-
-
Notifications
You must be signed in to change notification settings - Fork 657
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WebFinger doesn't allow querying by actor uri #5068
Comments
this is not required. which implementations are having issues, and what are the issues? |
Iceshrimp.NET currently can't resolve pixelfed users for this reason. I'll check the spec again to be sure, I may be mistaken. |
If i'm reading the spec correctly, it specifies that URIs under |
The reason we're querying the uri via webfinger is that it's the only way to obtain information on the split-domain configuration of the remote instance (whereby the accounts are registered under |
should, not must the way you set up different web-domain and local-domain is to redirect webfinger requests from local-domain to web-domain but you already have the id of the user so you do something like this:
https://swicg.github.io/activitypub-webfinger/#reverse-discovery https://docs.joinmastodon.org/admin/config/#web_domain https://docs.gotosocial.org/en/latest/advanced/host-account-domain/ |
My point is that with the way the code is currently structured, WebFinger always comes before the AP fetch. Refactoring this would take ages & I'm sure we won't be the last implementation having issues like this. Would it be that difficult to check whether the resource being queried points to a local user? I can even send a PR if required, though my PHP is very rusty. |
webfinger shouldn't be necessary if you already have the actor id. how hard is it to just skip webfinger? something like the following pseudocode: def get_actor_document(x):
if x.startswith('https'):
actor_document = get(x, headers={'accept': 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"'})
else:
username, domain = x.split('@', 2)
jrd = get(f'https://{domain}/.well-known/webfinger?resource=acct:{username}@{domain}', headers={'accept': 'application/jrd+json'})
actor_id = filter(jrd, rel='self').href
actor_document = get(actor_id, headers={'accept': 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"'}) then you can construct the webfinger acct: uri following reverse discovery, in order to verify it |
The issue is that using this you cannot figure out the canonical domain for a split domain user, since the AP payload never tells you what it's supposed to be. You have to webfinger the URI to do this. You can't even ask the remote instance for |
It'd be a lot of work to refactor this logic on my side, and it would just be one extra check (starts with http/s) and db query on your end. Also, specifications are one thing in ActivityPub, we all know that to federate with everyone you have to implement what everyone else does, which isn't necessarily what the spec says. In this case, all the major implementations support this, so whether the spec says it's required or not, supporting it is a good idea regardless to ensure compatibility. |
you can. do reverse discovery. to be clear, this is what it looks like when you do forward discovery and then verify with reverse discovery: forward discovery
reverse discovery
this shouldn't be hard. it's what "all the major implementations" do to get your canonical webfinger address.
no, you webfinger the preferredUsername@web_domain. you shouldn't have to webfinger the https uri for an actor under any circumstances. |
I'm aware how this works, I've talked to people who co-wrote the AP spec. I can assure you that this is anything but easy to implement on our side. We'd have to refactor several hundreds of lines of code that was really annoying to get right to begin with, to support a quirk of a different piece of AP software, that diverges from what mastodon does. I'm not going to spend several days rewriting hundreds of lines of critical federation code just to federate with Pixelfed. Again, I'm happy to write a PR for this, I don't understand why you're so reluctant to make/merge this tiny compatibility change that would allow for federation with more services. |
the change isn't unwelcome, but i'm trying to point out that you are probably going to have issues in the future like this, and there's a high chance you're overcomplicating your code by doing something you shouldn't be doing. if it's "hundreds of lines" as you say, then that's almost certainly the case. |
This would be really simple on the pixelfed side:
it's maybe 3 extra lines. |
@dansup thank you so much! one tiny nitpick ( |
Heya, the Pixelfed WebFinger implementation currently doesn't appear to support querying by
?resource=https://instance.tld/users/username
. This is required for spec-compliance, and therefore federation with several other ActivityPub implementations that fail to resolve Pixelfed users without this. It'd be appreciated if you could add this!The text was updated successfully, but these errors were encountered: