Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
mathstodon.xyz is one of the many independent Mastodon servers you can use to participate in the fediverse.
A Mastodon instance for maths people. We have LaTeX rendering in the web interface!

Administered by:

Server stats:

2.8K
active users

mathstodon.xyz: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

#httpsignatures

0 posts0 participants0 posts today
洪 民憙 (Hong Minhee) 🤏🏼<p>When an <a href="https://todon.eu/tags/ActivityPub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ActivityPub</span></a> server implements authorized fetch (aka secure mode), how does it associate the keyId in an HTTP request with the actual actor? I know major implementations (like Mastodon) use a fragment appended to the actor IRI as a keyId, but in theory a keyId could be any IRI that seems unrelated to the actor IRI, right? Should I maintain a table of actor–keyIds somewhere in the server?</p><p><a href="https://todon.eu/tags/fedidev" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fedidev</span></a> <a href="https://todon.eu/tags/httpsignatures" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>httpsignatures</span></a> <a href="https://todon.eu/tags/authorizedfetch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authorizedfetch</span></a></p>
洪 民憙 (Hong Minhee) 🤏🏼<p>This document, edited by <span class="h-card" translate="no"><a href="https://fed.brid.gy/r/https://snarfed.org/" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>snarfed.org</span></a></span>, is really helpful for implementing <a href="https://todon.eu/tags/Fedify" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fedify</span></a> in practice.</p><p><a href="https://swicg.github.io/activitypub-http-signature/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">swicg.github.io/activitypub-ht</span><span class="invisible">tp-signature/</span></a></p><p><a href="https://todon.eu/tags/fedidev" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fedidev</span></a> <a href="https://todon.eu/tags/ActivityPub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ActivityPub</span></a> <a href="https://todon.eu/tags/httpsignatures" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>httpsignatures</span></a></p>
spla :senyera: :vim:<p>Si no ho he entés malament, si vols que un servidor <a href="https://mastodont.cat/tags/Mastodon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Mastodon</span></a> et faci cas quan li envies una activitat <a href="https://mastodont.cat/tags/Activitypub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Activitypub</span></a>, per exemple "Follow", et cal signar amb la clau privada del usuari emissor, xifrada amb el hash SHA256, l'activitat en format json que li envies. <br>Si el servidor Mastodon receptor no rep la signatura vàlida en els "headers", no fa ni cas.<br><a href="https://mastodont.cat/tags/HTTPSignatures" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HTTPSignatures</span></a></p>
@reiver ⊼ (Charles) :batman:<p>I hate this requirement of having to sign the HTTP request to see the Activity-JSON for ActivityPub actor.</p><p>I hate it so much.</p><p>...</p><p>It makes it so I cannot do a simple "curl" command to get an ActivityPub actor's activity-JSON.</p><p><a href="https://mastodon.social/tags/ActivityPub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ActivityPub</span></a> <a href="https://mastodon.social/tags/ActivityStreams" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ActivityStreams</span></a> <a href="https://mastodon.social/tags/Fediverse" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fediverse</span></a> <a href="https://mastodon.social/tags/HTTPSignatures" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HTTPSignatures</span></a> <a href="https://mastodon.social/tags/Mastodon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Mastodon</span></a></p>
Helge<p>I think, I've discovered another strange behavior of Mastodon. When Lemmy announces a post, It creates an Announce with a Create with an Note. It appears that Mastodon then fetches the Create with a signed HTTP get and then fetches the Note without the signature. I'm not 100% sure if that's all the 401 showing up in my log file, but it seems likely to be the case.</p> <p>If anyone has a test setup, where they can verify this behavior, feel free to check and then report it.</p> <p>I'm not confident in my conclusions, as I have no idea how I would go about implementing it.</p>
Kingsley Uyi Idehen<p><span class="h-card"><a href="https://mymath.rocks/endpoints/SYn3cl_N4HAPfPHgo2x37XunLEmhV9LnxCggcYwyec0" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>helge</span></a></span>,</p><p>Is <a href="https://github.com/HelgeKrueger/bovine/blob/main/docs/client_to_server_activitypub.md#this" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/HelgeKrueger/bovine</span><span class="invisible">/blob/main/docs/client_to_server_activitypub.md#this</span></a> your Client built to work with a generic <a href="https://mastodon.social/tags/ActivityPub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ActivityPub</span></a> server? </p><p>I am interested in clients that want to work with our backend. </p><p>Note, <a href="https://mastodon.social/tags/DBMS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DBMS</span></a> and Authentication matters are none issues since our servers implement most of these protocols (including the likes of <a href="https://mastodon.social/tags/HTTPSignatures" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HTTPSignatures</span></a> etc). </p><p>/cc <span class="h-card"><a href="https://social.gabekangas.com/users/gabek" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>gabek</span></a></span> <span class="h-card"><a href="https://flipboard.social/@mike" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>mike</span></a></span> <span class="h-card"><a href="https://mastodon.social/@atomicpoet" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>atomicpoet</span></a></span> <span class="h-card"><a href="https://mastodon.social/@davew" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>davew</span></a></span> <span class="h-card"><a href="https://mastodon.social/@judell" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>judell</span></a></span> <span class="h-card"><a href="https://mastodon.social/@Mastodon" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Mastodon</span></a></span> <span class="h-card"><a href="https://social.coop/@smallcircles" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>smallcircles</span></a></span></p>
Raphael Luckom<p>Notes so far on <a href="https://indieweb.social/tags/Mastodon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Mastodon</span></a>'s <a href="https://indieweb.social/tags/ActivityPub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ActivityPub</span></a> implementation, covering basics on <a href="https://indieweb.social/tags/WebFinger" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WebFinger</span></a>, <a href="https://indieweb.social/tags/HTTPSignatures" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HTTPSignatures</span></a>, <a href="https://indieweb.social/tags/JSONLD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>JSONLD</span></a> signatures, and <a href="https://indieweb.social/tags/ActivityStream" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ActivityStream</span></a> vocab. Pretty much a loosely-organized collection of links to useful specs and implementations for understanding how Mastodon specifically does things.</p><p><a href="https://raphaelluckom.com/posts/Things%20I%27ve%20learned%20about%20ActivityPub%20so%20far.html" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">raphaelluckom.com/posts/Things</span><span class="invisible">%20I%27ve%20learned%20about%20ActivityPub%20so%20far.html</span></a></p>
naturzukunft<p>Just found this how to. I think that is very well explained! Thanks for that! It's to earley for <a href="https://mastodon.social/tags/rdfpub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>rdfpub</span></a>, but I'm looking forward to it.</p><p><a href="https://youtu.be/Cu51fHkmkkA" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="">youtu.be/Cu51fHkmkkA</span><span class="invisible"></span></a></p><p><a href="https://mastodon.social/tags/activitypub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>activitypub</span></a> <a href="https://mastodon.social/tags/httpsignatures" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>httpsignatures</span></a></p>
SearchLive feeds
About