#dev 2025-02-12

2025-02-12 UTC
doesnm and btrem joined the channel
#
[tantek]
[Joe_Crawford] your /projects page made me double-check my decades-out-of-date projects page where I rediscovered that the first HTML-based slide deck presentation I gave and thus authored / published was in 1998-01-06 (!!!) on CSS: https://tantek.com/presentations/19980106WebBOF/
#
[tantek]
definitely has some rendering bugs now as it was likely depending on CSS support (and quirks therein) in released browsers as of 1998
#
[Joe_Crawford]
[tantek]++ definitely in that _web pages must live forever_ spirit
#
Loqi
[tantek] has 31 karma in this channel over the last year (146 in all channels)
#
[tantek]
and HTML 3.2 at that 😂
#
GWG
Did we solve token introspection auth for IndieAuth while I was doing other things? Solve as in come up with something I can implement?
#
gRegor
I don't think so
#
GWG
I remember we tabled it during the discussion
lockywolf, kleb6 and sebbu2 joined the channel
#
carrvo
Setting aside a definitive solution, can we think of what behaviours we would like introspection auth to have? Maybe 1) no pre-registration (no need for manual steps or information that cannot be obtained during the code flow) 2) RS should identify as itself (its URI)
grufwub, sephy and nanoflite joined the channel
#
doesnm
why code_verifier & code_challenge needed and can i ignore them in my implementation?
GuestZero_, gRegor, xgpt7, nemonical, lockywolf, grufwub, Viv_Slakes, nanoflite, ttybitnik and lockywolf_ joined the channel
#
[schmarty]
What is PKCE?
#
Loqi
PKCE is short for Proof-Key for Code Exchange (pronounced "pixie"), a standard (RFC 7636) extension to OAuth 2.0 that is used by IndieAuth, that protects against intercepted authorization codes during the OAuth flow https://indieweb.org/PKCE
#
[schmarty]
doesnm ^^
#
doesnm
just extension? Looks like it optional :D
#
[schmarty]
It's optional, for some implementations, for now.
#
[schmarty]
(The trend is that it will become a required bit of IndieAuth and OAuth2.1)
nanoflite, jak2k and [Murray] joined the channel
#
aaronpk
it is now required in OAuth 2.0 by RFC9700
#
[aciccarello]
Indiekit gives a nice warning about when it's missing which is nice
GuestZero__, GuestZer-, nanoflite, [KevinMarks], nemonical, thegreekgeek, GuestZero, gRegor, NaomiAmethyst, jak2k and xgpt joined the channel; sephy left the channel
#
[tantek]
worth IndieNewsing IMO and documenting as a good UI pattern for interacting with "randoms" on the web: https://www.manton.org/2025/02/12/new-fediverse-settings-in-microblog.html
ttybitnik, nanoflite and sebbu joined the channel
#
[tantek]
seems relevant to IndieWeb interests: https://www.technologyreview.com/2025/02/11/1111518/ai-crawler-wars-closed-web/ see also Dark Forest theory of the web, Maggie Appleton https://www.youtube.com/watch?v=KYJd5y3awPc (which the lazy MIT article failed to cite 🙄 )
streety joined the channel
#
capjamesg[d]
Oooh, I'll read that post tomorrow.