#dev 2025-02-01

2025-02-01 UTC
#
corlaez https://www.removepaywall.com/search?url=https://www.404media.co/hackers-claim-massive-breach-of-location-data-giant-threaten-to-leak-data/
gRegor, grufwub, alpal, ttybitnik, jak2k, [marksuth] and nemonical joined the channel
#
doesnm i'm trolled. Dobrado by default has login page at index and after login open same page in constructor.
#
doesnm oops i'm deleted login form
ttybitnik joined the channel
#
doesnm https://gitlab.com/dobrado/dobrado/-/blob/master/php/auth_endpoint.php#L61-L70 wait what?
#
carrvo > invalid_request .../indieauth-client-php/redirect.php on line 16, Invalid code provided https://tokens.indieauth.com/token
#
carrvo It would be referring to https://github.com/carrvo/mindie-client/blob/31cd80478150dadb3be9f06b685de98a97e2e417/indieauth-client-php/redirect.php#L16
#
carrvo [edit] It would be referring to https://github.com/carrvo/mindie-client/blob/31cd80478150dadb3be9f06b685de98a97e2e417/indieauth-client-php/redirect.php#L16
#
carrvo Hmm. Strange that it would fail there.
#
carrvo aaronpk, could this be related to some of your changes? I would expect indieauth-client-php to be compatible with tokens.indieauth.com (and I don't have anything else on my end to go on).
#
carrvo doesnm++
#
Loqi doesnm has 2 karma in this channel over the last year (6 in all channels)
#
carrvo Oh! I found more looking back a log file.
GuestZero joined the channel
#
carrvo Looks like a stack trace on my IdP so probably not relevant.
#
carrvo snarfed, my client makes a fundamental assumption in this line: https://github.com/carrvo/mindie-client/blob/31cd80478150dadb3be9f06b685de98a97e2e417/indieauth-client-php/redirect.php#L67
#
carrvo [edit] snarfed, my client makes a fundamental assumption in this line: https://github.com/carrvo/mindie-client/blob/31cd80478150dadb3be9f06b685de98a97e2e417/indieauth-client-php/redirect.php#L67
#
carrvo What service authentication are you expecting on your introspection endpoint?
#
carrvo I did what was easy for me, but I am not particularly happy with it long term.
#
doesnm anyone see mblaney?
#
[snarfed] carrvo you'll want to talk to GWG, he wrote my site's IndieAuth provider, it's the WordPress plugin
#
GWG Happy to discuss
[Sophia_wood] and nemonical joined the channel
#
carrvo GWG, what authentication is expected by the WordPress plugin during introspection? And what format is the returned body in?
#
GWG I believe none
#
GWG We never set up anything consistent for what auth was supposed to be
#
GWG And the older spec had no auth
#
GWG I figured we'd develop something later
#
carrvo I think I found it! https://github.com/indieweb/wordpress-indieauth/blob/4a4aaf62221978c101bdd6900e9f1779ea97ea48/includes/class-indieauth-introspection-endpoint.php#L69
#
carrvo [edit] I think I found it! https://github.com/indieweb/wordpress-indieauth/blob/4a4aaf62221978c101bdd6900e9f1779ea97ea48/includes/class-indieauth-introspection-endpoint.php#L69
#
carrvo mod_oauth2 might not recognize `{"active":true}` as a valid token.
#
carrvo Yeah, there a few more required fields https://indieauth.spec.indieweb.org/#access-token-verification-response
#
carrvo [edit] Yeah, there a few more required fields https://indieauth.spec.indieweb.org/#access-token-verification-response
#
GWG I am almost positive I put in exp and iat....
#
GWG Hmm....no one has ever used it before, maybe I didn't and thought I did
#
carrvo Most notably OAuth needs the `sub` claim.
#
carrvo Here is mine for reference https://github.com/carrvo/mindie-idp/blob/7b48896bfe31c6b022b75e26594ce045b7f1e22e/mintoken/endpoint.php#L247
#
carrvo [edit] Here is mine for reference https://github.com/carrvo/mindie-idp/blob/7b48896bfe31c6b022b75e26594ce045b7f1e22e/mintoken/endpoint.php#L247
#
GWG Okay. I'll open an issue up so I have something to check against.
#
carrvo I believe `sub` is my minimum so that mod_oauth2 can set the Apache user for other modules to process.
#
carrvo I can raise the issue a bit later if you would like to know who it came from.
#
carrvo Now that I found the repo.
#
GWG Great
rrix joined the channel
#
carrvo @GWG https://github.com/indieweb/wordpress-indieauth/issues/286
#
carrvo [edit] @GWG https://github.com/indieweb/wordpress-indieauth/issues/286
#
GWG https://github.com/indieweb/wordpress-indieauth/blob/trunk/includes%2Fclass-indieauth-introspection-endpoint.php#L67
#
GWG See, the odd thing is it should have the other parameters
#
GWG I even test it https://github.com/indieweb/wordpress-indieauth/blob/trunk/tests%2Ftest-introspection-endpoint.php
#
carrvo I may have misread the code on my small screen.
#
carrvo Does it include the `sub` claim though? That was an issue I encountered: the IndieAuth spec suggests that it is optional but pure OAuth clients expect it.
#
GWG You said it contained nothing but the active property....
#
carrvo Then I misread the code. I don't have any tokens in my log.
#
carrvo I was mistaken as I tried to trace things.
#
GWG Probably not... because it is not mentioned in the indieauth spec
#
GWG Also optional in the oauth introspection spec
#
GWG I could see about it, but I don't think I added sub in any of the code
#
carrvo Then it is up to you whether to add it or close the issue. They just won't be able to log in with me.
#
carrvo GWG++ thanks for discussing it with me!
#
Loqi GWG has 5 karma in this channel over the last year (60 in all channels)
#
GWG Any time...tell me if you find anything else.. I'm happy to consider things
sebbu2 and GuestZero joined the channel
#
carrvo snarfed, I have updated my endpoint so now it should hopefully tell you about the error.
gRegor joined the channel
#
gRegor doesnm, I've not seen mblaney around chat in quite a while. You might try emailing or git to file an issue. The indieauth implementation probably needs updated to latest spec version. https://gitlab.com/dobrado/dobrado
#
gRegor what is dobrado
#
Loqi dobrado is an open source multi-user content management system that supports many indieweb features https://indieweb.org/dobrado
#
gRegor dobrado << https://gitlab.com/dobrado/dobrado
#
Loqi ok, I added "https://gitlab.com/dobrado/dobrado" to the "See Also" section of /dobrado https://indieweb.org/wiki/index.php?diff=99785&oldid=97104
ant-x, jonnybarnes9 and claudinec joined the channel