#social 2017-02-02

2017-02-02 UTC
timbl and evanminto joined the channel
# 02:54 
evanminto Hey, I’m working on an ActivityPub implementation but I’m confused about the authentication/authorization part. How are people handling it in current implementations?
# 02:54 
evanminto (That’s a very general question, but I can dig into it further if somebody’s interested.)
tantek joined the channel
# 04:44 
geppy evanminto: I'm interested in other solutions, but you might want to see http://indieweb.org/IndieAuth and http://indieweb.org/private_posts
tantek and fabrixxm joined the channel
# 05:56 
evanminto geppy: Right, I’m aware of IndieAuth, but it seems like it’s not really usable in the context of ActivityPub.
# 05:57 
evanminto Well, not “not usable”
tantek joined the channel
# 05:58 
evanminto But unless I’m missing something, when you request an Outbox in AP, if you send an IndieAuth token along, the server has no way of knowing WHO you’re trying to authenticate as, so it can’t do the rel-me discovery stuff.
# 05:59 
geppy evanminto: ah, right.  I'm not sure what to point you to, sorry.
# 06:00 
evanminto Yeah, the only thing I can think of with IndieAuth would be checking known IndieAuth token providers, but then that defeats the purpose of dynamically defining the service the user wants to use.
tantek, fabrixxm, evanminto_, timbl, bengo, bengo_ and evanminto joined the channel