Gregory's Server@grishka What we need is a way for the AP descriptor to say, "these are valid Webfinger strings to use for this account." There's not a way to do that in the AP standard (yet; I'm going to start working on a FEP for it).
|
5 comments
 @grishka It then does the Webfinger lookup again with that new Webfinger ID, and checks that it points to the right Actor endpoint. It then stores this webfinger ID as the right one to use for this actor from now on. @grishka So, the problem I'm seeing with threads is that its webfinger IDs are on the threads.net domain, like mosseri@threads.net. But the actor endpoints are on the www dot threads.net domain (I typed that out because threads keeps eliding out the www), so all the services are going through the dance I described above, and ending up with "corrected" Webfinger IDs like mosseri@www.threads.net. @grishka In general, we just want to use the bare domain name if at all possible, at least for the actor endpoint.  Most activitypub implementations rely on webfinger anyway and I see that threads.net's webfinger solves the problem by returning proper URI even if I mistakely request But www subdomain is desirable for cookies isolation in cases when site has multiple other subdomains for different purposes. |
@grishka The way Mastodon hacked around this, and other implementations have copied, was by taking another element of the actor, `preferredUsername`, and the domain part of the actor endpoint, and making a Webfinger id out of those two. So, in the above example, it'd make a Webfinger ID out of potus@whitehouse.example.