#dev 2024-08-04

2024-08-04 UTC
thegreekgeek and thegreekgeek_ joined the channel
#
GWG Indiewebring's Logo URI isn't a URL. https://xn--sr8hvo.ws/auth/id
#
GWG The spec says it should be.
#
GWG So, the question is, should the spec say it should be a URI, or should it remain a URL?
thegreekgeek joined the channel
#
catgirlin.space i'd expect it to be a url...
#
[tantek] URL++
#
Loqi URL has 1 karma over the last year
#
catgirlin.space when i try signing into indiewebring i always get `invalid_issuer` :( every other indieauth thingy works for me though... confused
#
catgirlin.space it doesnt even redirect me to my consent page
oblivxi0us and ttybitnik joined the channel
#
[KevinMarks] Good post on cascade layers https://www.matuzo.at/blog/2023/cascade-layers-are-useless - one for future FReSH
ttybitnik joined the channel
#
aaronpk There was a discussion about data URIs on the spec
#
aaronpk https://github.com/aaronpk/draft-parecki-oauth-client-id-metadata-document/issues/19
#
Loqi [preview] [matthieusieben] #19 Should data uri be allowed as logo_uri ?
#
GWG aaronpk: I am going to fix my code that choked on it to validate URLs but wanted to ask ask as I wasn't expecting it
#
aaronpk Well defensive coding means you should always be prepared to handle arbitrary data in all the properties, and ignore it but don't crash if you don't recognize it
#
GWG I need to audit my code a bit for that. This is the second time I've discovered that I didn't
#
Zegnat URLs, always a bane, haha. I was looking into adding Server Metadata into selfauth, and I was immediately thinking that all the examples seem to use absulote https URLS -- but what if I used relative URLs?!
[schmarty] joined the channel
#
[schmarty] Haha, hello, sorry for causing issues with the old IndieWeb webring! :melting_face:
#
[schmarty] As I was putting the metadata doc stuff together I just thought: do I really need to make a whole URL to host this svg icon hack?
#
GWG [schmarty]: That's why I asked in here. I wasn't sure.
#
GWG But consensus seems to say yes
#
[schmarty] http://catgirlin.space I'm afk today but am happy help debug! The webring uses the php IndieAuth client library, which seems to be the trigger of that error: https://github.com/search?q=repo%3Aindieweb%2Findieauth-client-php%20invalid_issuer&type=code
#
[schmarty] Do the other https://bayside.pub Micropub client give the same error?
#
[schmarty] If you drop a link to your homepage and/or IndieAuth metadata endpoint maybe we can see what's what
#
GWG [schmarty]: It wasn't me specifically. Someone reported the issue last night in the -wordpress room. So its my code
#
GWG Slater let me through.
#
GWG My code should have checked for a non-URL, which is on me, but I wasn't sure if it should encounter one in the abstract
#
[schmarty] GWG: slater has an https url for logo_uri
#
GWG [schmarty]: Exactly. I saw that
#
[snarfed] wait, sorry, I feel dumb. https://xn--sr8hvo.ws/auth/id isn't a URL?!
#
[schmarty] GWG: The suggestion to try the bayside.pub clients was for http://catgirlin.space to confirm the IndieAuth issues
#
Loqi [preview] rosalina saige
#
[schmarty] snarfed: the logo_uri value inside is a data: url
#
GWG Oh, oops. Sorry. Mixing conversations there
#
[snarfed] ah
#
GWG And my code didn't expect it. It will now. This is the second time I didn't code well for the unexpected. Will have to look for other places I forgot to add a check.
#
[schmarty] GWG: I'll put the logo at a real https url in the next day or two
#
GWG But, it prompted me to ask if the spec allowed it...which comments seem to suggest no.
#
GWG [schmarty]: Either way, I'm fixing my code to not error out on it
fabian joined the channel
#
[schmarty] I appreciate you asking! I wondered as I did it, but I usually develop this stuff pretty loosey-goose. I added json client metadata discovery support to my own IndieAuth endpoint just so I could test *publishing* this metadata and we lack testing tools all around
#
[schmarty] And my implementation of discovery was just "I'm gonna shove this into the browser so a data: url feels fine 🤷‍♂️ "
#
[tantek] I mean seems fine to me too
#
[tantek] I wonder what the argument is against allowing it
#
[tantek] Defensivecoding++
#
Loqi Defensivecoding has 1 karma over the last year
jonnybarnes joined the channel
#
[Joe_Crawford] [KevinMarks] great article! I added a section for future to-study in the wiki! https://indieweb.org/Front_End_Study_Hall#Planned … my notion is to use that to help informally craft agenda. Next meeting is TBD. Ought to be week after next but I’ve not thought about date/time/tz yet.
#
[Joe_Crawford] [KevinMarks] ++
#
Loqi [KevinMarks] has 18 karma in this channel over the last year (33 in all channels)
_IWDiscord, bacardi55[m], pcarrier, IWDiscord, GuestZero, yep and crab1 joined the channel
#
catgirlin.space [schmarty] my metadata endpoint is at https://catgirlin.space/kitty-meow-meow/indieauth/metadata/. bayside.pub doesn't work either :( really confused how it'd be the indieauth client library, because tmk monocle, aperture, and quill (and probably indielogin.com maybe?) all use that too, and they work perfectly.
#
catgirlin.space [edit] [schmarty] my metadata endpoint is at https://catgirlin.space/kitty-meow-meow/indieauth/metadata/. bayside.pub doesn't work either :( really confused how it'd be the indieauth client library, because tmk monocle, aperture, and quill (and probably indielogin.com maybe?) all use that too, and they work perfectly.
#
catgirlin.space omg
#
catgirlin.space i just realized my indieauth metadata endpoint is behind auth, oops...
#
[schmarty] Yah it just asked me to sign in with GitHub 😅
#
catgirlin.space never noticed that cause im authenticated to my own website ofc, just noticed it with the discord embed...
#
catgirlin.space okay now it no longer requires auth lol
#
[schmarty] http://catgirlin.space: now that the auth is gone, does it work with the webring or any of the bayside.pub clients? :crossed_fingers::skin-tone-2:
#
Loqi [preview] rosalina saige
#
catgirlin.space [schmarty]: it redirects to my endpoint, but then i get this
#
catgirlin.space ```
#
catgirlin.space indieauth_error
#
catgirlin.space ```
#
catgirlin.space The authorization server did not return a valid response
#
catgirlin.space (still like quill still works fine)
#
[schmarty] http://catgirlin.space: for what it's worth, I think Quill is running an old version of indieauth-client-php. https://github.com/aaronpk/Quill/blob/main/composer.json#L8 shows ">=0.5.1" whereas the webring is on 1.1.6 via https://github.com/indieweb/indieauth-client-php/releases
#
Loqi [preview] rosalina saige
#
[schmarty] so quill is not using the indieauth-metadata endpoint data
#
aaronpk i have quite a backlog of work to do on this stuff 😞
#
[schmarty] me tooooooooo
#
catgirlin.space user agent for requests from quill says 1.1.4 though...
#
[schmarty] ooo, maybe newer on the server than the published GH version then.
#
catgirlin.space oh i see what indiewebring is doing
#
catgirlin.space its using the authorization endpoint, but its sending a scope...
#
catgirlin.space and so it should use the token endpoint?
#
catgirlin.space maybe my server implementation is wrong, but the profile scope will give a (quite useless) access token with the token endpoint, and i dont allow requests to the authorization endpoint if the scope is set at all...
#
[schmarty] yep, if scope is empty or 'profile', it will try to use the authorization endpoint. lemme see if i can see why i've got it doing that https://git.schmarty.net/schmarty/micropubkit/src/branch/main/src/IndieAuthController.php#L62-L66
#
[schmarty] ah: https://indieauth.spec.indieweb.org/#profile-information
#
catgirlin.space wait am i doing it correctly then,,,,,
#
[schmarty] good question. i read that to mean you treat a scope of 'profile' as, uh, not actually a scope. 😅