#wordpress 2018-06-24

2018-06-24 UTC
[eddie], [nate658], [cleverdevil] and [jgmac1106] joined the channel
# 09:16 
[jgmac1106] but in a way that is the DIY ethos for WordPress. You aren't building some one off CMS, not at your skill level, Instead you spend a lot iof time diagnosing and trying to figure out why things don't work the way they should. Every WordPress user has to deal it.  Something always breaking is a core feature of the experience
# 09:17 
[jgmac1106] that is IndieWeb or no IndieWeb.
jgmac1106 joined the channel
# 12:40 
jgmac1106 @wiobyrne Reading Chrois’s post I forgot to try the export to Markdown option that might come out cleaner for a read post. Will try
# 12:49 
GWG Morning, jgmac1106
# 12:50 
jgmac1106 hey buddy , hope the train has been awesome
# 12:50 
GWG jgmac1106: Umm...that's not for another 12 hours
# 12:50 
jgmac1106 ohhh, my bad. I thought you did one of those cross country trains
# 12:51 
GWG No. I took the plane.
# 12:51 
GWG I'm only taking a train down from  Seattle.
# 12:51 
jgmac1106 I leave in two hours
# 12:52 
GWG That's good
# 12:53 
GWG I am just sitting here doing some WordPress work
# 13:20 
jgmac1106 I have an online class starting Monday, last minute prep on that. Probably a ton on the flight
[wiobyrne], tantek__, [snarfed], [anika], sebsel, chrisaldrich and [eddie] joined the channel
# 17:45 
[eddie] Hmmm both my Wordpress instance and an Indigenous for iOS user’s instance keeps showing IndieAuth server did not return the same state parameter
# 17:45 
[eddie] https://github.com/EdwardHinkle/indigenous-ios/issues/195
# 17:45 
Loqi [vishae] #195 Issues with logging in
# 17:45 
[eddie] I think from looking at the Wordpress code it has something to do with cookies
# 17:45 
[eddie] 🍪
# 17:45 
GWG There is a cookie that stores the state.
# 17:45 
aaronpk latest version?
# 17:46 
[eddie] Yep, I’ve installed the latest version on mine
# 17:47 
[eddie] I think it has to do with when you are logged out. Then you log in in order to authenticate the IndieAuth
# 17:47 
[eddie] I think it works fine if you are already logged in
# 17:48 
aaronpk hm does logging in delete that cookie somehow?
# 17:49 
[eddie] Ohhh maybe 🤔
[jgmac1106] joined the channel
# 17:49 
[eddie] I guess I should create a GitHub issue lol
# 17:53 
GWG How else can I retain the state? IP address check?
# 17:55 
aaronpk no
# 17:55 
aaronpk need to figure out how to persist the cookie even when they're logged out
# 17:56 
aaronpk other oauth plugins seem to have figured it out
# 17:57 
Loqi [EdwardHinkle] #70 Error: IndieAuth Server did not return the same state parameter
[chrisaldrich] joined the channel
# 17:58 
GWG It's a separate cookie, not the Wordp one.
# 17:58 
GWG WordPress
# 18:01 
[eddie] Hmm strange. There’s definitely something wrong with the authentication. I’ve recorded a video showing the behavior and it’s odd
# 18:02 
[eddie] If you click authorize it returns me logged out. But if I click on the “back to Wordpress” link it takes me to the Wordpress instance and I’m still logged in
# 18:02 
GWG Yes, cannot reproduce that.
# 18:02 
GWG Need to fix it though
# 18:04 
aaronpk [eddie]: can you write up the steps so GWG can try to reproduce it?
# 18:11 
GWG But the cookie is only used for websignin
# 18:12 
aaronpk I thought you stored the state in a cookie too?
# 18:12 
aaronpk the client sends the state parameter with the first request
# 18:12 
GWG I do, the state when it is the client
# 18:12 
GWG Not when the client is external.
# 18:12 
aaronpk it needs to store it when it's acting as a server too
# 18:13 
aaronpk in order for it to return the state back to the client
# 18:13 
aaronpk whatever the client sends as the state it needs to store
# 18:13 
GWG It passes it around, but never actually stores it
# 18:13 
aaronpk that's the problem then
# 18:13 
GWG Oh?
# 18:14 
aaronpk because when you're logged out, the plugin loses the continuous flow that it has normally
# 18:14 
[eddie] I realized I don’t think it’s necessarily about being logged out
# 18:14 
[eddie] I think I’m already logged in
# 18:14 
[eddie] It just looks like I’m logged out because it returns me to the “login screen”
# 18:15 
[eddie] https://indiewebcamp.slack.com/files/U433EQWG2/FBCSSCE20/video_of_wordpress_indie_auth_issue.mp4
# 18:15 
[eddie] [eddie] mentioned a file: Video of Wordpress indie auth issue.MP4.
# 18:15 
[eddie] Hmm doesn’t seem to share right to irc. I’ll add my steps to the GitHub issue
# 18:16 
GWG What would you suggest?
# 18:16 
aaronpk wait that's a weird error
# 18:16 
aaronpk why does wordpress say the indieauth server didn't return the state parameter
# 18:16 
aaronpk wordpress *is* the server in this case
# 18:17 
GWG The only place that string appears is in the web signin class
# 18:19 
aaronpk well that's confusing
# 18:19 
GWG Must be triggering somehow.
[dougbeal] joined the channel
# 18:20 
GWG Must be a failed check
[anika] and [nate658] joined the channel
# 19:11 
aaronpk what's weird is that I can log in to aperture just fine using my wordpress install
# 19:11 
GWG That's why I am confused
# 19:11 
aaronpk I tried when I was logged out of wordpress first too
# 19:13 
GWG I think it may be stripping something
[wiobyrne], [grantcodes] and [eddie] joined the channel
# 20:31 
[eddie] I’m wondering if it is related to iOS’s SFAuthenticationSession? It only allows cookies of the domain approved, so if there is a mismatch between www. And root, maybe that is going wrong?
[schmarty] joined the channel
# 21:06 
GWG Is everyone with a problem on iOS?
# 21:08 
[eddie] As I only run an iOS app, I haven’t heard of anyone having an issue that isn’t on iOS
[jgmac1106] joined the channel
# 21:08 
[eddie] So I would say, currently, yes
# 21:10 
GWG So, how do we solve?
# 21:11 
[eddie] I guess, if we understand more about the cookies that are being set, I can try and compare the values to how Apple handles the cookies in the SFAuthenticationSession and we can see if I can discover a mismatch in that way
# 21:11 
[eddie] it seems that it’s failing in $token->verify
# 21:11 
[eddie] that causes the error to be displayed
# 21:12 
[eddie] So the error is in this function: https://github.com/indieweb/wordpress-indieauth/blob/d112d626ba2d2fa82365ae9c3edad7c76fb651be/includes/class-token-transient.php#L53
# 21:12 
[eddie] So if you can point me to where that cookie would be set
gRegor-mobile joined the channel
# 21:16 
GWG About 5 lines up
# 21:17 
GWG In the same function
# 21:17 
GWG But why is the problem there?
# 21:17 
GWG That code is only used for clients not for endpoints
# 21:18 
GWG It shouldn't be triggered by Indigenous
# 21:22 
[eddie] Oh really?
# 21:22 
[eddie] Well that’s strange
# 21:24 
[eddie] Image from iOS https://files.slack.com/files-pri/T03QR2B2T-FBD90J1FX/image_from_ios.png?pub_secret=372c0ac2e9&name=Image from iOS.png
# 21:24 
[eddie] Image from iOS https://files.slack.com/files-pri/T03QR2B2T-FBD90JFJR/image_from_ios.png?pub_secret=8acc62f3d5&name=Image from iOS.png
# 21:25 
[eddie] When I got to authorize in iOS it literally shows me the IndieAuth auth screen and when I press authorize it shows me the login/error screen
# 21:25 
[eddie] Those two screenshots are back to back
# 21:26 
GWG I think it's stripping the WordPress cookie so it is reverting breaking the redirection
# 21:27 
[eddie] Ahhh okay. Where would I look at the cookie to investigate what might be wrong between iOS and the cookie
# 21:31 
GWG The Wordpress cookie?
# 21:35 
[eddie] Well the authentication is fine, because if I click on a link within the same window to go to the dashboard, I’m already logged in
# 21:35 
[eddie] So I think it’s an issue with an IndieAuth Wordpress cookie
# 21:36 
[eddie] As opposed to an authentication cookie
# 21:37 
aaronpk [eddie]: what character set does your state parameter use
# 21:37 
aaronpk anything other than a-zA-Z0-9?
# 21:38 
[eddie] Ohhh good question, let me check
# 21:39 
aaronpk the plugin doesn't store the state in a cookie, it just passes it around between pages, so i'm wondering if it's a URL/html escaping issue
# 21:40 
GWG There is no Indieauth WordPress cookie for this function
# 21:41 
GWG That's the problem
# 21:43 
[eddie] Ohhh hmmm okay.
# 21:43 
[eddie] Nope, a-Z0-9
# 21:44 
GWG ?
# 21:45 
aaronpk hm k
[grantcodes] joined the channel
# 21:52 
GWG I am not sure how that code is triggering. The state error should occur if you are not logged in and the code parameter is still being passed.
# 21:59 
[eddie] So my Wordpress is on “http://Wordpress.abode.pub”
# 22:00 
[eddie] Oddly Apple says it’s gonna use cookies from abode.pub
# 22:00 
[eddie] I wonder if it’s not able to get the subdomakn cookies?
# 22:00 
GWG How do we fix that?
# 22:00 
[eddie] Because now Indigenous isn’t having me be logged in
# 22:01 
[eddie] That’s a good question. I’ll google and see if there is anything I can do differently with SFAuthenticationSession
# 22:05 
[eddie] Wait, SFAuthenticationSession was depreciated in iOS 12! What?!?
# 22:05 
[eddie] They just introduced it in 11
# 22:05 
[eddie] Well maybe the solution is finding out Apple’s new approach to OAuth and using that
# 22:07 
aaronpk oh jeez
# 22:07 
aaronpk they keep changing it
# 22:08 
[eddie] Yeah. Looks like it’s ASAuthenticationSession now. Lol! But only in iOS 12, so I can make that change until September
# 22:09 
[eddie] Well looks like there is a little more for me to investigate. I’ll update the ticket after some more investigation on my side, GWG. Thanks for the brainstorming help GWG and aaronpk 🙂 I feel like I understand a bit more what *might* be going on
# 22:09 
GWG I wish it was simple.
# 22:10 
[eddie] Me it 😁 haha
mblaney_ and [tantek] joined the channel