Authorized fetch may be missing?

Created on 12 February 2024, 11 months ago
Updated 10 April 2024, 9 months ago

Problem/Motivation

I run an Akkoma instance (Pleroma fork). I have "Authorized Fetch Mode" enabled on it, which requires HTTP signatures on AP fetches.

When doing a little testing between Drupal and my Akkoma, I got this error logged on the Drupal end:

Signature verifying exception: Client error: `GET https://mycrowd.ca/users/fluglbrrzzkj3332lz` resulted in a `401 Unauthorized` response: Request not signed

(mycrowd.ca is the Akkoma instance)

Steps to reproduce

I was trying to follow the Drupal user from a test account on the Akkoma instance.

I have the feeling that with Authorized Fetch on, this may not work presently.

Feature request
Status

Active

Version

1.0

Component

Code

Created by

🇨🇦Canada kinetix242

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @kinetix242
  • 🇧🇪Belgium swentel

    It doesn't ring a bell, so yes, we might miss something here, although I have no idea what this Authorized Fetch Mode means exactly.

    Is there any documentation about this somewhere that you know of? I hope we're able to use the Nodeinfo of the pleroma instance to figure out that also GET requests to a user to fetch the AP information needs to be signed (hopefully also just like we're already signing outbox requests).

  • 🇨🇦Canada kinetix242

    Some info on it: https://hub.sunny.garden/2023/06/28/what-does-authorized_fetch-actually-do/

    I am curious if my Activitypub settings could cause the problem - I have the site-wide user set to 0, which I might have accidentally done, but I haven't seen information / documentation on what the value should be.

  • 🇨🇦Canada kinetix242

    I'll just add that I've created a separate user for Activitypub, changed the site-wide user to that user ID (5), and ensured that authenticated users can publish to the site-wide actor.

    Same result when trying to do the follow from the Akkoma instance.

    I hope my additional comments are somewhat helpful. Please let me know if there's more I can do.

  • 🇧🇪Belgium swentel

    Ok, that post is good enough to dive into it as it has links to issues/code/documentation so I can figure out.

    As far as I can see, this isn't necessarily part of the ActivityPub protocol, but I guess it can't hurt to enable this.

  • 🇨🇦Canada kinetix242

    I don't know if this will be at all helpful about the topic, but it looks like there's a draft report for "ActivityPub and HTTP Signatures" at https://swicg.github.io/activitypub-http-signature/#survey-of-standards-...

    I apologise for the noise if this isn't helpful.

Production build 0.71.5 2024