honk

one honk maybe more

tedu honked back 10 Jun 2022 18:44 -0400
in reply to: https://idiomdrottning.org/objects/b4e3efd1-4bad-4b06-b49c-4b1b05791a1c

re: ActivityPub

@Sandra I'll point to my implementation, which I think is not overly complicated, even if lacking in explanation.

I think you're stuck on key lookup? The sig header specifies a key url, which the verifier must fetch. It's some json data, which for most AP users will simply be included in the user profile signature.

Refer to VerifyRequest function, and ActivityPubKeyGetter.

https://humungus.tedunangst.com/r/webs/v/tip/f/httpsig/httpsig.go

Sandra@idiomdrottnin.. honked back 11 Jun 2022 00:27 -0400
in reply to: https://honk.tedunangst.com/u/tedu/h/Rk5bgPb3dlmgG53w22

re: ActivityPub

Thank you for chiming in, @tedu!

Right, that's the exact step, but I'm stuck on the reverse direction; trying to create a post request that Lemmy's verifier will accept.

I've looked in that file before and couldn't understand it (I'm not the sharpest tool in the proverbial) but I'll take another look now that I've heard your explanation + with some of the docs people have posted.

It's signing that I'm stuck on 🤷🏻‍♀️

tedu honked back 13 Jun 2022 15:21 -0400
in reply to: https://idiomdrottning.org/objects/e9d63ede-6864-42d5-a8c2-732b2b6aa421

re: re: ActivityPub

@Sandra the main thing is just make sure the formatting and encoding is correct. Depending on language used, your collection may be too "helpful" in adding characters or padding.

One thing to check is that the remote server is at least fetching your key. If you don't see that, big trouble.