im trying to think of how to properly do read/write authorization on a pure activitypub server, but specifically how to manage that in a standardized way

sure you could request oauth and then require a header, that's pretty bog-standard i guess... but how to manage which tokens have access to which directories on the server? some kind of admin panel / cli? fallback to uid-based access control? ehhh...

@jalcine I'm not sure i understand how that helps

the problem im trying to solve is as so:
- i have a server handling requests at /app.py or whatever
- i intend to allow read-write access to all of / (client decides where to PUT a resource)
- obviously not for everyone so i should use an Authorization header or something
- but how to decide which actors or clients get access to which directories

@trwnh oh I guess it depends on how tokens are mapped. For koype, I keep them mapped to scopes that are saved when requested

@jalcine "how tokens are mapped" is what im trying to figure out

i guess i could use the "scope" parameter of oauth for actually requesting directories, though?

@jalcine so scope = ["/"] gives a client full access to the activitypub server and it can be hierarchical

but really im realizing now the actual bit i need to solve is how actors are created and managed

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!