Aaron Parecki

Julien Deswaef https://mastodon.social/@xuv • Jul 7
@aaronpk for some reason, this post does not federate well with all Mastodon instances. I'm trying to boost it from another account elsewhere, but I can't seem to see it. Any clue?

by any chance, are you trying to paste that post's URL into the search box on other Mastodon instances?

Portland, Oregon • 74°F

2 replies

Sat, Jul 7, 2018 1:52pm -07:00
If you’re familiar with OAuth, this introduction to IndieAuth walks through the process of how auth for the open web works. Really happy that Micro.blog supports this now.
→ 2018/07/07 3:41 pm

Portland, Oregon • 74°F

permalink (liked on Sat, Jul 7, 2018 1:45pm -07:00)
Julien Deswaef https://mastodon.social/@xuv • Jul 7
@aaronpk for some reason, this post does not federate well with all Mastodon instances. I'm trying to boost it from another account elsewhere, but I can't seem to see it. Any clue?

hm, I've been incrementally implementing ActivityPub, doing as little as possible each time. I don't think I've tried what you're doing yet, trying to find my post from an instance that is not already following me. I'm not actually sure what I need to implement to make that work though! Any ideas?

Portland, Oregon • 74°F

Sat, Jul 7, 2018 1:44pm -07:00
Jonathan LaCour https://cleverdevil.io/profile/cleverdevil

Working on on Indiepaper has been a fun project. It's involved writing Python, Swift, HTML, CSS, and JavaScript, and using @awscloud Lambda, S3, and CloudFront. #polyglot

Portland, Oregon • 74°F

Sat, Jul 7, 2018 8:36pm +00:00 (liked on Sat, Jul 7, 2018 1:38pm -07:00) #polyglot
https://github.com/cleverdevil/indiepaper

Look for mf2 first, use Mercury as a fallback

If the page has mf2, that is likely to be much better data than what Mercury finds. Indiepaper should first check if it finds an article via mf2, and if it doesn't, then can use Mercury to extract what it can.
continue reading...

Sat, Jul 7, 2018 1:30pm -07:00
Eugen https://mastodon.social/@Gargron • Jul 7
IndieAuth sounds interesting as a more generic way for federated applications to allow app registrations https://indieauth.spec.indieweb.org/
The question is how do we adapt this after our current, extremely similar but somewhat different system has been in production use for around 2 years #mastodev

The existing Mastodon API uses OAuth 2, right? Seems like you'd be able to add this on top and still also support the existing behavior without any changes. You'd get the benefit of auto discovery and global client IDs. Maybe we should chat about this at the next w3c call?

Portland, Oregon, USA • 74°F

1 like 1 repost

Sat, Jul 7, 2018 1:29pm -07:00
Jonathan LaCour https://cleverdevil.io/profile/cleverdevil

I added experimental support for IndieAuth in Indiepaper today. Test it out here – https://www.indiepaper.io/indieauth.html. Once authenticated, you get an automatically generated bookmarklet and a button to click for automatically configuring Indiepaper for macOS.

Portland, Oregon • 74°F

Sat, Jul 7, 2018 8:11pm +00:00 (liked on Sat, Jul 7, 2018 1:17pm -07:00)
Eugen https://mastodon.social/@Gargron

Thoughts: The requirement of apps to have a publicly accessible website conforming to the IndieAuth API might be a limiting factor
On the other hand, globally unique identifiable apps is a huge benefit in terms of admins being able to restrict app access. I.e., currently every user can revoke app access to their account, but server admins cannot say "I don't want the cross-poster to work with my server" because there is no such thing as *the* cross-poster

Portland, Oregon • 74°F

Sat, Jul 7, 2018 8:06pm +00:00 (liked on Sat, Jul 7, 2018 1:11pm -07:00)
Eugen https://mastodon.social/@Gargron

IndieAuth sounds interesting as a more generic way for federated applications to allow app registrations https://indieauth.spec.indieweb.org/
The question is how do we adapt this after our current, extremely similar but somewhat different system has been in production use for around 2 years #mastodev

Portland, Oregon • 74°F

Sat, Jul 7, 2018 8:00pm +00:00 (liked on Sat, Jul 7, 2018 1:11pm -07:00)
virtualice https://octodon.social/@CobaltVelvet

@gargron isn't it great though
i mean the whole thing of registering apps has mostly been justified by commercial restrictions and a pain in the ass for developers and users

Portland, Oregon • 74°F

Sat, Jul 7, 2018 8:09pm +00:00 (liked on Sat, Jul 7, 2018 1:10pm -07:00)
IndieWeb Summit 2018 Recap (boffosocko.com)

Sat, Jul 7, 2018 1:03pm -07:00 #indieweb #indiewebsummit
Sven Knebel https://www.svenknebel.de/ • Jul 7
Careful though if anything on there is supposed to send e-mail: .xyz is among the TLDs that are very strong spam-indicators.

j/k, I already forgot the domain I registered. It's actually p3k.app!

Portland, Oregon • 74°F

Sat, Jul 7, 2018 1:02pm -07:00
Tantek Çelik http://tantek.com/ • Jun 26

Support fallback to RelMeAuth for websites missing authorization endpoint

Unfortunately this won't really work.

Even if you could sign in to Aperture, you still wouldn't be able to use any of the reader apps. The reader apps expect to be able to get an access token in order to make authenticated requests to Aperture. Getting an access token requires having an authorization endpoint and token endpoint.

If I allowed people to log in to Aperture without fully setting up IndieAuth, it would just be confusing because then they'd get an error trying to sign in to any apps. I think it's better to not mislead people at that stage, and require that they set up IndieAuth before being able to sign in to Aperture.

Portland, Oregon, USA • 73°F

Sat, Jul 7, 2018 12:08pm -07:00
154.1lbs
Weight

18.4%
Body Fat

Portland, Oregon

Sat, Jul 7, 2018 10:52am -07:00
Josh Pollock https://JoshPress.net • Jul 7
Wow, really interesting.

Is this plugin on Github? https://wordpress.org/plugins/indieauth/

Yep! https://github.com/indieweb/wordpress-indieauth

That's annoying that wordpress.org doesn't have a link to the GitHub source.

Portland, Oregon • 72°F

2 likes 1 repost 3 replies

Sat, Jul 7, 2018 9:47am -07:00
Kyle B. Johnson http://kylebjohnson.me • Jul 7
Link? (On the road, but want to put a pin in this)

Alright, I finished my post explaining the details of this! Have a look ➡️ https://aaronparecki.com/2018/07/07/7/oauth-for-the-open-web

Portland, Oregon, USA • 72°F

10 likes 4 reposts 5 replies 1 mention

Sat, Jul 7, 2018 9:42am -07:00
OAuth for the Open Web

A little about the challenges of using #OAuth2 in a distributed setting for WordPress, GitLab, Mastodon, and more. Spoiler: it's not all bad news. Let's make this happen!

https://aaronparecki.com/2018/07/07/7/oauth-for-the-open-web

Portland, Oregon, USA • 72°F

61 likes 31 reposts 6 replies 2 mentions

Sat, Jul 7, 2018 9:41am -07:00 #oauth2
OAuth for the Open Web

OAuth has become the de facto standard for authorization and authentication on the web. Nearly every company with an API used by third party developers has implemented OAuth to enable people to build apps on top of it.
continue reading...

Sat, Jul 7, 2018 9:30am -07:00 #indieauth #oauth #oauth2 #indieweb
Daniel Goldsmith https://ascraeus.org/ • Jul 7

Being the change isn’t enough

fwiw, I registered ~~p3k.xyz~~ p3k.app and I'm planning on eventually moving all my p3k.io subdomains over to it. From a practical perspective, it will take a while, but it's something.

Portland, Oregon • 70°F

2 likes 2 replies

Sat, Jul 7, 2018 9:05am -07:00
10:25pm
Asleep

6:10am
Awake

7h 45m
Slept

23m
Awake for

Portland, Oregon, USA

Sat, Jul 7, 2018 6:10am -07:00

older

Aaron Parecki

Look for mf2 first, use Mercury as a fallback

Support fallback to RelMeAuth for websites missing authorization endpoint

OAuth for the Open Web

Being the change isn’t enough