-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
79 additions
and
8 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -9,7 +9,7 @@ | |
| // All config options at https://respec.org/docs/ | ||
| var respecConfig = { | ||
| specStatus: "CG-DRAFT", | ||
| editors: [{ name: "Evan Prodromou", url: "https://evanp.me/" }, { name: "a", url: "https://trwnh.com" }], | ||
| editors: [{ name: "a", url: "https://trwnh.com" }, { name: "Evan Prodromou", url: "https://evanp.me/" }], | ||
| github: "swicg/activitypub-webfinger", | ||
| shortName: "apwf", | ||
| xref: "web-platform", | ||
|
|
@@ -38,11 +38,11 @@ <h2>Motivation</h2> | |
| </ul> | ||
| <p>Conventionally, people can be identified by their user@domain address, while documents can be identified by their HTTPS location.</p> | ||
| </section> | ||
| <section class="normative"> | ||
| <h2 id="discovery">Discovery</h2> | ||
| <section class="normative" id="discovery"> | ||
| <h2>Discovery</h2> | ||
| <p></p> | ||
| <section> | ||
| <h3 id="forward-discovery">Discovery of an actor document given a WebFinger address</h3> | ||
| <section id="forward-discovery"> | ||
| <h3>Forward discovery of an actor document given a WebFinger address</h3> | ||
| <p>Given a username and hostname in the form <code>user@domain</code>:</p> | ||
| <ol> | ||
| <li>Construct an <code>acct:</code> URI of the form <code>acct:user@domain</code> (as defined in [[RFC7565]])</li> | ||
|
|
@@ -80,14 +80,85 @@ <h3 id="forward-discovery">Discovery of an actor document given a WebFinger addr | |
| <p>At this point, you can parse for the <code>href</code> of the element of <code>links</code> that has a <code>rel</code> of <code>self</code> and a <code>type</code> of either <code>application/ld+json; profile="https://www.w3.org/ns/activitystreams"</code> or <code>application/activity+json</code> (depending on the implementation).</p> | ||
| <p>Due to the prevailing use of WebFinger addresses as canonical primary identifiers for users, implementations that require WebFinger for compatibility will often also deduplicate actors based on the WebFinger address. Therefore, it is generally expected that there is only one <code>self</code> link to an ActivityStreams document, in a unary relationship.</p> | ||
| </section> | ||
| <section> | ||
| <h3 id="reverse-discovery">Reverse discovery of a WebFinger address given an actor document</h3> | ||
| <section id="reverse-discovery"> | ||
| <h3>Reverse discovery of a WebFinger address given an actor document</h3> | ||
| <p>Given an actor with an <code>id</code> and a <code>preferredUsername</code>:</p> | ||
| <ol> | ||
| <li>Take the hostname of the <code>id</code> to discover the WebFinger domain</li> | ||
| <li>Combine the <code>preferredUsername</code> and the WebFinger domain in order to form a WebFinger address</li> | ||
| <li>Verify that this WebFinger address links back to the same actor when performing discovery as described in <a href="#forward-discovery"></a>. Optionally: If the <code>subject</code> contains an <code>acct:</code> URI different from the one you constructed, perform a verification discovery against that <code>acct:</code> URI instead. (In such cases, the <code>subject</code> of the JRD denotes the expected canonical identifier.)</li> | ||
| <li>Verify that this WebFinger address links back to the same actor when performing discovery as described in <a href="#forward-discovery"></a></li> | ||
| <li>Optionally: If the <code>subject</code> from the previous step contains an <code>acct:</code> URI different from the one you constructed, perform a verification discovery against that <code>acct:</code> URI afterward. (In such cases, the <code>subject</code> of the JRD denotes the expected canonical identifier.)</li> | ||
| </ol> | ||
| <p>For example, given an actor document at <code>https://activitypub.example.com/actor/1</code> like so:</p> | ||
| <pre class="json example" title="Sample actor document"> | ||
| { | ||
| "@context": "https://www.w3.org/ns/activitystreams", | ||
| "id": "https://activitypub.example.com/actor/1", | ||
| "preferredUsername": "alice" | ||
| } | ||
| </pre> | ||
| <p>The reverse discovery process would extract <code>alice</code> and <code>activitypub.example.com</code>, construct the <code>acct:</code> URI <code>acct:[email protected]</code>, then request <code>https://activitypub.example.com/.well-known/webfinger?resource=acct:[email protected]</code> like so:</p> | ||
| <pre class="http example" title="Verifying the constructed WebFinger address"> | ||
| GET /.well-known/webfinger?resource=acct:[email protected] HTTP/1.1 | ||
| Host: activitypub.example.com | ||
|
|
||
| HTTP/1.1 200 OK | ||
| Content-Type: application/jrd+json | ||
|
|
||
| { | ||
| "subject": "acct:[email protected]", | ||
| "aliases": [ | ||
| "https://example.com/@alyssa", | ||
| "https://activitypub.example.com/actors/1" | ||
| ], | ||
| "links": [ | ||
| { | ||
| "rel": "http://webfinger.net/rel/profile-page", | ||
| "type": "text/html", | ||
| "href": "https://example.com/@alyssa" | ||
| }, | ||
| { | ||
| "rel": "self", | ||
| "type": "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"", | ||
| "href": "https://activitypub.example.com/actors/1" | ||
| } | ||
| ] | ||
| } | ||
| </pre> | ||
| <p>At this point, we have validated that <code>[email protected]</code> links back to our actor document, but we can optionally verify that the canonical WebFinger address of <code>[email protected]</code> also links back to the same actor document:</p> | ||
| <pre class="http example" title="Verifying the canonical WebFinger address discovered from the constructed WebFinger address"> | ||
| GET /.well-known/webfinger?resource=acct:[email protected] HTTP/1.1 | ||
| Host: example.com | ||
|
|
||
| HTTP/1.1 307 Temporary Redirect | ||
| Location: https://activitypub.example.com/.well-known/webfinger?resource=acct:[email protected] | ||
|
|
||
| GET /.well-known/webfinger?resource=acct:[email protected] HTTP/1.1 | ||
| Host: activitypub.example.com | ||
|
|
||
| HTTP/1.1 200 OK | ||
| Content-Type: application/jrd+json | ||
|
|
||
| { | ||
| "subject": "acct:[email protected]", | ||
| "aliases": [ | ||
| "https://example.com/@alyssa", | ||
| "https://activitypub.example.com/actors/1" | ||
| ], | ||
| "links": [ | ||
| { | ||
| "rel": "http://webfinger.net/rel/profile-page", | ||
| "type": "text/html", | ||
| "href": "https://example.com/@alyssa" | ||
| }, | ||
| { | ||
| "rel": "self", | ||
| "type": "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"", | ||
| "href": "https://activitypub.example.com/actors/1" | ||
| } | ||
| ] | ||
| } | ||
| </pre> | ||
| </section> | ||
| </section> | ||
| <section class="normative"> | ||
|
|
||