BrowserPub: A browser for debugging #ActivityPub and the ⁂fediverse
-
@js thanks! We’ll fix
-
-
-
John Spurlockreplied to John Spurlock last edited by
So as I'm bopping around looking at everyone's #ActivityPub in browser.pub, I wanted to have the ability to follow interesting people while I'm browsing.
I just pushed a new update that adds a "Follow" button next to every profile in the visual view
-
John Spurlockreplied to John Spurlock last edited by
Ideally, I'd like to have these follows take effect here in my main account and not have to create a brand new profile on a brand new site.
This is where OAuth comes in - many existing fediverse servers supported federated login in a standard way
Just enter your account to start the login flow in browser.pub
-
John Spurlockreplied to John Spurlock last edited by
browser.pub requests the ability to add new follows to your account...
-
John Spurlockreplied to John Spurlock last edited by
... then stores the login info in the browser
For OAuth dorks, it'll show the token expiration and granted scope
Also whether or not the server supports the excellent OAuth server metadata spec, and whether the server supports PKCE (a security improvement that is a newer part of the spec)
-
John Spurlockreplied to John Spurlock last edited by
You'll see that only the newest Mastodon 4.3 (still beta only?) supports this new metadata, but it should be rolling out widely soon.
-
John Spurlockreplied to John Spurlock last edited by
anyway, once you have an active login it will be displayed in the top-right corner, and you can follow profiles with a tap of the "Follow" button
-
@js you'll probably be better waiting until Client ID Metadata Documents are implemented, otherwise you'll be maintaining a tonne of OAuth App registrations
You could also implement this through authorized interactions, iirc.
-
John Spurlockreplied to John Spurlock last edited by
now Pleroma is special here, it supports following like this in bog-standard ActivityPub!
ie just posting a small json payload to the logged-in user's outbox endpoint
hopefully more ActivityPub servers support this soon, as it should be very similar to what they already do for S2S
-
John Spurlockreplied to John Spurlock last edited by
misskey and micro.blog from @manton both support client registration for clients like this by simply providing a website url
it's called "indieauth" (displayed in the login info row, otherwise falls back to mastodon-style app-creation-based registration)
there is a newer emerging standard for dynamic client registration, but no one supports it yet - I'll add it when one does!
micro.blog doesn't support C2S follows via the outbox yet, but we can fallback to the micro.blog api here
-
@thisismissem yes I can't _wait_ until that spec is supported in popular implementations
right now I maintain a minimum number of mastodon app registrations based on unique attributes (they are not user-specific), but would love to rely on this less in the future
let me know if you know of a server I can get an account on that implements Client ID Metadata Documents for testing
-
@js first off never heard of this tool before. This is awesome, second the update is also awesome. third thing, you are awesome for sharing this.
-
thanks for the kind words! hope it helps you out there in activitypub-land
-
John Spurlockreplied to John Spurlock last edited by
you'll notice that browser.pub not only requests the ability to follow, but _also_ to read, generally
this gives the logged-in user the ability to explore ActivityPub collections that may not be public, only accessible via auth (if the server supports such collections over ActivityPub C2S)
in theory, you could imagine building a thing on top of these collections that looks like your personal mastodon timeline, but using spec-standard ActivityPub
in practice, tho, here is my mastodon inbox ️
-
John Spurlockreplied to John Spurlock last edited by
Pleroma, however, is a different story - a better story
here is my Pleroma account, listing my private inbox collection - essentially my home timeline
this is not public, but available to ActivityPub C2S clients like browser.pub with a valid auth token
-
John Spurlockreplied to John Spurlock last edited by
Under the hood, the personal inbox is represented as an essentially infinite ActivityPub OrderedCollection, with no 'totalItems' count property, and no 'last' pointer
I can keep iterating down my inbox reverse chron this way in the json...
-
John Spurlockreplied to John Spurlock last edited by
... or by hitting "next" in the visual view
maybe I should add some sort of automatic revealing of the next item on scroll