Are you hanging loose during eternal Caturday?
Are you hanging loose during eternal Caturday?
Are you showing off your object work during eternal Caturday?
Are you following suggestions during eternal Caturday?
Are you compelled to make bonus content during eternal Caturday?
Come see the graduates of Advanced Improv 2 - two teams tentatively named SPIT and Side Bar - perform for YOU! Everything made up on the spot! Nothing you will see has been performed before and it ever will again!
Starting with an input from the audience each team will bring to life a series of new characters and ideas that will evolve as we revisit them throughout the show!
This is the first of six shows! Can you collect all 6?
Tickets are $5. See you at the Magnet Theater on Sunday August 7th at 7:30pm US/Eastern
Are you engaging with the latest content during eternal Caturday?
Are you peeking behind the curtain during eternal Caturday?
Are you getting good reception during eternal Caturday?
Some good points in here about alt texts and the experiences they can provide when done well, when done badly, and when done by machines (badly).
Has everything shipped as expected during eternal Caturday?
Are you feeling dainty during eternal Caturday?
Are you, uh, comfortable where you are during eternal Caturday?
Are you comfortable any old place during eternal Caturday?
One of the things I love about building with IndieWeb building blocks is that (sometimes through more work than anticipated) you can swap out pieces of your site without (much) disruption because the seams between building blocks are well specified.
So, this is me documenting how I replaced my IndieAuth setup to stop leaning on Aaron’s IndieAuth.com (which has been on the verge of retiring any day now for some years).
Please excuse this long and rambling post. Feel free to skip around!
At a high-level, IndieAuth is a way to sign in using your website as an identity.
Without digging too deeply into the plumbing, you start by updating your website’s homepage with some extra header info that says “my IndieAuth service is over there”. From there, you can sign into services that support IndieAuth (like the IndieWeb wiki, the social feed reader service Aperture, and more. And you can use your IndieAuth server to protect your own services, such as a Micropub server that can create new posts on your site.
I’ve been using indieauth.com as my IndieAuth setup since late 2016 because it was easy to set up, because it uses something called RelMeAuth to let me sign in using services I already trust (like GitHub).
However, indieauth.com has been growing stale as the IndieAuth spec has evolved. indieauth.com’s maintainer has been discussing replacing it since at least 2017.
The inciting incident for my switch was looking at OwnCast - a self-hostable video streaming service with attached chatroom. OwnCast’s chat allows using IndieAuth to sign in, which sounded great to me, but OwnCast’s implementation wasn’t expecting indieauth.com’s old-style response format.
There are a bunch of IndieAuth server implementations listed on the IndieWeb wiki. However: simplest of them (selfauth + mintoken) are now out of date with the spec and haven’t been replaced, yet. Others tend to be built into other CMSes like WordPress. A couple of standalone servers exist but are in languages I am not comfortable working in (hello Rust and Go) or have deployment requirements I wasn’t thrilled about supporting (hello Rails).
I found Taproot/IndieAuth on this page and that looked promising - a PHP library intended to be deployed within a fairly standard PHP web app style (“any PSR-7 compatible app”).
I knew this would be some work but it sounded promising and so I began the week-ish long process of actually writing and deploying that “PSR-7 compatible app” built on taproot/indieauth.
Belding is an “PSR-7 compatible” PHP web app that provides a standalone IndieAuth endpoint for a single user with a simple password form for authentication.
I would love to go into the process and pitfalls of putting it together, but instead I’ll link to the README where you can learn more about how it works, how to use it, its limitations, etc.
First up, you’ll need to update the headers on your site. I switched my authorization_endpoint
and token_endpoint
to my new server from indieauth.com. Since I’m updating to support the latest spec, I also added the indieauth-metadata
header (which should eventually replace the other two).
Now that your site is advertising the new IndieAuth server, you will likely experience logouts or weird access denied reponses everywhere that your site has been used with IndieAuth.
I needed to configure my own “relying apps” so they know to talk to the new server when checking that a request is allowed. This list thankfully wasn’t too long.
Beyond the effort of getting my server working as an indieauth.com replacement, I also took steps to try and support the latest in the IndieAuth spec. That meant updating these micropub servers to use the new “token introspection” feature which has some tighter security requirements.
(Note: I initially made the same change for my self-hosted copy of Aperture, but found it would be too many changes for me to take on at the moment. Instead, I updated by IndieAuth server to allow the older and less secure token verification method used by Aperture.)
Once all my relying apps were all talking to the new IndieAuth server, it was time to re-sign-in to all the things:
There are a lot of improvements I’d like to make to Belding, but in general I am happy that it seems to work and, outside of the time to develop the server itself, my website and the tools I use to manage it were only broken for about a day.
I think it’d also be really nice to wrap up Belding a bit so it’s easy to configure and deploy on free-and-cheap platforms like fly.io. I believe it should be easier for folks to spin up and control their own IndieWeb building blocks where possible!
It’s also become clear to me that there are some user- and developer-experience holes around setting up relying apps. The auth requirements for token introspection, for example, means you need a way to manage access for each “backend” that you have that relies on IndieAuth to protect itself!
Long story short (too late) I am finally able to sign into OwnCast server chat using my domain. 😂😅
Are you getting your reps in during eternal Caturday?
Are you putting in the effort during eternal Caturday?
Are you excited to be here during eternal Caturday?
Are you letting go of tension during eternal Caturday?
Are you social loafing during eternal Caturday?
Are you watching with anticipation during eternal Caturday?