New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ditching the webfinger requirement #17030
Comments
tagging #10745 here for potentially related changes -- if any work is put into moving away from username@domain as the canonical representation, then it might also make sense to use a less fragile URI scheme for actors that doesn't depend on usernames. (breaking domain requirement right now is unfortunately not possible due to DNS, of course) |
People are already depending on IMO it should be made even easier, e.g. if John Doe had account in: https://mastodon.social/@JohnDoe And he owns example.com, he should be allowed to make {
"@john@example.com": {
"aliases": ["https://mastodon.social/@JohnDoe", "https://mastodon.social/users/JohnDoe"]
}
} (Of course it would require a field in mastodon.social as well that you want to change the handle) |
If you are the only user on that domain, you can currently:
The problem with your solution is if there are multiple people "working at" example.com : which user should be listed in the static .json file and/or how would you distinguish which one is being queried for. You don't want to return all of the users due to privacy, anti spam and just size of the document (think IBM, Microsoft, Facebook type employee size) would be massive. |
I understand that the plan is to treat whatever Then, how about keeping the WebFinger requirement for A drawback of the proposed approach, though, would be that the user might not usually intend URIs in posts to be mentions. This would be problematic especially in private posts, which are intended to be only visible to explicitly mentioned accounts. Perhaps the proposed mention mechanism should only be employed if the target server doesn't support WebFinger? But even then, ill-intended Web page administrators could set up ActivityPub actors on their own URIs to intercept Mastodon posts containing the URIs (though such an attempt would be quite likely to be apparent). Or mentions with URIs should use a special syntax, e.g., that requires the URI to be prefixed with an |
While useful, Webfinger is not part of the ActivityPub specification itself, and the ad-hoc mechanism from going from an ActivityPub actor URI to a canonical
acct:
URI is pretty clunky.This issue is here to track what would need changing for dropping the Webfinger requirement. It is probably not exhaustive.
Uniqueness of local actor names should probably still be enforced to reduce confusion and avoid breaking compatibility with older versions.
API
/api/v1/accounts/lookup
would either need to be dropped or return an arrayuri
of actors in the REST APIUX
/web/@foo@bar
and/web/@foo@bar/12345
paths introduced to harmonize the WebUI with the public page paths may not make sense anymore@user@domain
handle is ambiguous, or if an user doesn't have one?@user@domain
to identify users, what if the user does not have a canonicalacct:
URI?Database
uri
at the database leveluri
even if it was only briefly possibleThe text was updated successfully, but these errors were encountered: