Does not correctly implement WebFinger discovery? #166
Comments
|
Because fedifinder does not store any user related information, doing a full webfinger lookup would break each time the cache is invalidated. In the past I have only seen implementations that used the host-meta to point to the webfinger endpoint of whatever fediverse software someone used. If I interpret it correctly, that's no option in your case because you have more information in the webfinger than would be possible with letting hostux.social answering the webfinger request. On hostux your handle is @rfc1036@hostux.social. When I search for md@linux.it on hostux, it does not return any results. If I search for it on my instance, it returns the hostux account, but because it shows a different handle I would not expect it to be the correct account. Mentioning md@linux.it correctly resolves it to the hostux account. Overall, it seems confusing, but working. How should fedifinder implement it? linux.it is not a fediverse instance (does not have a nodeinfo) and is cached as such. For known domains fedifinder only looks the domains up. A full webfinger lookup for each handle would increase the load on servers massively. hostux is not the local_domain of linux.it, so I can't expect each handle from linux.it to be on hostux. Any suggestions? |
And indeed you get a perfectly valid host-meta from https://linux.it/.well-known/host-meta, which references the WebFinger URL for the domain.
The issue is not just providing a more complete WebFinger entry, but that different linux.it users have accounts on different fediverse instances. Because of this I cannot provide a meaningful nodeinfo endpoint.
Mastodon (and at least Pleroma and its forks, I have verified) use WebFinger as the server discovery protocol, and searching for md@linux.it on any instance works with my setup because I have implemented WebFinger. I think that this kind of setup will become more and more common since Mastodon still does not support virtual hosting (multitenancy) and creating single user instances is terribly wasteful, but people still want to be known by their own domain.
You are making a big unwarranted assumption here, i.e. that a fediverse server should have a nodeinfo URL. It is not even mentioned in the ActivityPub specification, and actually it was added quite late to Mastodon (see mastodon/mastodon#12002). I still think that you are optimizing at the expense of protocol correctness, but maybe you could check for host-meta only? |
|
I am optimizing for performance (one lookup per domain), usability (nodeinfo to help people decide which instance to use) and privacy (no caching of user level data). You are not known by your own domain. When I search/follow your account, it doesn't show your domain anymore. I agree that using your own domain on a third party server should be possible. Like it is with email. But it isn't at the moment and fedifinder currently fails at working with the workaround. At the moment, I wonder if an server opt-in would be a solution. Eg. for linux.it always do a full webfinger lookup. Edit: Yes, marking domains as fediferse, if they got a webfinger URL in the host-meta should work. |
My twitter profile (@rfc1036) contains the string "Mastodon: @md@linux.it".
I see in the access.log of www.linux.it requests for /.well-known/host-meta (and then for /.well-known/nodeinfo), but no actual WebFinger request for /.well-known/webfinger?resource=acct:md@linux.it, so I believe that something is not working correctly.
This setup is a bit unusual because www.linux.it is not an actual fediverse server (so there is no nodeinfo endpoint), but it implements a WebFinger endpoint which provides the information needed to find my actual Mastodon userid. And indeed it works fine when somebody searches for "md@linux.it" in Mastodon.
Which side is buggy? Yours or mine?
The text was updated successfully, but these errors were encountered: