Skip to main content

Johan Bové

Gimme A Token "client mismatch" in Known

Figuring out why Gimme A Token is not working for my Known instance

2 min read

Trying to obtain an Access Token for IndiePub with IndieAuth to be used in IFTTT requests so I can link other Web Services with my site.

I was able before to get a token using https://gimme-a-token.5eb.nl/, and the integration with Pocket, Deezer and others worked, but I revoked all access tokens and today it no longer works to create a new token on my Known instance running version 1.2.2.

This post is about trying to solve this issue.

Got the endpoints of my server using:
https://indieweb-endpoints.cc/search?url=https%3A%2F%2Fsocial.johanbove.info

After entering all the fields in "Gimme A Token" and going through the process to get the access token, I end up on https://social.johanbove.info/indieauth/token with the message "Client mismatch". And I'm not sure where to go next.

What is causing this "client mismatch"? Did Known get safer or is "gimme-a-token" broken?

Going to reach out to Seb and Marcus in the next days.

Found that Greg had a similar issue with Monocle some months ago: https://gist.github.com/jgmac1106/3d4df34f99f9a2bd34d47262f26bf508

Update 2020-06-29 19:00

So I can rule out that "Gimme-A-Token" is broken.

Thanks to the greate people on the IRC channel (thanks Aaron, Greg and sknebel) I have a pointer towards htaccess and http/https redirecting. Looking into that now.

Update 2020-06-29 23:20

It seems that for a correct IndieAuth authentication, I had to add a hard-coded "me" url in the head of the Known head.tpl.php file so the Known homepage would always have this link:

<!-- Hardcoded me url -->
<link href="https://social.johanbove.info" rel="me" class="u-url">

This resolved the https://monocle.p3k.io site error message and I can log in in one flow without having to retry.

But unfortunately I'm still getting "Client mismatch" errors with "Gimme a token" most of the time. I did manage to get once an actual token which I can now use again for IFTTT PESOS syndication.

Johan Bové

Alltogethernow.io is starting to look really good!

1 min read

Visit https://alltogethernow.io and log in using your Web-Sign-In capable and micropub enabled site and you get a very functional, well performing and complete interface to read your aperture feeds and interact with posts and publish your own content.

Johan Bové

Webmention DELETE testing with webmention.rocks

2 min read

Testing if deleting a webmention works in Known.

The result of the quick test was successful:

Successful Tests
The mentions below have successfully passed the test! If you visit any of the links below, you should see an indication that the post was deleted.
    No Name
    Comment text not found
    https://social.johanbove.info/2019/11/05/testing-webmentions-in-known-and-deleting-a
    The post did not provide a URL, using source instead

The Status as sent by the Known CMS:

Request URL: https://social.johanbove.info/2019/11/05/testing-webmentions-in-known-and-deleting-a
Request method:GET
Remote address: ...
Status code: 410 Gone
Version:HTTP/2.0
Referrer Policy:no-referrer-when-downgrade

The Test

How to test is explained on this webmention.rocks test: https://webmention.rocks/delete/1

This test verifies that you properly send Webmentions when you delete a post. You will pass this test when you send a Webmention to a URL that you had previously mentioned in a post.

  1. Write a post that links to this page, and send Webmentions for your post.
  2. Verify you see your post as "pending" on this page.
  3. Delete your post, and ensure that the post's URL is now returning HTTP 410 (or a meta http-equiv 410 status).
  4. Send a Webmention to this page again.

You should see your post listed here in the green "Successful Tests" section when complete.

Resources

Johan Bové

My Known "Content-Security-Policy" htaccess configuration

2 min read

My current Known .htaccess Content-Security-Policy is full of tool urls.


<IfModule mod_headers.c>
Header set Content-Security-Policy: "default-src 'self'; frame-ancestors 'self' https://www.youtube-nocookie.com https://player.vimeo.com; base-uri 'self'; form-action 'self' https://www.brid.gy https://indieauth.com/ https://monocle.p3k.io/ https://aperture.p3k.io https://indigenous.abode.pub https://alltogethernow.io https://quill.p3k.io; script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https: data:; media-src *; worker-src 'self' https; font-src *; connect-src 'self'; frame-src 'self' https://www.youtube-nocookie.com https://player.vimeo.com;
    Header set X-Content-Security-Policy: "default-src 'self'; frame-ancestors 'self' https://www.youtube-nocookie.com https://player.vimeo.com; base-uri 'self'; form-action 'self' https://www.brid.gy https://indieauth.com/ https://monocle.p3k.io/ https://aperture.p3k.io https://indigenous.abode.pub https://alltogethernow.io https://quill.p3k.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https: data:; media-src *; worker-src 'self' https; font-src *; connect-src 'self'; frame-src 'self' https://www.youtube-nocookie.com https://player.vimeo.com;
    Header set X-WebKit-CSP: "default-src 'self'; frame-ancestors 'self' https://www.youtube-nocookie.com https://player.vimeo.com; base-uri 'self'; form-action 'self' https://www.brid.gy https://indieauth.com/ https://monocle.p3k.io/ https://aperture.p3k.io https://indigenous.abode.pub https://alltogethernow.io https://quill.p3k.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https: data:; media-src https:; worker-src 'self' https; font-src *; connect-src 'self'; frame-src 'self' https://www.youtube-nocookie.com https://player.vimeo.com;
</IfModule>

Johan Bové

My IndieWeb timeline

2 min read

Going to list up how I got to join the - pecha kucha style* - ish... - presentation to follow 🤞

  • 2017 - Got fed up with ad-revenue supported social media silos being commercially exploited and digitally tracked and followed.
  • 2017 / 2018 - Tested Mastodon, but getting overwhelmed by an overload of uninteresting posts and I couldn't decide which Mastodon instance to join. Also had some concerns over how the open-source project is managed. And setting up an own instance required a more expensive web host service and the setup is something I couldn't do on my, otherwise excellent, web host company Antagonist. (https://www.antagonist.nl)
  • 2018 / 2019 - Finding out about SOLID by thé Tim Berner's Lee - got involved (a little) by looking at the current source-code for the SOLID (beta) user interface and tried to fix a bug. Contributed to testing and writing some docs together with Melvin. Was a tough cookie to swallow because of lots of old code and a funky user-interface which has a bit of a learning curve. Tried my best to wrap my head around RDF and Linked-Data. Was a bit set back by academic talk on how Solid is going forward. Impressed by all the cool JavaScript demos and got to know some amazingly smart and clever people. (Melvin, Ruben, Lieven, ...) Plus the project has an important source in my birthplace Ghent, Belgium. But I am currently not following up the project so much any more... Mostly because I cannot run Node.JS servers on my web host.
  • 2019 - Found out about the IndieWeb movement in a podcast by Mozilla and decided to start using Known. Impressed by Tantek and Aaron's work. Got a lot of welcome help by Greg and other Indieweb "gurus". Was happy to see that Known was running nicely on Apache2 with PHP and MySQL, but it was a little concerning to see that Ben and the Idno project went through really tough times. Luckily Marcus is doing an excellent job in keeping the open-source Known project alive-and-kicking.

Learning about webmention, microsub and micropub and getting to try out all Aaron's and other talented developer's apps, gave me hope and motivation that this could be how the - personal - Web should continue to evolve into.

 

The Indieweb principles rock! https://indieweb.org/principles

 

* https://en.wikipedia.org/wiki/PechaKucha

Johan Bové

You can keep your metrics, Twitter

3 min read

How knowing the number of followers I have makes me want to use it less

I seem to have been hovering around 404 followers for a couple of months now. Some tweets bring me a couple of new ones, other tweets seems to scare away followers. Not sure how to interpret that.

Following people based upon a single Tweet is a mistake and a sure-fire hit to get disappointed later. When I see someone posting something interesting or funny, I don't immediately decide to follow them. I always have a look at their timeline to see the general tone and topics they post about. There is hardly anyone who consistently posts interesting stuff. (There are some really clever people out there, so there are exceptions)

Anyway, I'm not using "social media" to post curated and carefully picked words to please every follower; I share it because I care about the content and/or the author and believe the message important enough to be passed along or promoted.

Some time ago somebody shared the thought that Twitter should offer an option to hide the follower and other counters from the User Interfaces. I agree that this option would actually benefit new joiners to not really know just how little followers they have.

I can understand that the number of followers, retweets and likes are easy to messure metrics to analyse the reach and the impact Twitter users have. But to most, I believe that knowing these numbers will actually demotivate and push those users away from the platform entirely.

That's one of the main reasons why I am totally for taking back control over your online presence and about hosting your own "social website". And thanks to the Known CMS project I could create a pretty neat social media hub within a limited amount of time and effort. It's all open source and currently maintained by Marcus Povey.

He's doing a lot of excellent work on the Known platform and posts about his ideas and implementations.

So I degressed from my original topic; I'll share more insights in how to set up your own Known site in a future post. It wasn't super-easy to set up the site, WordPress is a lot easier to start with, but Known was developed with the ideas of the Indieweb movement in mind.

So thanks to the IndieWeb, Twitter is not my main social media platform any longer. I own my content here and will continue to decide for myself what will be shared on that silo and what stays on my private social media Indieweb site.

We need the IndieWeb, so we can take back our online presence and feel back in control over social posting.

ps. I used Mastodon for a while, but couldn't get the feel right and didn't really enjoy using it. Having to decide on one or maintain multiple Mastodon instances, and set up in a way multiple social media accounts, was too much of a hassle. And unless your hosting your own Mastodon site, it's not really the :-)