Human Web CollectiveFor people interested in # ActivityPub # C2S (client to server), the # GoActivityPub services have gained the ability to dynamically register ...
submitted by
mariusFor people interested in #ActivityPub #C2S (client to server), the #GoActivityPub services have gained the ability to dynamically register OAuth2 clients based on RFC7591.
The easiest to test is the ONI project that can be directly run without much setup: git.sr.ht/~mariusor/oni
I’d generally discourage RFC7591 in decentralized systems due to the fact that it creates client sprawl (this is currently a problem with Mastodon’s client registration mechanism, which is why we created CIMDs) — every client in RFC7591 is a distinct client, with its own
client_idandclient_secret, which can make client management interfaces difficult to implement (e.g., every time you login on a mobile device or SPA, you’ll get a brand newclient_id). CIMDs solve this by anchoring client metadata to a URI, and using that URI as theclient_id.If you need to test clients using CIMDs in development, there is cimd-service however, it’s currently targeting the AT Protocol ecosystem (so has a few specifics that at present there that would not necessarily make sense of ActivityPub)
@mariusor nice!
@mariusor did you implement the oauth metadata endpoint also? Can clients discover the registration endpoint easily?
@evan yes, yes, of course. :D They go hand in hand...
I remember seeing on the SWICG mailing list a comment where this mechanism is no longer considered secure, but I don't recall the details.
@mariusor yeah, it might be a good idea to think about CIMD. It uses the same schema of properties as dynamic registration, but you fetch them at authorization time instead. I implemented both in onepage.pub and it was pretty straightforward.
client.dev/
@mariusor are you coming to FOSDEM? I think we should have an ActivityPub API hackday.
@evan as of now I don't plan to come.
But I have no other obligations for February, maybe a last minute change of heart. :D
@mariusor let me ask, what are your opinions on beer?
@evan I lived in Burssels for some many years, you won't tempt me with beer. 😈
@evan yes, this is the one, I realized I already added it to my ticket list: todo.sr.ht/~mariusor/go-activi
@mariusor this is great, I'm looking forward to testing this 🔥
When you do, feel free to ping me with questions (here or on the mailing list).