Fedify, an ActivityPub framework, has finally released its first stable version, 1.0.0! Here are key changes:

Deprecation of the term handle

From this version, the term handle across Fedify will only be used to refer to fediverse handles (e.g., @hongminhee@fosstodon.org). An actor's internal unique ID (e.g., b379dbdc-3b4f-4ef4-88c2-fc25632d1c22) is referred to as an identifier, and the WebFinger name (e.g., hongminhee) is referred to as a username.

The term handle in the API will be maintained for a while for backward compatibility, but deprecation warnings will be logged, and it is planned to be removed in the future.

For more details, please refer to the related documentation.

Linked Data Signatures

Linked Data Signatures is an outdated standard, but it's still relied upon by major fediverse implementations such as Mastodon.

In addition to HTTP Signatures and Object Integrity Proofs, Fedify now supports Linked Data Signatures from this version, thus supporting all types of signature methods used in the fediverse. This makes Fedify an ActivityPub implementation with the best interoperability.

However, Fedify users don't need to do anything special to use Linked Data Signatures. If an incoming activity has Linked Data Signatures, it automatically verifies the signature, and all outgoing activities will have signatures in three formats: HTTP Signatures, Linked Data Signatures, and Object Integrity Proofs.

For more details, please refer to the related documentation.

Activity forwarding

From this version, you can forward activities received in the inbox to other actors using the InboxContext.forwardActivity() method.

At first glance, you might think that you could just resend an activity received in the inbox using the Context.sendActivity() method. However, if you do this, the original signature is removed before the activity is delivered to the inbox, and when sending it, the signature of the forwarding actor is attached instead, causing the receiving side of the forwarded activity to not trust it.

On the other hand, when using the InboxContext.forwardActivity() method, the activity is forwarded with the original signature preserved, avoiding this problem. (Of course, the original activity itself must be signed with Linked Data Signatures or Object Integrity Proofs.)

For more details, please refer to the related documentation.

Sending Delete(Application) on fedify inbox termination

From this version, fedify inbox will send a Delete(Application) activity to all peer servers it encountered when terminated. This is typically an activity sent when deleting an account, which will help prevent residual data related to temporary actors from remaining on other servers.

PostgreSQL drivers

The @fedify/postgres package, which implements PostgreSQL drivers for the KvStore and MessageQueue interfaces, has been released alongside this version.

The PostgreSQL driver is a backend that can be sufficiently used in production, especially recommended for projects already using PostgreSQL.

Additionally, an option to select the PostgreSQL driver has been added to the fedify init command.

Celebrating Fedify 1.0.0

With the release of version 1.0.0, Fedify will now maintain API backward compatibility as much as possible. (Of course, in the long term, there may be a 2.0.0 that breaks backward compatibility.) This should be good news for those who have been hesitant to use Fedify because there hasn't been a stable version until now!

So, hoping that more services will support ActivityPub in the future, I conclude this post!

#Fedify #ActivityPub #fedidev