ActivityPub client development is coming along!

AP platform developers be warned, I be opening issues in your repo soon.

#ActivityPub #c2s

sorry Pleroma devs, I just opened up a 2nd #c2s issue in barely a week, and I have no idea what the project capacity is.

#ActivityPub #Pleroma

@django if there are any updates to make to this issue on #ActivityPub #C2S .. do not hesitate to comment :)

https://codeberg.org/fediverse/delightful-fediverse-apps/issues/130

ActivityPub client development is coming along!

AP platform developers be warned, I be opening issues in your repo soon.

#ActivityPub #c2s

@django if there are any updates to make to this issue on #ActivityPub #C2S .. do not hesitate to comment :)

https://codeberg.org/fediverse/delightful-fediverse-apps/issues/130

sorry Pleroma devs, I just opened up a 2nd #c2s issue in barely a week, and I have no idea what the project capacity is.

#ActivityPub #Pleroma

ActivityPub client development is coming along!

AP platform developers be warned, I be opening issues in your repo soon.

#ActivityPub #c2s

In this Codeberg issue @thisismissem wonders..

> "Has anyone done an assessment of the authentication mechanisms and standards used by each of these [C2S] implementations?

https://codeberg.org/fediverse/delightful-fediverse-experience/issues/130#issuecomment-7554760

I will bring this to a #SocialHub topic later this week, if I don't forget (otherwise remind me :)

#SX #ActivityPub #C2S #fediverse

If I wanted to mess around with ActivityPub c2s clients what's a server I can host that has support for it?

If I wanted to mess around with ActivityPub c2s clients what's a server I can host that has support for it?

ActivityPub: Client to Server endpoint discovery

I’ve re-started building with ActivityPub’s #c2s API based app. So this post is to document some of the challenges and hiccups.

1. The very first thing a user will want to do is login, right? So, we ask the user for their instance URL or their handle (webfinger: user@domain.tld).
2. Our app then needs to find an info about how to connect to the site.

   Luckily, the OAuth 2.0 standard exists! In our case we would be looking to RFC 8414: OAuth 2.0 Authorization Server Metadata. The main point is that once we have a server URL, we can look up the configuration routes via a predictable URL /.well-known/oauth-authorization-server

   If this route doesn’t exist then we have some alternatives. We could look for the instance actor.

   Depending on implementation, we might find this via nodeinfo (FEP-2677), or we might find it via webfinger (FEP-d556).

   1. The nodeinfo route is the more convoluted one, because fetching example.social/.well-known/nodeinfo we potentially receive a payload with links to version 2.0, and or 2.1. example.social/nodeinfo/2.1.

      This would lead us to parsing nodeinfo’s metadata field, looking for staffAccounts which would be an array, let’s just take the first one.

   2. The webfinger route would be: example.social/.well-known/webfinger?resource=https://example.social

      From there we parse the webfinger links field which is an array, looking for an object whose has rel=”self” and whose type="application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"".

      Whew, this object’s href value leads us to the instance actor.

   3. Finally, we arrive at an actor profile, where we will look for the endpoints field, and hope to find*:
      • oauthRegistrationEndpoint
      • oauthAuthorizationEndpoint
      • oauthTokenEndpoint
      • *However here too the road can be fraught with dangers… a number of servers are not allowing CORS requests on actor profiles.

        If implementations aren’t serving an oauth discovery endpoint RFC8414, and are limiting requests to actor pages, then there is really not much we can do!

• FEP-d556: Server-Level Actor Discovery Using WebFinger
• FEP-2677: Identifying the Application Actor
• FEP-d8c2: OAuth 2.0 Profile for the ActivityPub API

#c2s

ActivityPub: Client to Server endpoint discovery

I’ve re-started building with ActivityPub’s #c2s API based app. So this post is to document some of the challenges and hiccups.

1. The very first thing a user will want to do is login, right? So, we ask the user for their instance URL or their handle (webfinger: user@domain.tld).
2. Our app then needs to find an info about how to connect to the site.

   Luckily, the OAuth 2.0 standard exists! In our case we would be looking to RFC 8414: OAuth 2.0 Authorization Server Metadata. The main point is that once we have a server URL, we can look up the configuration routes via a predictable URL /.well-known/oauth-authorization-server

   If this route doesn’t exist then we have some alternatives. We could look for the instance actor.

   Depending on implementation, we might find this via nodeinfo (FEP-2677), or we might find it via webfinger (FEP-d556).

   1. The nodeinfo route is the more convoluted one, because fetching example.social/.well-known/nodeinfo we potentially receive a payload with links to version 2.0, and or 2.1. example.social/nodeinfo/2.1.

      This would lead us to parsing nodeinfo’s metadata field, looking for staffAccounts which would be an array, let’s just take the first one.

   2. The webfinger route would be: example.social/.well-known/webfinger?resource=https://example.social

      From there we parse the webfinger links field which is an array, looking for an object whose has rel=”self” and whose type="application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"".

      Whew, this object’s href value leads us to the instance actor.

   3. Finally, we arrive at an actor profile, where we will look for the endpoints field, and hope to find*:
      • oauthRegistrationEndpoint
      • oauthAuthorizationEndpoint
      • oauthTokenEndpoint
      • *However here too the road can be fraught with dangers… a number of servers are not allowing CORS requests on actor profiles.

        If implementations aren’t serving an oauth discovery endpoint RFC8414, and are limiting requests to actor pages, then there is really not much we can do!

• FEP-d556: Server-Level Actor Discovery Using WebFinger
• FEP-2677: Identifying the Application Actor
• FEP-d8c2: OAuth 2.0 Profile for the ActivityPub API

#c2s

Good opportunity to pass along this collection I keep of #ActivityPub#C2S related resources, to become part of the fediverse experience curated list..

https://delightful.coding.social/delightful-fediverse-experience

The list is in this codeberg issue:

https://codeberg.org/fediverse/delightful-fediverse-experience/issues/130

Good opportunity to pass along this collection I keep of #ActivityPub#C2S related resources, to become part of the fediverse experience curated list..

https://delightful.coding.social/delightful-fediverse-experience

The list is in this codeberg issue:

https://codeberg.org/fediverse/delightful-fediverse-experience/issues/130

Good opportunity to pass along this collection I keep of #ActivityPub#C2S related resources, to become part of the fediverse experience curated list..

https://delightful.coding.social/delightful-fediverse-experience

The list is in this codeberg issue:

https://codeberg.org/fediverse/delightful-fediverse-experience/issues/130

"A core objective of Flowz is flexibility and graceful degradation. Even when connected to a server that supports only the minimal core C2S functionality, the client still delivers a reasonable user experience. Users can perform essential actions such as reading timelines and posting updates. However, where Flowz really shines is when it connects to servers that offer extended C2S capabilities."

@stevebate, 2025

https://www.stevebate.net/activitypub-client-api-a-way-forward/

(1/3)

#ActivityPub#C2S#Flowz