im trying to think of how to properly do read/write authorization on a pure activitypub server, but specifically how to manage that in a standardized way

sure you could request oauth and then require a header, that's pretty bog-standard i guess... but how to manage which tokens have access to which directories on the server? some kind of admin panel / cli? fallback to uid-based access control? ehhh...


@trwnh I think if your server is just a JSON-LD pipe then you expect apps to have full access anyway

· · Web · 1 · 0 · 0

@Gargron apps should have full access but only to the directories they need maybe? doesnt seem like a good idea to say you can point any client at any server and have r/w access to everything under /

i'm just trying to conceptualize how much the server actually needs to do (as little as i can possibly get away with, tldr) and how to expose a standard interface (webfinger + maybe oauth + idk what else)

Sign in to participate in the conversation

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!