I made my way to Rovaniemi too.
Week 49, 2021
Map
Trying to prevent humidifier lung. Didn’t realize that I might be causing problems by not cleaning my humidifier often enough.
IndieAuth for WordPress 4.2.0 Released
Decided to dive into the unknown with the IndieAuth spec. The WordPress plugin now supports the latest in the standard, some of which has been merged, and some of which is pending merge. This will be visible if you visit the spec repo, but has not been deployed to the spec page yet.
The first change is the introduction of the metadata endpoint. This means that instead of a Link header for every endpoint, there is one endpoint that has parameters for all the other endpoints. This means even if an extension like Ticket Auth(which requires another endpoint) is optional, it won’t require another header.
This is something we have in Micropub, where the media endpoint does not have its own link header(although there is a proposal to change that). But it does mean you have to make two requests(caching aside) instead of one in discovery.
The metadata endpoint also provides some configuration information on what the endpoints support, such as which scopes, which can be useful.
The introspection endpoint, introduced in 4.1.0, as a result, is no longer sharing a URL with the token endpoint. The side effect of needing to implement proof of concept….as the introspection proposal has yet to be merged. Until it is, it is considered experimental.
The new revocation endpoint allows this feature to be separated from the token endpoint as well. The old method still works for the foreseeable future.
The final endpoint added, the userinfo endpoint, is just a way of getting a refreshed version of the profile info returned when you make the initial request. This also being experimental till merged.
All of this, as well as some minor tweaks and optimizations, works, and is fully backward compatible. At some point in the future, when adoption changes, will be looking to deprecate older methods.
All of this is a step along the way of making IndieAuth not so much a separate protocol, but what it is described as….an identity layer on top of OAuth 2.0(or increasingly on top of the proposed OAuth 2.1), with the changes meaning less custom code.
Well, the IndieWeb folks and the standards folks like more complex solutions (not saying they are bad) to a lot of the simple things that were working then and you lose some of the charm https://indieweb.org/Webmention
How is webmention more complicated vs trackback? It just adds verification? Trackback lacked any spam control.
I don’t know. I get lost in a lot of those specs. I made a point to say it wasn’t bad
Send webmention, make POST request with parameters source and target. Receive webmention, verify source links to target and decide how to display. Specs often make things sound more technical than they are.