#meta 2017-07-22

2017-07-22 UTC
[kevinmarks], tantek, eli_oat and j12t joined the channel
# 14:52 
aaronpk Zegnat: i had an alternate plan that might be more fun for you to help with
# 14:52 
Zegnat Oh?
# 14:52 
aaronpk kind of along the lines of selfauth
# 14:53 
aaronpk since the wiki and chat logs are totally separate "apps", but it would be nice if you could log in to both, I was thinking about consolidating the login into its own separate app
# 14:53 
aaronpk it would support indieauth, and use indielogin.com for relmeauth support, and then set a cookie
# 14:53 
aaronpk then the wiki and any other app on the domain can just read the cookie
# 14:54 
aaronpk so the mediawiki authentication plugin becomes just parsing that cookie and returning yes/no
# 14:56 
Zegnat That’s interesting. So you would have an IndieAuth web sign-in field on – say – login.indieweb.org, that sets a cookie, and then all *.indieweb.org sites can check that cookie?
# 14:57 
aaronpk yep
# 14:58 
aaronpk i think it would have minimal UI, because all it'd really need is the sign-in form, and everything else is done via redirects or handled by indielogin.com (indieauth.com0
# 14:58 
aaronpk )
# 14:59 
sebsel login to the chat logs? what functionality does that provide?
# 15:00 
aaronpk it could set your nick for example
# 15:00 
aaronpk and show you desktop notiifications if you're mentioned
# 15:01 
aaronpk also eventually could be how you add yourself to /irc-people rather than doing the wiki edit manually
# 15:01 
sebsel oh, yeah, nice
# 15:02 
Zegnat But how would you “decode” the cookie? You’d either need some shared back-end storage, or go stateless. For stateless there either needs to be a public/private key thing set-up or login.indieweb.org needs another API you can call to check the cookie.
# 15:02 
aaronpk yeah, probably JWT with a shared secret is the best optioin
# 15:02 
sebsel I was just wondering what I missed, since I don't see a login there now :)
# 15:03 
sebsel also nice for a possible future events.indieweb.org, if we ever get there
# 15:03 
aaronpk actually that sounds a lot like OpenID connect
# 15:03 
Zegnat I don’t really like shared secret, but that would be the easiest to do, yes
# 15:03 
aaronpk i don't mind shared secret because they are all part of the same domain
# 15:03 
Zegnat shared secret means the other services can also create the sign-in cookie
# 15:03 
Zegnat priv/pub key means they can only validate it, but not create one themselves
# 15:03 
aaronpk true, i thiink OpenID connect uses priv/pub keys
# 15:05 
Zegnat Makes sense for them to do that. It would be my preferred method. But I find most priv/pub key libraries for PHP confusing. Thankfully libsodium is about to change that <3
# 15:05 
aaronpk there is probably a JWS library that works
# 15:08 
aaronpk https://tools.ietf.org/html/rfc7518#section-3
# 15:09 
Zegnat Nice table, some of those seem pub/priv key. I’ll have a look into that later today.
# 15:10 
Zegnat JWS with pub/priv key would be nice. Might even roll that into selfauth if it turns out there is a neat library for it.
# 15:11 
aaronpk anyway, a small app that handles that would be amazing, and i'd love to replace the wiki login with it
# 15:11 
Zegnat This project is basically: 1) include a JWS library, 2) include indieauth/client, 3) make IndieAuth fallback to indieauth.com, and 4) after successful authentication generate cookie
# 15:12 
aaronpk yep pretty much
# 15:12 
Zegnat I’d be happy to look into that aaronpk
# 15:12 
aaronpk i might even use that on my site to let people sign in so they can eventually read private posts!
j12t, tantek and jjuran joined the channel
# 19:59 
tantek !tell aaronpk I'm seeing an error (on the upload page) when uploading a cropped screenshot from my iPod to the wiki: "File extension does not match MIME type." Can you try uploading a screenshot from your iPhone and see if that works?
# 19:59 
Loqi Ok, I'll tell them that when I see them next
# 19:59 
tantek have never seen this before. and I'm pretty sure I've uploaded other screenshots from my iPod to the wiki in the past
# 20:45 
tantek.com uploaded /Special:Log/upload "uploaded "[[File:2017-203-ipod-messages-podcast-link.jpeg]]" https://indieweb.org/File:2017-203-ipod-messages-podcast-link.jpeg"
# 20:46 
tantek figured out the problem
# 20:47 
tantek when you crop a screenshot on iOS, it turns the PNG into a JPEG (dumb)
# 20:47 
tantek but does not rename the file (sensible)
# 20:47 
tantek so you have to explicitly rename the upload to a ".jpeg"
# 20:47 
schmarty That is an interesting bug!
j12t and jjuran joined the channel