im trying to think of how to properly do read/write authorization on a pure activitypub server, but specifically how to manage that in a standardized way
sure you could request oauth and then require a header, that's pretty bog-standard i guess... but how to manage which tokens have access to which directories on the server? some kind of admin panel / cli? fallback to uid-based access control? ehhh...
@trwnh like okta/authy/etc
@jalcine I'm not sure i understand how that helps
the problem im trying to solve is as so:
- i have a server handling requests at /app.py or whatever
- i intend to allow read-write access to all of / (client decides where to PUT a resource)
- obviously not for everyone so i should use an Authorization header or something
- but how to decide which actors or clients get access to which directories
@trwnh oh I guess it depends on how tokens are mapped. For koype, I keep them mapped to scopes that are saved when requested
@jalcine "how tokens are mapped" is what im trying to figure out
i guess i could use the "scope" parameter of oauth for actually requesting directories, though?
@jalcine so scope = ["/"] gives a client full access to the activitypub server and it can be hierarchical
but really im realizing now the actual bit i need to solve is how actors are created and managed
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!