unreasonable-effectiveness-of-simple-html/ The unreasonable effectiveness of simple HTML]" to the "See Also" section of /HTML https://indieweb.org/wiki/index.php?diff=90422&oldid=89333
geoffo and [KevinMarks] joined the channel
#
[KevinMarks]
Finally, a way to PESOS browser tabs https://omar.website/tabfs/
#
[jacky]
is it odd to use `rel=canonical` in a proxied image?
#
[KevinMarks]
in a header? Or is it an SVG?
#
[tantek]
You mean like in the http headers?
#
[jacky]
in the headers for this case, yeah
#
[jacky]
might be creating a problem that doesn't exist!
#
[jacky]
(proxying the image for a profile URL for a IndieAuth request)
#
[tantek]
Curious who would consume it
#
[jacky]
versus using a proxied URL for a IndieAuth profile response
#
[jacky]
that could be used _anywhere_
#
[jacky]
reading the spec again
#
[jacky]
https://indieauth.spec.indieweb.org/#profile-information-p-7 seems to hint that clients _shouldn't_ consider it "real" or "verified"
#
[jacky]
thus _probably_ making it okay to use proxied URLs (or tbh even masked e-mails it seems!) there
#
[tantek]
I could see a consuming use-case for sites that cache h-cards of contacts, wanting to occasionally refresh/poll a u-photo for the person, storing the canonical URL instead
#
[jacky]
refreshing on every re-auth to that service or verifying their token? (that's the point when I'd get this URL)
#
[jacky]
unless, instead of checking the URL for a rep h-card, they used the photo from the profile response in a token introspection _or_ authorization attempt's profile body
#
[jacky]
that _seems_ probably more reliable than scraping people's sites if it tends to be spotty (or if there's a lot of people using the same endpoints, could consildate traffic to _one_ host instead of dozens)
#
[jacky]
over optimizing lol
#
[tantek]
indeed I think it's worth being clear about what problem this would be solving
#
aaronpk
documenting-the-problem++
#
Loqi
documenting-the-problem has 1 karma over the last year
#
[tantek]
ooh nice that you can use hyphens/terms in ++ actions. are they treated semantically or decoratively?
#
[tantek]
!karma documenting-the-problem
#
Loqi
documenting-the-problem has 1 karma over the last year
#
[tantek]
!karma documentingtheproblem
#
Loqi
documentingtheproblem has 0 karma over the last year
#
[tantek]
a-ha, hyphens/dashes are semantic then
#
[tantek]
should they be aaronpk?
#
aaronpk
i've never really thought about it
#
GWG
Anyone want to weigh in on https://github.com/indieweb/indieauth/issues/128 as a standalone issue?
#
Loqi
[preview] [dshanske] #128 Note that the Issuer URL Must Have the Metadata Headers
#
[jacky]
commented
geoffo joined the channel
#
gRegor
How is that going to work with the WP plugin since the issuer URL is a json document?
#
gRegor
Also wondering if there are examples other than WP
#
gRegor
I guess HTTP Link headers, to answer my own question
#
gRegor
Which reminds me I need to make sure my plugin is checking those
[aciccarello], [nsmsn] and [calumryan] joined the channel
#
GWG
gRegor: The link header is in my new code so will be there
#
GWG
gRegor: Even with sites using other methodologies, it should be noted