🦋 Welcome to the MAIN() IRC channel of the Raku Programming Language (raku.org). Log available at irclogs.raku.org/raku/live.html . If you're a beginner, you can also check out the #raku-beginner channel!
Set by lizmat on 6 September 2022.
lizmat clickbaits rakudoweekly.blog/2022/09/12/2022-...re-videos/ 10:17
jaguart a bit off topic - blogging, Wordpress vs Ghost? :) 10:29
lizmat whatever suits you best :-) 10:30
jaguart it's just the weekly CISA alerts are full of Wordpress... :o 10:31
Altreus what's Ghost written in 10:38
If it's not PHP, then probably that
jaguart Ghost is written in node - you front-end it with nginx or apache etc. I used to love it when it was markdown - these days it's visual editing etc. Regular incremental releases, free to self-host, and very easy to keep up-to-date. 12:59
tonyo jaguart: i use github static site for deathbykeystroke.com 13:01
works well and i edit in markdown/generate html with pandoc/push 13:02
jaguart I do like pandoc :) 13:12
jaguart I use Ghost for about a dozen family / friends / small businesses - they manage their own websites easily, and I just do the devops to keep the server backed up and secure. Ghost is a dream for devos - and you can easily multi-site a single installation of the software. 13:14
My personal stuff is all stuck in a historic bunch of Doku and TiddlyWiki sites that I will one-day mash together. 13:15
[Coke] tiddlywiki!! 13:22
Altreus a raku one? 13:24
[Coke] guesses no 13:25
Altreus kawaii_: make a raku blog now that you're an expert 13:26
also I thought you were getting your nick back
[Coke] ^_^
jaguart tonyo: deathbykeystroke.com++ :) 13:30
tonyo :) 13:32
tbrowder tony: are you gonna do part 2 of the detailed cro app? that whole thing should be an ebook, and charge money--i'm in!! 15:54
tonyo: ^^
tonyo tbrowder: oops, yes i totally forgot about that as i got into a nasty dispute with my former employer
jaguart I second that :) 15:55
tonyo that second part should be pretty straight forward, i think i can get to it this week 15:57
tbrowder yr first part is super! i love the oauth part--not easy to grok at all. 16:05
and the apache part i think now is a bit clearer since i saw the tls part is not a problem on the reverse proxy. 16:07
but a complete, practical, working solution is worth $$. and icing on the cake would be a good template for modern css to go with it. i'm willing to pay $$ for a non-profit website design of two page templates if anyone is interested. i can give detailed specs. [email@hidden.address] 16:13
but a complete, practical, working solution is worth $$. and icing on the cake would be a good template for modern css to go with it. i'm willing to pay $$ for a non-profit website design of two page templates if anyone is interested. i can give detailed specs. tom.browder@gmail.com.
see
tonyo i'm sure ugexe would empathize with not groking what i wrote right away 16:24
tonyo i'll take a look and see if i can simplify it 16:35
tbrowder no, i was talking about my initial reading of oauth2, not yrs. 17:14
it was difficult to understand the scenarios in the book i bought. 17:15
the online info from google was not much better, just as bad as google's other dev docs. 17:17
speaking of ugexe, i am trying to track down a failing dep in a long list of dependencies and what depends on it. i don't see any way with zef to do that except the hard way: check each dep separately. 17:20
hm, sounds like a script for raku-man, the caped avenger! 17:21
[Coke] tbrowder: when you run the zef install, it should tell you in the output what failed 17:32
[Coke] can use --dry if you want to avoid the install at the end (which would only happen if no test failures) 17:36
[Coke] rereading this from hours ago - you're after "what depends on it", not "what is failing". got it. 19:00
tonyo ohh, tbrowder, i know. i know how oauth2 works and find most of the docs about it confusing. they seem to explain how the thing works from the point of view of someone who already knows how it works 19:29
El_Che it help to manage the server e 19:46
de identiti
y
and write some apps in a few languages
El_Che to get the hang of it 19:47
El_Che but whatever the experience, it's 1000x better than the one with SAML2 19:47
Voldenet www.rfc-editor.org/rfc/rfc6749 is enough to understand oauth2 imo
El_Che well, you need to understand the different flows 19:48
and extensions like openid-connect
but for most people, it's trivial because they use a lib for their lamg or framework 19:49
lang
Voldenet it doesn't get into some pain points like tls offloading and urn:ietf:params:oauth:grant-type:jwt-bearer (i really adore the name) but otherwise it's simple to grasp imo
El_Che the own drawing meme effect? 19:50
owl
tonyo it's simple if you already know it. it's confusing for someone unfamiliar with it to try and grok a giant document that launches into telling you to request what scopes you need in the first request
El_Che damn, can't type on this laptop
Voldenet maybe so, I found it a lot easier than saml2 :)
El_Che it is 19:51
tonyo or, at least, familiar with the concepts and problem it's aiming to solve
El_Che tonyo: I agree there is a learning curve if you really need to understand it
Voldenet actually, the document has nice sequence diagrams for flows though
El_Che luckily, most devs don't have to
Voldenet the abstract is quite well-structured 19:52
tonyo the typical tribanded diagram makes it slightly more confusing because it loses the why am i doing this at this stage bit of information
agreed, mostly just empathizing with tbrowder's confusion when trying to implement something in raku
tbrowder [Coke]: yes, but it doesn't say what module is te 19:53
Voldenet also, the 50 pages doc isn't this massive
tbrowder *depending on it. the dependency list is LONG
Voldenet Ah, yes, I see what you mean 19:54
El_Che so, did someone implement oidc/oauth2 for raku/cro?
last time I checked, there was only one module tailored for google
tonyo El_Che: i have a blog post that gets you 80% of the way of there for most oauth2 implementations 19:55
tbrowder same
tonyo it would require adding some info if you wanted to auth to intuit or something similar 19:56
El_Che tonyo: wow, I'll check it out
tonyo: do you talk about oauth because it does not redirect you to an identity provider for interactive authentication? 19:57
tonyo also doesn't check secrets between requests etc 19:57
tonyo what do you mean? 19:58
El_Che oidc is the protocol for interactive authentication, e.g. the google login prompt
oauth2 is more between rest services: login the a token, validating it, request user info from a resource, etc
tonyo oh, yea for the interactive authentication 20:00
tbrowder so oidc is what should be used to login to a website? any raku/apache cookbook on that?
El_Che so oidc is for authentication, oauth2 for authorisation
Voldenet oauth2 can be used for authentication 20:01
not alone though, it needs an endpoint that returns identity
moritz also, oauth2 is used for delegating access (I have to access to X, now I want to give service Y (partial) access to X, doing business as me)
El_Che in fact is oidc an extension of oauth2, adding a JWT token (id token) and standarizing some values and practices (e.g. a well known address with all the endpoints for autoconf)
tonyo the bit moritz is said is what i did in raku, i'm mostly uninterested in authentication and web stuff in general 20:02
El_Che Voldenet: what you' re describing is oidc without standardisation :P
tonyo: my backends are until now oauth2 only, you need to have a token already to consume them. How you get that token is " not my problem" (TM) 20:03
e.g. their website/service
tbrowder i have an old website that uses private tls certs for access. i would love to replace that with something easier for my users
El_Che that said, I spend all day today playing with svelte and keycloak to write a frontend for a service 20:04
tonyo i really wish we went the cert way of identification between sites
El_Che mostly for learning
tbrowder et moi!
Voldenet El_Che: most services (all? I've never seen any that don't) can use delegated oauth2 access to somehow fetch current identity, but not all services implement oidc
El_Che cert will work if you use keycloak as a oidc/oauth2 provider
Voldenet though yes, it's sufficiently messy, I agree on that
tonyo oauth is such a pain in the ass and google is the worst. why do i need to reselect which gmail account i want to look at every time i refresh or click on the calendar app from gmail 20:05
El_Che Voldenet: I mean, you can take the short cut and only validate the token and never register your client with the Identity Provider
it's doable if the access token are very short lived
tonyo: they could store the identity and token 20:06
they probably don't for security reasons
tonyo right, but if i'm looking at my work gmail account and click the calendar, why does it show me my personal calendar and force me to reselect my work calendar. and occasionally force me to sign in to my personal email prior to selecting the work email 20:07
El_Che Voldenet: if your IdP implement oauth2 and oidc, you can do that kind of stuff easily
s
tonyo i'm just not too keen on google's services implementation, it'd be easier if i could just select my identity in the browser (use my work certificate) and then browse to the calendar 20:08
that capability has been around since at least the middle 00s 20:09
El_Che Keycloak support mtls: www.keycloak.org/server/enabletls (bottom) 20:10
I haven' t tested it
maybe I should
(and report back)
the doc for the feature is... limited :) 20:12
it looks more like an extra security layer for client
s
I killed the discusion :) 20:24
Voldenet nah, all was said 20:28
btw, re oauth2 I wish client_credentials wasn't a thing 20:30
it's very practical, but it enables disgusting and dubious practices
El_Che I don't allow it
Voldenet as nobody should ;) 20:32
El_Che it' s the devils login :)
jjido @tonyo how does OAuth 2.0 work? (with authorisation code) I am curious to see if you can make sense of it for me :-) 21:03
[Coke] wonders if our raku friends in europe have "grocery store sushi" 21:16
leont Yes, and eww
[Coke] finds if you get it fresh enough, it's... fine. 21:18
but yes, nothing like the real thing from a specialty restaurant.
tonyo jjido: not sure i'm qualified for that but the gist (at least for what tbrowder was doing) was that you're requesting access and verifying your account to a 3rd party provider so, as the user you'll be redirected to log in to that provider, that provider will match some keys that were sent with the redirect and, once you've logged in, it will redirect to an endpoint registered with that provider by 21:33
your service. at that point your service needs to exchange some information from the 3rd party's redirect for a token and voila, you've both verified the user's account and can use the token to request information about the user or perform some action acting as the user
El_Che third party can be yourself 21:34
or your org
jjido There are 3 URIs in the config: the service you are calling, the authorisation URI and the token URI 21:38
Voldenet app redirects the user to some page (and give it url where code or error should return), that user confirms on the page your app can use the auth code, then return url gets the code (or fail) with some query/post request through user's browser and uses it to get the token 21:39
jjido the service you are calling checks that the token it receives is valid, right?
Voldenet authorization uri is that "some page", token uri is the api which accepts the code and gives the token 21:40
s/uses it to get the token/app uses it to get the token/ 21:41
I'm not entirely sure what is "the service" uri 21:42
Voldenet jjido: Well the access token you receive is used to use the other app's api of some service, so it sure is validated 21:46
s/of some service/ 21:47
El_Che you have an auth endpoint where you get the token, a token endpoint where you can refresh it or check the validity of a random token, ]a user endpo 21:49
a user endpoint to get user info
then you have redirect uri where the identity provider sends you after login (these must be registered) 21:50
Voldenet ah, that's the openid part of the flow where you get userinfo 21:52
El_Che yes
but 99 of the time you don' t need it because you get the info in the access or id token 21:53
%
[Coke] tbrowder: what was the module you wanted deps on? 23:09
[Coke] github.com/coke/scripts/blob/master/zef-deps 23:32
gives, e.g.: gist.github.com/coke/5420a56d04a92...9b1a17f22f 23:34
[Coke] .tell tbrowder github.com/coke/scripts/blob/master/zef-deps gives, e.g.: gist.github.com/coke/5420a56d04a92...9b1a17f22f 23:36
tellable6 [Coke], I'll pass your message to tbrowder
[Coke] Suggestions on better formatting, whatever, appreciated. warning: there's no progress bar while it's thinking ATM 23:37
[Coke] ok, slightly noiser now so you know it's working 23:45
(also for complicated hierarchies it does nothing to simplify them, so you may get chunks of the tree repeated) 23:48

Powered by Cro and the Raku® Programming Language.

Please report any issues / comments / feature requests as an issue on App::Raku::Log.

Thank you!