#dev 2024-11-25

2024-11-25 UTC
JadedBlueEyes, geoffo, [morganm], srijan, GuestZero and Burke joined the channel
# 07:45 
carrvo With rel="authorization_endpoint" deprecated, am I correct that I have two options: RelMeAuth (which is just swapping with rel="me" and a supported backing authenticator) and server metadata endpoint (which I think has to be hand-crafted...)? I am guessing that the "best" answer is to do both...
# 07:48 
carrvo For RelMeAuth, what kind of support does the backing authenticator need? Like, I have https://github.com/Inklings-io/selfauth setup already, how would this work with RelMeAuth?
# 07:48 
carrvo [edit] For RelMeAuth, what kind of support does the backing authenticator need? Like, I have https://github.com/Inklings-io/selfauth setup already, how would this work with RelMeAuth?
# 07:49 
Loqi [preview] [Inklings-io] selfauth: self-hosted auth_endpoint using simple login mechanism
# 07:49 
Loqi [preview] [Inklings-io] selfauth: self-hosted auth_endpoint using simple login mechanism
# 07:53 
carrvo For server metadata endpoint, am I expecting to hand-craft this? Do I need to have strong technical knowledge of the underlying OAuth standard? If I make this metadata endpoint live up to OAuth/OIDC specs, will it just magically work with OAuth/OIDC clients/libraries?
# 07:59 
carrvo I felt quite happy with setting up my first IndieAuth path (client login -> homepage -> authenticator -> client redirect) until I realized that with other authentication methods future requests also include request header values and my test IndieAuth client only had server-side session variables. I assume that I need a token endpoint, but I expected that to be for authorization that I am not convinced I need.
# 08:09 
carrvo Is the Micropub spec supposed to be used for all IndieAuth clients? Like, I want to build a client where users log in with IndieAuth and then I check their identity URI against an allowlist for different files as a mechanism to share those files with family and friends.
# 08:10 
carrvo With Basic Auth, their identity is in the Authorization header and PHP sees it as $_SERVER['PHP_AUTH_USER']; easy except they need to authenticate against my server (and have an identity created).
# 08:12 
carrvo I apologize if this is a lot at once. I am only just getting back to this personal project.
jimw2, [qubyte], jimw3 and jonnybarnes joined the channel
# 13:04 
capjamesg[d] https://www.coryzue.com/writing/bluesky-comments/
ancarda, capjamesg, roxwize, srushe, nnrx, eb, rob32, suki, okCiel, vikanezrimaya and athenaeryma joined the channel
# 14:19 
[aciccarello] carrvo, micropub is separate from indieauth. But indieauth is often used to authenticate before using micropub to publish.
# 14:20 
[aciccarello] If you only need to check access against an allowlist you should be able to just use indieauth
# 14:25 
[aciccarello] RelMeAuth using the https://indieauth.com/ service can be a rel=me link on a website for the user of your site. Then your protected website would need to either use a service like https://indielogin.com/api or implement the oath stuff to check authentication.
gRegor, sebbu and eitilt joined the channel
# 18:05 
carrvo Thanks. Sounds like I need to look deeper into the OAuth stuff.
# 18:11 
GWG The naming has occasionally confused people
lazcorp and [Murray] joined the channel
# 18:48 
[tantek] GWG, sounds like a good opportunity for a diagram showing what each thing does to achieve what aims / goals for useres
# 18:48 
[tantek] users* / humans
[benji], lazcorp, [mattl], [snarfed] and [juliaro] joined the channel