We had 11 sessions, each one happened in their own time slot. That's a bit unorthodox for an IndieWebCamp but it allowed some of the sessions to spread out and have completely different people at some than others based on interest and timezones (yes, timezones are hard). Interestingly the sessions ended up in three groups, 4 "Friday" sessions, 3 late-night Wordpress sessions and 4 "Saturday" sessions. Although due to timzones those days are a bit blurry.
I really enjoyed all the sessions. A couple that really stood out were the AutoAuth and Groups sessions. In fact, inspired by the AutoAuth session, that's what my Create Day project was on! For Day 2 of the camp, I worked on adding AutoAuth to my site. AutoAuth is a proposed extension to the IndieAuth specification that allows IndieAuth to happen between software without the active intervention of the site owners. The goal of AutoAuth is to allow access control to posts like how Facebook allows you to make a post with only specific users able to see it or how Twitter allows you to have a private account.
First I was able to add the right scopes to my authorization endpoint
which I defined as "Allow a third party application to request the ability to read other people's content". It can probably be improved but essentially it allows my Social Reader to grab private posts on my behalf so that I can read them in my app.
I also implemented protected posts on my website and did some testing. I added two people to the "access list" (which I call audience) of a private test post. I then tested visiting that page as an unidentified user, as me, as a person on the access list and as a person I know is NOT on the access list. It worked correctly, for an unidentified user, it presents the correct HTTP headers for AutoAuth so a reader knows there is content there if people are identified. However the page itself doesn't say anything about the existence of a post to an unidentified user or a user that is not on the access list.
It's kind of a strange error message from when I had a static site that had to rebuild. I need to adapt that, but the key is it works! Then when either I or a person on the access list visits the url, you get a different page completely!
Surprise! There is a post there! In the future, I could even do things like restrict the location of the post to people that I know or other similar things. AutoAuth opens up the doorway to a whole interesting world of semi-private information.
I am not actually finished with the project, I have some more stuff I need to finish as far as how my site communicates with other people's sites to verify the person is who they say they are, etc. But it's an exciting start and sometimes starting is the hardest part!
I'm hoping to get this work wrapped up in the next week so I can start testing it. Plus, if I get it working and start creating private posts for people on the IndieWeb, it might encourage them to start adding AutoAuth to their projects as well!
It was great getting to meet some different people in the D.C. area interested in owning their presence on the internet, as well as finally meeting some of my friends from the IndieWeb Chat, that I hadn't met in person yet: aaronpk, gRegorLove and GWG.
It was a fun experience and there were some awesome discussions that took place during the session on day one. Unfortunately, I wasn't able to make it back to Baltimore on day two, which is a "hack day" where everyone works on various projects using IndieWeb technologies. I did, however, have my own virtual "hack day" at home when I had the opportunity. So yesterday I added my own authentication and token endpoints!
All together it was a great weekend, and I'm hoping to attend another one before too long. Until then? You can find us in the IndieWeb Chat.
A couple of weeks ago I had started working on some code for an authorization endpoint, and yesterday at IndieWebCamp Baltimore 2018, I finished it! Not only that, but I also built my own token endpoint! It's great to be owning all of the parts of my website now. From logging in, to authorizing apps, creating and managing tokens and accepting micropub posts.
The authorization endpoint looks like this after you log in:
I love having the ability to change the scope of access that I'm going to allow an app to have on my site, and now that I own the whole stack, I'm looking forward to being able to customize things more like being able to set specific data attributes to any posts that come in from a specific source app.
The token endpoint isn't as exciting, but I am excited to have added the ability to revoke tokens, so in the near future I'd like to add an interface that lists all the tokens that have been provided by my endpoint and provide a button that allows me to revoke each token that is still active that I don't want active.