forgejo-contrib-federation-pulls-57.md
Watch21
Star82
Fork
You've already forked federation
CodeIssues 16Pull requests 8Projects 2ActivityActions
Merged
jergermerged 22 commits from :ssignature-validation-details into main 2025-12-02 12:23:55 +01:00
Conversation 6Commits 22Files changed 3 +202 -111
jerger commented 2025-08-27 16:51:49 +02:00
Owner
Copy link
No description provided.
jerger added 3 commits 2025-08-27 16:51:50 +02:00
add cool references 07aec99310
split validation in inside & outside view 56fcf41375
jerger added 1 commit 2025-08-28 08:06:54 +02:00
rename to closer fit & add one more reference c8516544e2
jerger added 1 commit 2025-09-25 08:44:02 +02:00
Sort the references & name the gaps 6d1749ada7
jerger added 1 commit 2025-09-25 08:48:30 +02:00
jerger added 1 commit 2025-10-17 17:51:05 +02:00
jerger added 1 commit 2025-11-03 10:58:31 +01:00
Add: How to identify Actors 9e16442474
jerger added 1 commit 2025-11-03 11:03:56 +01:00
jerger added 1 commit 2025-11-14 08:31:31 +01:00
jerger added 2 commits 2025-11-14 08:38:16 +01:00
Merge branch 'main' into ssignature-validation-details 7a1d56c924
jerger changed title from ** WIP: http signature details ** to http signature details 2025-11-14 08:38:56 +01:00
jerger requested reviews from 0xllx0, famfo, Gusted, patdyn 2025-11-14 08:40:05 +01:00
 n0toose reviewed 2025-11-14 09:06:55 +01:00
0xllx0 requested changes 2025-11-14 11:50:57 +01:00 Dismissed
0xllx0 left a comment
Copy link
Some request for clarifying edits, and some minor nits.
Some request for clarifying edits, and some minor nits.
doc/http-signatures.md Outdated
Show resolved Hide resolved
| | | | @ -0,0 +85,4 @@ |
| | | | | |
| | | | | ````mermaid| | | | | |sequenceDiagram| | | | | | participant remote as distant federated instance
(gotosocial.example.com)` |
0xllx0 commented 2025-11-14 11:46:39 +01:00
Collaborator
Copy link
- participant remote as distant federated instance
(gotosocial.example.com)
+ participant remote as remote federated instance
(gotosocial.example.com)
or
- participant remote as distant federated instance
(gotosocial.example.com)
+ participant distant as distant federated instance
(gotosocial.example.com)
diff - participant remote as distant federated instance\<br\>(gotosocial.example.com) + participant remote as remote federated instance\<br\>(gotosocial.example.com) or diff - participant remote as distant federated instance\<br\>(gotosocial.example.com) + participant distant as distant federated instance\<br\>(gotosocial.example.com)
jerger commented 2025-11-14 13:10:08 +01:00
Author
Owner
Copy link
Thx. for the comment :-)
Thx. for the comment :-) https://codeberg.org/forgejo-contrib/federation/pulls/57/commits/cd04110a9fb7159de409e23694369c56d866164c
jerger marked this conversation as resolved
doc/http-signatures.md Outdated
Show resolved Hide resolved
| | | | @ -0,0 +40,4 @@ |
| | | | | |
| | | | | ### Instance Actor Representation at Forgejo |
| | | | | |
| | | | | The instance actor is located at /api/v1/activitypub/actorand provide an actor of typeApplication. |
0xllx0 commented 2025-11-14 11:49:26 +01:00
Collaborator
Copy link
- The instance actor is located at `/api/v1/activitypub/actor` and provide an actor of type `Application`.
+ The instance actor is located at `/api/v1/activitypub/actor`, and provides an actor of type `Application`.
diff - The instance actor is located at `/api/v1/activitypub/actor` and provide an actor of type `Application`. + The instance actor is located at `/api/v1/activitypub/actor`, and provides an actor of type `Application`.
π 1
jerger marked this conversation as resolved
Show resolved Hide resolved
| | | | @ -0,0 +100,4 @@ |
| | | | | remote -->>- local: @me |
| | | | | deactivate local |
| | | | | end |
| | | | | local -->>- remote: /api/v1/activitypub/user-id/1 |
0xllx0 commented 2025-11-14 11:44:44 +01:00
Collaborator
Copy link
Might be helpful to note that the ActivityPub Actor JSON for the requested user is returned here.
Something like:
sequenceDiagram
participant distant
participant local
local -->>+ distant: /api/v1/activitypub/user-id/1
{AcitivtyPub Actor JSON}
Might be helpful to note that the ActivityPub Actor JSON for the requested user is returned here. Something like: mermaid sequenceDiagram participant distant participant local local --\>\>+ distant: /api/v1/activitypub/user-id/1\<br\> {AcitivtyPub Actor JSON}
π 1
jerger commented 2025-11-14 13:30:08 +01:00
Author
Owner
Copy link
fixed in !57 (commit 46e6c05d1c)
jerger marked this conversation as resolved
doc/http-signatures.md Outdated
Show resolved Hide resolved
| | | | @ -0,0 +105,4 @@ |
| | | | | |
| | | | | ## Signature Validation - Inside View |
| | | | | |
| | | | | The actual implementation in Forgejo lives in routers/api/v1/activitypub/reqsignature.go, services/federation/signature_service.goandservices/federation/federation_service.go. |
0xllx0 commented 2025-11-14 11:35:24 +01:00
Collaborator
Copy link
Explicity stating the files in the repo is somewhat fragile, as this will break silently with any code reorg in Forgejo.
If we want to keep the references, we could pick a recent commit, and create a MarkDown link to relevant files. That would provide readers with a base-point to track any future changes.
Explicity stating the files in the repo is somewhat fragile, as this will break silently with any code reorg in Forgejo. If we want to keep the references, we could pick a recent commit, and create a MarkDown link to relevant files. That would provide readers with a base-point to track any future changes.
jerger commented 2025-11-14 13:30:30 +01:00
Author
Owner
Copy link
fixed in !57 (commit 19ef1f5d10)
jerger marked this conversation as resolved
doc/http-signatures.md Outdated
Show resolved Hide resolved
| | | | @ -0,0 +76,4 @@ |
| | | | | |
| | | | | ### How to fetch Keys |
| | | | | |
| | | | | We observed differences between mastodon, forgejo & GoToSocial how key material can be fetched: [GTS quirks on fetching keys] |
0xllx0 commented 2025-11-14 11:36:42 +01:00
Collaborator
Copy link
- We observed differences between mastodon, forgejo & GoToSocial how key material can be fetched: [GTS quirks on fetching keys]
+ We observed differences between Mastodon, Forgejo & GoToSocial how key material can be fetched: [GTS quirks on fetching keys]
diff - We observed differences between mastodon, forgejo & GoToSocial how key material can be fetched: [GTS quirks on fetching keys] + We observed differences between Mastodon, Forgejo & GoToSocial how key material can be fetched: [GTS quirks on fetching keys]
π 1
jerger marked this conversation as resolved
doc/http-signatures.md Outdated
Show resolved Hide resolved
| | | | @ -0,0 +125,4 @@ |
| | | | | fs ->> mu: FindFederatedUserByKeyID |
| | | | | fs ->> ff: FindOrCreateFederatedUser |
| | | | | fs ->> fs: if PubKey is missing: fetchKeyFromAp |
| | | | | fs -->>- rs: PubKey |
0xllx0 commented 2025-11-14 11:31:30 +01:00
Collaborator
Copy link
It might be more clear to split this diagram into two here, one for user signature verification, and one for host signature verification. With a note about when each PubKey is used.
It might be more clear to split this diagram into two here, one for user signature verification, and one for host signature verification. With a note about when each PubKey is used.
jerger commented 2025-11-14 13:50:18 +01:00
Author
Owner
Copy link
Can we leave this improvement for a later PR ?
Can we leave this improvement for a later PR ?
π 1
jerger marked this conversation as resolved
famfo requested changes 2025-11-14 12:09:39 +01:00 Dismissed
doc/http-signatures.md Outdated
Show resolved Hide resolved
| | | | @ -0,0 +33,4 @@ |
| | | | | 4. Signature report & best practices |
| | | | | 1. [ActivityPub and HTTP Signatures] |
| | | | | 2. [W3C: ActivityPub/Primer/Authentication Authorization] |
| | | | | 3. [FEP-e2ce: HTTP Signatures: Implementation and Best Practices] |
famfo commented 2025-11-14 12:02:07 +01:00
Collaborator
Copy link
This is a closed draft BCP, not sure if we want to include it here.
This is a closed draft BCP, not sure if we want to include it here.
jerger commented 2025-11-14 13:34:49 +01:00
Author
Owner
Copy link
Ack - I link the closed PR & remove the link in spec overview
Ack - I link the closed PR & remove the link in spec overview
jerger marked this conversation as resolved
doc/http-signatures.md Outdated
Show resolved Hide resolved
| | | | @ -0,0 +36,4 @@ |
| | | | | 3. [FEP-e2ce: HTTP Signatures: Implementation and Best Practices] |
| | | | | 4. [Linked Data Signatures 1.0: Draft Community Group Report 25 September 2025] |
| | | | | |
| | | | | As you can see, there are many specs involved. But there are also gaps on the way to implement signature validation. |
famfo commented 2025-11-14 12:05:25 +01:00
Collaborator
Copy link
It would probably worth mentioning which of the many ideas get implemented. Client-side activity signing seems a bit out of scope for the architecture of forgejo for example.
As far as I'm concerned, the plan is to support draft-cavage-http-signatures-12 signatures and eventually also RFC 9421 with keys represented using the w3c security vocabulary.
It would probably worth mentioning which of the many ideas get implemented. Client-side activity signing seems a bit out of scope for the architecture of forgejo for example. As far as I'm concerned, the plan is to support draft-cavage-http-signatures-12 signatures and eventually also RFC 9421 with keys represented using the w3c security vocabulary.
jerger commented 2025-11-14 13:43:59 +01:00
Author
Owner
Copy link
It would probably worth mentioning which of the many ideas get implemented. Client-side activity signing seems a bit out of scope for the architecture of forgejo for example.
I would prefer to have the overview - even if we will implement this somewhere in future. Added a mark.
As far as I'm concerned, the plan is to support draft-cavage-http-signatures-12 signatures and eventually also RFC 9421 with keys represented using the w3c security vocabulary.
+1
> It would probably worth mentioning which of the many ideas get implemented. Client-side activity signing seems a bit out of scope for the architecture of forgejo for example. I would prefer to have the overview - even if we will implement this somewhere in future. Added a mark. > As far as I'm concerned, the plan is to support draft-cavage-http-signatures-12 signatures and eventually also RFC 9421 with keys represented using the w3c security vocabulary. +1
jerger marked this conversation as resolved
Show resolved Hide resolved
| | | | @ -0,0 +92,4 @@ |
| | | | | local ->>+ local: verify user @me signature |
| | | | | |
| | | | | opt if no key is cached |
| | | | | local ->>+ remote: GET /users/@me signed by key-id: /api/v1/activitypub/actor#35;main-key |
famfo commented 2025-11-14 12:07:59 +01:00
Collaborator
Copy link
- local ->>+ remote: GET /users/@me
signed by key-id: /api/v1/activitypub/actor#35;main-key
+ local ->>+ remote: GET /users/@me#main-key
signed by key-id: /api/v1/activitypub/actor#35;main-key
diff - local -\>\>+ remote: GET /users/@me\<br\>signed by key-id: /api/v1/activitypub/actor#35;main-key + local -\>\>+ remote: GET /users/@me#main-key\<br\>signed by key-id: /api/v1/activitypub/actor#35;main-key
π 1
jerger marked this conversation as resolved
Show resolved Hide resolved
| | | | @ -0,0 +94,4 @@ |
| | | | | opt if no key is cached |
| | | | | local ->>+ remote: GET /users/@me signed by key-id: /api/v1/activitypub/actor#35;main-key |
| | | | | remote ->>+ remote: verify user /api/v1/activitypub/actor signature |
| | | | | remote ->> local: GET /api/v1/activitypub/actor signed by key-id: /users/@gotosocial.example.com#35;main-key |
famfo commented 2025-11-14 12:08:44 +01:00
Collaborator
Copy link
- remote ->> local: GET /api/v1/activitypub/actor
signed by key-id: /users/@gotosocial.example.com#35;main-key
+ remote ->> local: GET /api/v1/activitypub/actor#main-key
signed by key-id: /users/@gotosocial.example.com#35;main-key
diff - remote -\>\> local: GET /api/v1/activitypub/actor\<br\>signed by key-id: /users/@gotosocial.example.com#35;main-key + remote -\>\> local: GET /api/v1/activitypub/actor#main-key\<br\>signed by key-id: /users/@gotosocial.example.com#35;main-key
π 1
jerger marked this conversation as resolved
jerger added 1 commit 2025-11-14 13:09:37 +01:00
jerger added 1 commit 2025-11-14 13:18:27 +01:00
add returned actor example 46e6c05d1c
jerger added 1 commit 2025-11-14 13:29:20 +01:00
jerger added 1 commit 2025-11-14 13:42:01 +01:00
remove not merged e2ce 0f9436fcef
jerger added 1 commit 2025-11-14 13:45:41 +01:00
add not implemented marks 3a42035460
jerger added 1 commit 2025-11-14 13:49:01 +01:00
be more precise on signatures fa42160c52
silverpill reviewed 2025-11-14 14:56:53 +01:00
doc/http-signatures.md Outdated
Show resolved Hide resolved
| | | | @ -0,0 +33,4 @@ |
| | | | | 4. Signature report & best practices |
| | | | | 1. [ActivityPub and HTTP Signatures] |
| | | | | 2. [W3C: ActivityPub/Primer/Authentication Authorization] |
| | | | | 3. [Linked Data Signatures 1.0: Draft Community Group Report 25 September 2025] (not implemented at the moment) |
silverpill commented 2025-11-14 14:56:53 +01:00
First-time contributor
Copy link
Some info about listed FEPs:
Some info about listed FEPs: - FEP-2277 - WIP, implemented in one project. - FEP-ae97 - WIP, implemented in one project - FEP-521a - finalized, has multiple implementations, Mastodon developers are considering implementing it. - FEP-7502 - looks abandoned, no implementations I am aware of - FEP-fe34 - this is more of a "best practices" document, it covers both authentication and authorization
π 1
0xllx0 commented 2025-11-14 17:07:44 +01:00
Collaborator
Copy link
FEP-521a - finalized, has multiple implementations, Mastodon developers are considering implementing it.
May also want to keep an eye on FEP-521b for potential future implementations.
> FEP-521a - finalized, has multiple implementations, Mastodon developers are considering implementing it. May also want to keep an eye on FEP-521b for potential future implementations.
π 1
jerger marked this conversation as resolved
jerger added 1 commit 2025-11-17 08:22:14 +01:00
jerger requested reviews from 0xllx0, famfo 2025-11-18 11:32:19 +01:00
0xllx0 requested changes 2025-11-18 12:19:27 +01:00 Dismissed
0xllx0 left a comment
Copy link
Small typo, other than that LGTM.
Small typo, other than that LGTM.
doc/http-signatures.md Outdated
Show resolved Hide resolved
| | | | @ -0,0 +92,4 @@ |
| | | | | local ->>+ local: verify user @me signature |
| | | | | |
| | | | | opt if no key is cached |
| | | | | local ->>+ remote: GET /users/@me#main-key signed by key-id: /api/v1/activitypub/actor#35;main-key |
0xllx0 commented 2025-11-18 12:17:34 +01:00
Collaborator
Copy link
- local ->>+ remote: GET /users/@me#main-key
signed by key-id: /api/v1/activitypub/actor#35;main-key
+ local ->>+ distant: GET /users/@me#main-key
signed by key-id: /api/v1/activitypub/actor#35;main-key
diff - local -\>\>+ remote: GET /users/@me#main-key\<br\>signed by key-id: /api/v1/activitypub/actor#35;main-key + local -\>\>+ distant: GET /users/@me#main-key\<br\>signed by key-id: /api/v1/activitypub/actor#35;main-key
jerger commented 2025-11-18 15:48:12 +01:00
Author
Owner
Copy link
fixed - thanks :-)
fixed - thanks :-) https://codeberg.org/forgejo-contrib/federation/pulls/57/commits/c37fcbd7e89931195bfa9e8b21273c157eabbdde
jerger marked this conversation as resolved
jerger added 1 commit 2025-11-18 14:58:44 +01:00
jerger requested review from 0xllx0 2025-11-18 15:48:24 +01:00
famfo requested changes 2025-11-18 16:47:35 +01:00 Dismissed
famfo left a comment
Copy link
Just some smaller nits left :)
Just some smaller nits left :)
doc/http-signatures.md Outdated
Show resolved Hide resolved
| | | | @ -0,0 +19,4 @@ |
| | | | | 1. General spec |
| | | | | 1. [ActivityPub] |
| | | | | 2. [Activity Vocabulary] |
| | | | | 3. [Instance Actor] |
famfo commented 2025-11-18 16:33:04 +01:00
Collaborator
Copy link
Nitpicky: this is technically not a spec but a consequence of needing a single actor as the "bootstrap" key of an instance. Not sure if or how we want to clarify this.
Nitpicky: this is technically not a spec but a consequence of needing a single actor as the "bootstrap" key of an instance. Not sure if or how we want to clarify this.
jerger commented 2025-11-28 16:56:58 +01:00
Author
Owner
Copy link
Any idea how to make this more precise ?
Any idea how to make this more precise ?
famfo commented 2025-11-28 17:23:13 +01:00
Collaborator
Copy link
Maybe the link can be moved below "As you can see, there are many specs involved. But there are also gaps on the way to implement signature validation." with the note Another implications from the way these specifications work together is the requirement for an [Instance Actor]..
Maybe the link can be moved below "As you can see, there are many specs involved. But there are also gaps on the way to implement signature validation." with the note Another implications from the way these specifications work together is the requirement for an [Instance Actor]..
jerger commented 2025-12-01 14:24:49 +01:00
Author
Owner
Copy link
what do you think about !57 (commit 188411319f) ?
what do you think about https://codeberg.org/forgejo-contrib/federation/pulls/57/commits/188411319fcbeb0abe93f7c40bfd20270c0dc4be ?
famfo commented 2025-12-01 20:35:05 +01:00
Collaborator
Copy link
This makes sense to me, I like this.
This makes sense to me, I like this.
famfo marked this conversation as resolved
doc/http-signatures.md Outdated
Show resolved Hide resolved
| | | | @ -0,0 +34,4 @@ |
| | | | | 1. [ActivityPub and HTTP Signatures] |
| | | | | 2. [W3C: ActivityPub/Primer/Authentication Authorization] |
| | | | | 3. [Linked Data Signatures 1.0: Draft Community Group Report 25 September 2025] (not implemented at the moment) |
| | | | | 4. [FEP-521b: Proposal to update the default codec] |
famfo commented 2025-11-18 16:37:13 +01:00
Collaborator
Copy link
521b is an update to 521a, I'd reference the other proposal or group them.
521b is an update to 521a, I'd reference the other proposal or group them.
π 1
jerger marked this conversation as resolved
doc/http-signatures.md Outdated
Show resolved Hide resolved
| | | | @ -0,0 +81,4 @@ |
| | | | | ## Signature Validation - Outside View |
| | | | | |
| | | | | All endpoints except the one for fetching the public key of the server actor |
| | | | | (Application in [Activity Vocabulary]) require authorized fetch. |
famfo commented 2025-11-18 16:41:54 +01:00
Collaborator
Copy link
Note that an Application does not necessarily have to be the instance actor. This user type could also be reused for other actors which may be an application.
Note that an Application does not necessarily have to be the instance actor. This user type could also be reused for other actors which may be an application.
π 1
jerger marked this conversation as resolved
doc/http-signatures.md Outdated
Show resolved Hide resolved
| | | | @ -0,0 +40,4 @@ |
| | | | | |
| | | | | ### Instance Actor Representation at Forgejo |
| | | | | |
| | | | | The instance actor is located at [/api/v1/activitypub/actor](https://codeberg.org/forgejo/forgejo/src/commit/0737196842bb61bd0aeb7177a497c920443e1e68/routers/api/v1/activitypub/actor.go), and provide an actor of type Application. |
famfo commented 2025-11-18 16:39:43 +01:00
Collaborator
Copy link
It could be worth mentioning that it internally reuses the user ID of the ghost user. This may have future implications (both in implementation and federation) for representing comments on issues from deleted users which would have to be recreated using this actor.
It could be worth mentioning that it internally reuses the user ID of the ghost user. This may have future implications (both in implementation and federation) for representing comments on issues from deleted users which would have to be recreated using this actor.
π 1
jerger commented 2025-11-28 17:06:17 +01:00
Author
Owner
Copy link
good point.
good point.
jerger marked this conversation as resolved
doc/http-signatures.md Outdated
Show resolved Hide resolved
| | | | @ -0,0 +100,4 @@ |
| | | | | distant -->>- local: @me |
| | | | | deactivate local |
| | | | | end |
| | | | | local -->>- distant: /api/v1/activitypub/user-id/1 {type: "Application", publicKey: {publicKeyPem: "..."}} |
famfo commented 2025-11-18 16:43:21 +01:00
Collaborator
Copy link
- local -->>- distant: /api/v1/activitypub/user-id/1
{type: "Application", publicKey: {publicKeyPem: "..."}}
+ local -->>- distant: /api/v1/activitypub/user-id/1
{type: "Person", publicKey: {publicKeyPem: "..."}}
diff - local --\>\>- distant: /api/v1/activitypub/user-id/1\<br\>{type: "Application", publicKey: {publicKeyPem: "..."}} + local --\>\>- distant: /api/v1/activitypub/user-id/1\<br\>{type: "Person", publicKey: {publicKeyPem: "..."}}
π 1
jerger marked this conversation as resolved
jerger added 1 commit 2025-11-28 17:07:16 +01:00
jerger requested review from famfo 2025-11-28 17:07:57 +01:00
jerger added 1 commit 2025-12-01 14:22:17 +01:00
separate spec from the work around. 188411319f
famfo approved these changes 2025-12-01 20:35:32 +01:00
0xllx0 approved these changes 2025-12-01 22:06:47 +01:00
jerger merged commit 02625e30ab into main 2025-12-02 12:23:55 +01:00
jerger referenced this pull request from a commit 2025-12-02 12:23:56 +01:00 http signature details (#57)
jerger deleted branch ssignature-validation-details 2025-12-02 12:23:56 +01:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels Clear labels No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
5 participants 
Notifications Subscribe
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".
No due date set.
Dependencies
No dependencies set.
Reference
forgejo-contrib/federation!57
WritePreview
Loadingβ¦
Add table
| Rows | | | Columns | |
CancelOK
Add a link
Url Description Hint: With a URL in your clipboard, you can paste directly into the editor to create a link.
CancelOK
CancelSave
Reference in a new issue
Repository
forgejo-contrib/federation
Title
Body
Create issue
No description provided.
Delete branch ":ssignature-validation-details"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
No Yes