Johan Bové

Trying to obtain an Access Token for IndiePub with IndieAuth to be used in IFTTT requests so I can link other Web Services with my site.

I was able before to get a token using https://gimme-a-token.5eb.nl/, and the integration with Pocket, Deezer and others worked, but I revoked all access tokens and today it no longer works to create a new token on my Known instance running version 1.2.2.

This post is about trying to solve this issue.

Got the endpoints of my server using:
https://indieweb-endpoints.cc/search?url=https%3A%2F%2Fsocial.johanbove.info

After entering all the fields in "Gimme A Token" and going through the process to get the access token, I end up on https://social.johanbove.info/indieauth/token with the message "Client mismatch". And I'm not sure where to go next.

What is causing this "client mismatch"? Did Known get safer or is "gimme-a-token" broken?

Going to reach out to Seb and Marcus in the next days.

Found that Greg had a similar issue with Monocle some months ago: https://gist.github.com/jgmac1106/3d4df34f99f9a2bd34d47262f26bf508

Update 2020-06-29 19:00

So I can rule out that "Gimme-A-Token" is broken.

Thanks to the greate people on the #knownchat IRC channel (thanks Aaron, Greg and sknebel) I have a pointer towards htaccess and http/https redirecting. Looking into that now.

Update 2020-06-29 23:20

It seems that for a correct IndieAuth authentication, I had to add a hard-coded "me" url in the head of the Known head.tpl.php file so the Known homepage would always have this link:

<!-- Hardcoded me url -->
<link href="https://social.johanbove.info" rel="me" class="u-url">

This resolved the https://monocle.p3k.io site error message and I can log in in one flow without having to retry.

But unfortunately I'm still getting "Client mismatch" errors with "Gimme a token" most of the time. I did manage to get once an actual token which I can now use again for IFTTT PESOS syndication.

Testing if deleting a webmention works in Known.

The result of the quick test was successful:

Successful Tests
The mentions below have successfully passed the test! If you visit any of the links below, you should see an indication that the post was deleted.
    No Name
    Comment text not found
    https://social.johanbove.info/2019/11/05/testing-webmentions-in-known-and-deleting-a
    The post did not provide a URL, using source instead

The Status as sent by the Known CMS:

Request URL: https://social.johanbove.info/2019/11/05/testing-webmentions-in-known-and-deleting-a
Request method:GET
Remote address: ...
Status code: 410 Gone
Version:HTTP/2.0
Referrer Policy:no-referrer-when-downgrade

The Test

How to test is explained on this webmention.rocks test: https://webmention.rocks/delete/1

This test verifies that you properly send Webmentions when you delete a post. You will pass this test when you send a Webmention to a URL that you had previously mentioned in a post.

1. Write a post that links to this page, and send Webmentions for your post.
2. Verify you see your post as "pending" on this page.
3. Delete your post, and ensure that the post's URL is now returning HTTP 410 (or a meta http-equiv 410 status).
4. Send a Webmention to this page again.

You should see your post listed here in the green "Successful Tests" section when complete.

Resources

• https://indieweb.org/meta_http-equiv_status
• https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/410

In response to jgmac1106 on #knownchat:

My plugin-updating process is currently like this:

1. Create a fork of the Github idno project
2. Checkout the code from the repo
3. Fire up Beyond Compare and start a folder compare session
4. Synchronize the plugin folder from local to remote

Of course it should be possible that you clone the Github plugin code through git clone and then do a git pull upstream to get the latest from the original master.

You should then be able to also run a composer update command to make sure you're getting the latest "vendor" dependencies too.

My current Known .htaccess Content-Security-Policy is full of #IndieWeb tool urls.

<IfModule mod_headers.c>
Header set Content-Security-Policy: "default-src 'self'; frame-ancestors 'self' https://www.youtube-nocookie.com https://player.vimeo.com; base-uri 'self'; form-action 'self' https://www.brid.gy https://indieauth.com/ https://monocle.p3k.io/ https://aperture.p3k.io https://indigenous.abode.pub https://alltogethernow.io https://quill.p3k.io; script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https: data:; media-src *; worker-src 'self' https; font-src *; connect-src 'self'; frame-src 'self' https://www.youtube-nocookie.com https://player.vimeo.com;
    Header set X-Content-Security-Policy: "default-src 'self'; frame-ancestors 'self' https://www.youtube-nocookie.com https://player.vimeo.com; base-uri 'self'; form-action 'self' https://www.brid.gy https://indieauth.com/ https://monocle.p3k.io/ https://aperture.p3k.io https://indigenous.abode.pub https://alltogethernow.io https://quill.p3k.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https: data:; media-src *; worker-src 'self' https; font-src *; connect-src 'self'; frame-src 'self' https://www.youtube-nocookie.com https://player.vimeo.com;
    Header set X-WebKit-CSP: "default-src 'self'; frame-ancestors 'self' https://www.youtube-nocookie.com https://player.vimeo.com; base-uri 'self'; form-action 'self' https://www.brid.gy https://indieauth.com/ https://monocle.p3k.io/ https://aperture.p3k.io https://indigenous.abode.pub https://alltogethernow.io https://quill.p3k.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https: data:; media-src https:; worker-src 'self' https; font-src *; connect-src 'self'; frame-src 'self' https://www.youtube-nocookie.com https://player.vimeo.com;
</IfModule>

Regarding the Status plugin:

Just like Twitter does within pinning a status to a profile, a specific Status can be pinned to appear at the top of the list.

Would this be done within this plugin or would this have to be added to the Known core project?

My current mod_rewrite code in the Known .htaccess file:

    RewriteEngine On

   RewriteCond %{HTTPS} !=on
    RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
    RewriteRule ^ %{ENV:PROTO}://%1%{REQUEST_URI} [R=301,L]

As of today this is the #Lighthouse Audit test result for "Desktop" (no throttling), with an authenticated session:

• Performance: 100
• Accessibility: 70
• Best Practices: 79
• SEO: 100

Next priority is to improve the score for "Accessibility".

1. Image elements do not have alt attribute
2. Form elements do not have associated labels
3. Links do not have a discernible name

The "Best Practices" fixes will then be next:

1. Does not use passive listeners to improve scrolling performance
2. Links to cross-origin destinations are unsafe
3. Includes front-end JavaScript libraries with known security vulnerabilities

The "known security vulnerabilities" is a tricky one as it requires updating the outdated Bootstrap version. 

#plans #known

These are some questions I have about my Known server instance.

Q1. Redis Support?

My web host supports Redis. Anyone know if there is a plugin for Known which activates Redis cache? Does it make sense to activate Redis for a single-user Known site?

Q2. AsynchronousQueue on a shared web host without sudo access?

Also, I'm on a shared web host where I have access to a limited SSH access, without sudo; how can I set up Known cron for the AsynchronousQueue event queue?

Q3. Which PHP 7.3 Extensions should be active?

Which PHP (7.3) extensions should be active for a Known server instance? See my list here in the screenshot below:

Q4. RESOLVED - How can I get the Twitter POSSE plugin working? 

I currently need to manually mention the https://brid.gy publish webmention endpoints to repost my posts and status updates. The Twitter plugin by Known doesn't work on my server. Suspecting an outdated dependency on the tmhOAuh PHP library. Would be awesome if I can get that to work.

Resolution: update the tmhOAuth plugin and cacert.pem certificate.

Q5. Tagging with Known input forms is missing the dedicated tags field

Check why.

To be continued...

How knowing the number of #Twitter followers I have makes me want to use it less

I seem to have been hovering around 404 followers for a couple of months now. Some tweets bring me a couple of new ones, other tweets seems to scare away followers. Not sure how to interpret that.

Following people based upon a single Tweet is a mistake and a sure-fire hit to get disappointed later. When I see someone posting something interesting or funny, I don't immediately decide to follow them. I always have a look at their timeline to see the general tone and topics they post about. There is hardly anyone who consistently posts interesting stuff. (There are some really clever people out there, so there are exceptions)

Anyway, I'm not using "social media" to post curated and carefully picked words to please every follower; I share it because I care about the content and/or the author and believe the message important enough to be passed along or promoted.

Some time ago somebody shared the thought that Twitter should offer an option to hide the follower and other counters from the User Interfaces. I agree that this option would actually benefit new joiners to not really know just how little followers they have.

I can understand that the number of followers, retweets and likes are easy to messure metrics to analyse the reach and the impact Twitter users have. But to most, I believe that knowing these numbers will actually demotivate and push those users away from the platform entirely.

That's one of the main reasons why I am totally for taking back control over your online presence and about hosting your own "social website". And thanks to the Known CMS project I could create a pretty neat social media hub within a limited amount of time and effort. It's all open source and currently maintained by Marcus Povey.

He's doing a lot of excellent work on the Known platform and posts about his ideas and implementations.

So I degressed from my original topic; I'll share more insights in how to set up your own Known site in a future post. It wasn't super-easy to set up the site, WordPress is a lot easier to start with, but Known was developed with the ideas of the Indieweb movement in mind.

So thanks to the IndieWeb, Twitter is not my main social media platform any longer. I own my content here and will continue to decide for myself what will be shared on that silo and what stays on my private social media Indieweb site.

We need the IndieWeb, so we can take back our online presence and feel back in control over social posting.

ps. I used Mastodon for a while, but couldn't get the feel right and didn't really enjoy using it. Having to decide on one or maintain multiple Mastodon instances, and set up in a way multiple social media accounts, was too much of a hassle. And unless your hosting your own Mastodon site, it's not really the #Indieweb :-)