#wordpress 2019-09-18

2019-09-18 UTC
[jgmac1106], [KevinMarks] and cambridgeport90 joined the channel
# 00:37 
cambridgeport90 Forbidden\r\nServer: nginx/1.14.0\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/7.2.7-1+ubuntu16.04.1+deb.sury.org+1\r\nCache-Control: no-cache, private\r\nDate: Mon, 16 Sep 2019 15:10:39 GMT",     "body": {         "error": "invalid_user",         "error_description": "This token was issued to a different user",         "debug": {             "expected":
# 00:37 
cambridgeport90 I've been trying to solve this issue for a while now. when logging into Monocle (Quill and others work) I get this randomly: Error There was a problem trying to load the channels from your Microsub endpoint. •	Microsub endpoint: https://aperture.p3k.io/microsub/351 •	Your website: https://cambridgeport90.net/author/cambridgeport90/ The endpoint returned the following response. {     "code": 403,     "header": "HTTP/1.1 403
# 00:37 
cambridgeport90 PHP/7.2.7-1+ubuntu16.04.1+deb.sury.org+1\r\nCache-Control: no-cache, private\r\nDate: Mon, 16 Sep 2019 15:10:39 GMT\r\n\r\n{\"error\":\"invalid_user\",\"error_description\":\"This token was issued to a different user\",\"debug\":{\"expected\":\"https:\\/\\/cambridgeport90.net\\/\",\"from_token\":\"https:\\/\\/cambridgeport90.net\\/author\\/cambridgeport90\\/\"}}",     "headers": {         "Server": "nginx/1.14.0",
# 00:37 
cambridgeport90 "https://cambridgeport90.net/",             "from_token": "https://cambridgeport90.net/author/cambridgeport90/"         }     },     "error": "",     "error_description": "",     "url": "https://aperture.p3k.io/microsub/351?action=channels",     "debug": "HTTP/1.1 403 Forbidden\r\nServer: nginx/1.14.0\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By:
# 00:37 
cambridgeport90 "Content-Type": "application/json",         "Transfer-Encoding": "chunked",         "Connection": "keep-alive",         "X-Powered-By": "PHP/7.2.7-1+ubuntu16.04.1+deb.sury.org+1",         "Cache-Control": "no-cache, private",         "Date": "Mon, 16 Sep 2019 15:10:39 GMT"     },     "rels": [] }
# 00:40 
cambridgeport90 When logging into Indigenous, I get an invalid Nonce. What on earth did I do?
Oclair and Oclair_ joined the channel
# 01:19 
GWG You get a nonce error?
# 01:19 
GWG Hmm
# 01:19 
GWG Do you block cookies?
# 01:27 
GWG cambridgeport90: Sorry for the delay...I can help you possibly.
# 01:27 
GWG If I can't...
# 01:27 
cambridgeport90 I don't think so ... That error didn't happen until Safari. It worked just fine through Indigenous via Android. I'll have to look into that; never thought of cookies.
# 01:28 
GWG Well, there is only one session cookie set.
# 01:30 
cambridgeport90 Which one do I need to potentially allow in safari?
# 01:31 
GWG Why not first party cookies?
# 01:31 
GWG I assume you are allowing the WordPress ones.
# 01:31 
cambridgeport90 I don't normally block them intentionally. I'll do some more digging and see what I can find.
# 01:32 
GWG Let's address the user question
# 01:32 
cambridgeport90 I typically allow all cookies.
# 01:32 
GWG Did you change anything regarding your user?
# 01:32 
GWG The cookie would only explain the nonce commentr
# 01:33 
cambridgeport90 I haven't changed anything regarding the user, so not sure what happened to the token. Only thing I might have changed is the connection of my wordpress account to my blog. Could that have had something to do with it?
# 02:10 
GWG Possibly, only because one authentication plugin might conflict with another
# 02:13 
cambridgeport90 what would you suggest I do, then? Revoking the tokens doesn't help. I've tried that in hopes that I could get another one on next run of the plugin.
# 02:13 
GWG Did you set all the settings in the plugin config?
# 02:16 
cambridgeport90 The aperture plugin doesn't have any settings that I'm aware of.
# 02:17 
GWG The IndieAuth plugin
# 02:17 
GWG The Aperture plugin doesn't do IndieAuth.
# 02:17 
GWG You need the other plugin to do that
# 02:35 
cambridgeport90 I have both. I can't figure out what I've done wrong with that one; IndieAuth is the first settings panel I went to. Everything looked fine.
# 02:36 
GWG And the URL you are using the log in?
# 02:36 
GWG to log in?
# 02:38 
cambridgeport90 It's just my site. https://cambridgeport90.net.
# 02:39 
GWG And you set that as the primary user?
# 02:43 
cambridgeport90 I don't know how to set it up any other way, but I think I did. I'm the only user on there.
# 02:43 
GWG Odd
# 02:43 
GWG That should work.
# 02:45 
cambridgeport90 It just happened randomly one time I went to get my feeds on my desktop, and it's been like that ever since.
# 02:46 
GWG Try cambridgeport90.net/author/username
# 02:47 
cambridgeport90 Hmmm. didn't think about that. On another note, I would like my IndieAuth to require more than just a URL. Like my private side of my gpg key or something like that. But I'll take care of this issue first LOL.
# 02:48 
GWG cambridgeport90: I think I may need to clarify IndieAuth to answer that.
# 02:51 
cambridgeport90 Possibly ... I'm still newer to this than I'd like. By the way, that alternate URL worked. I'm gonna have to reconfigure my feeds and channels, though, because it's empty.
# 02:52 
GWG It answers the question. It isn't associating the main URL with your account
# 02:52 
GWG That is what that setting under IndieAuth is supposed to do
# 02:54 
cambridgeport90 You know ... now that I think about it, I think I did change the setting somewhere in there. Though it started acting quirky before that, though.
# 02:55 
GWG On the IndieAuth settings, set user to represent Site URL
# 02:55 
cambridgeport90 Is changing it, I take it that's for multiple user installs?
# 02:57 
GWG Yes. Usually.
# 02:58 
GWG Also, some people have an admin only account, and an author account
# 02:59 
cambridgeport90 Wow. They must have fixed that. Last time I checked, I didn't think it would work. I only mention it because I wanted to allow it on a community site of mine, but my admin didn't want to risk it.
# 03:00 
GWG cambridgeport90: They who?
# 03:00 
cambridgeport90 Then again, that site uses the divi editor with the divi theme, which has no IndieWeb support at all.
# 03:01 
cambridgeport90 And I meant whoever develops the IndieAuth protocol.
# 03:03 
GWG The protocol or the WordPress plugin?
# 03:04 
cambridgeport90 Not sure, honestly; whether it was a plugin limitation or a protocol limitation, but I remember it used to be like that.
# 03:07 
GWG Well, the protocol allows for multiple users
# 03:07 
GWG The plugin always did, but we never highlighted it
# 03:07 
GWG Documentation is a weakness we shouldn't have
# 03:24 
cambridgeport90 I agree. Are there any security risks to enterprises for using IndieWeb protocols in organization settings?
# 03:24 
cambridgeport90 This question applies to both Wordpress as well as the community at large.
# 03:25 
GWG cambridgeport90: IndieWeb no. It is secure.
# 03:25 
GWG The WordPress implementation...I hope not.
# 03:25 
GWG If there is a problem, we would want to fix it
# 03:37 
cambridgeport90 How is IndieAuth in particular secure? Anyone who knows my URL could for instance, could postany amount of data, couldn't they? just curious, hence my earlier comment regarding adding another factor to it like for instance, Duo, Ubikey, and so on. Gpg keys could work good there.
# 03:37 
GWG cambridgeport90: The URL is the equivalent of your username
# 03:37 
GWG They can't post any amount of data
# 03:37 
GWG You still need to prove your identity
# 03:37 
GWG So, in the WordPress plugin, that's using your WordPress login credentials.
# 03:38 
GWG For Indieauth.com, it uses relmeauth
# 03:38 
GWG Etc
# 03:41 
cambridgeport90 ah. I guess the identity proofs are never visible to the user, so ... that could be it. I'm more or less asking the question so that I can ccurately answer questions from technologists who want to know and are interested. I've not been able to field them before.
# 03:42 
GWG Well, they would be visible. But in your case, you are already logged into WordPress. If you weren't it would show the WordPress login screen
# 03:43 
cambridgeport90 Ah. Would make sense, then. Gives me an idea, but ... that's for another channel.
# 03:45 
GWG So, if you installed a WordPress auth plugin that changed the login screen for WordPress to use something else, you'd have that working in IndieAuth
# 03:46 
cambridgeport90 So theoretically Active Directory, SAML, could be used ... that's interesting.
# 03:47 
GWG Yes
# 03:47 
GWG Same as OAuth
# 03:47 
GWG IndieAuth is just OAuth where the identity is related to a URL
# 03:51 
cambridgeport90 Oh wow. I should have known this. Silly me.
# 03:52 
GWG Well, it took me a long time to wrap my mind around it.
# 03:52 
GWG https://aaronparecki.com/2018/07/07/7/oauth-for-the-open-web
# 03:52 
GWG Try this article
# 03:52 
cambridgeport90 But I'll catch you guys later; I ought to be asleep right now,. actually. But what is the Matrix address of this room so that I can add it to Riot? I can see IndieWeb, but not this channel.
# 03:53 
GWG I'm not sure. I'd have to look. I'm on IRC
# 03:53 
aaronpk What is discuss?
# 03:53 
Loqi Join the #indieweb discussions via the web, Slack, IRC, or Matrix interfaces now with additional channels for dev, wordpress, and meta specific chat! https://indieweb.org/discuss
# 03:53 
aaronpk matrix channels are listed there
# 03:54 
aaronpk If they don't work, let us know!
# 03:54 
cambridgeport90 I think that's how my Matrix user is connecting in here when I'm up there. It's nice because I can keep up with you guys during the day on my phone.
# 03:54 
GWG I like doing that too
# 03:55 
cambridgeport90 And we were talking about IndieAuth; My brain cramped and couldn't remember that there is a login behind it.
# 03:57 
GWG I needed a lot of help from aaronpk to understand it
cambridgeport90[, [Michael_Beckwit, ichoquo0Aigh9ie, gRegorLove, [pawel_madej], [tantek], AlekseyDiscord[m, [Lewis_Cowles], HarryTmeticDisco, [jgmac1106] and snoopdoggydog156 joined the channel
# 09:59 
cambridgeport90[ Morning
# 09:59 
Loqi greetings human
gRegorLove and [tonz] joined the channel
# 10:31 
[jgmac1106] Morning Katherine....hey can you make IWC NYC?
# 10:34 
cambridgeport90[ When is that?  The only thing I could hope to do is participate remotely.
# 10:34 
Loqi That! (or "that ^" or "that ^^^") is a rarely seen reply often emphasizing agreement with a This post, but sometimes[1] merely emphasizing agreement with a previous reply https://indieweb.org/that
# 11:03 
[jgmac1106] Oct 5-6th I will put up remote instructions this week, be good to test how the zoom features work with community members who use screen readers
# 11:18 
cambridgeport90[ I can tell you that zoom works fine. I use it pretty much on a daily basis. I’ve actually made all my contacts switch over from Skype.
# 12:08 
beko[m] Great, missing </section> in post-kinds widget got fixed 👍️
# 12:08 
GWG Yes.
# 12:08 
beko[m] GWG++
# 12:08 
Loqi GWG has 83 karma in this channel over the last year (147 in all channels)
[mrkrndvs] joined the channel
# 12:35 
[mrkrndvs] I have been a bit quiet of late and decided to scratch an itch. However, I tried to login and it is not picking up my rel=me link in Twitter for https://readwriterespond.com. has there been a recent change to Twitter that has caused this?
# 12:42 
[mrkrndvs] I currently have https://collect.readwriterespond.com associated with the link field in both Twitter and Github
# 12:56 
[jgmac1106] Yes, use GitHub
# 12:57 
[jgmac1106] Or alternatively you can turn on the option to use your WordPress credentials with IndieAuth... I think... GWG will know more
# 13:05 
GWG I am not sure re Twitter, but the second statement is correct
# 13:14 
[mrkrndvs] Thank you jgmac1106 and gwg. I will investigate further.
bradenslen, [Lewis_Cowles], dougbeal|mb1, [jgmac1106], [tonz], gRegorLove, [schmarty], t-mo, [KevinMarks], [grantcodes], [snarfed] and [tantek] joined the channel