im trying to think of how to properly do read/write authorization on a pure activitypub server, but specifically how to manage that in a standardized way

sure you could request oauth and then require a header, that's pretty bog-standard i guess... but how to manage which tokens have access to which directories on the server? some kind of admin panel / cli? fallback to uid-based access control? ehhh...


conceptually i think i can probably figure out something like creating a user and then having the /oauth/authorize endpoint use webfinger to map a username to an actor id, but then how to decide whether the actor id has access to read/write in the first place?

laziest thing i can think of is "just fallback to filesystem ACL" but then you have to heck around with virtual users and thats a pain we've already tried with email. so i guess the server needs to reimplement access control... but how

· · SubwayTooter · 0 · 0 · 0
Sign in to participate in the conversation

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!