What It Means When Your Poop Is Green, According To Science
https://www.sciencing.com/2161804/what-means-when-poop-green-according-science/?utm_source=flipboard&utm_medium=activitypub
Posted into Biology @biology-Sciencing
Reading Thinking #Forth I find myself with a very familiar feeling to how I've been understanding software development for many years unrelated to Forth. I think even if forth doesn't interest you that book has a great philosophy of software development
@evan in GoActivityPub an invalid signature returns a token "Anonymous" Actor entity that can be verified for permissions against the ACLs of the resource being requested. And in the case of public objects the check succeeds.
Perhaps I got lucky until now mostly relying on my own architecture for both clients and servers...
@evan probably, but the way code is structured I'm using the same client for all requests, including key fetch. I might find a way to separate between Activity requests and key fetches at some point, but until then it's kinda like that.
My logic was that in the case of a public resource most servers would just serve it even with an invalid authorization mechanism... but I guess that if you choose to fail early, that's no longer the case...
@mariusor for key checks, I think you should go unsigned first!
@mariusor I think you might be right. I think if the request is invalid, it should return 401 with the WWW-Authenticate header and the required headers.
@mariusor ofc! Let me know.
@evan it's entirely possible that the activity processing is failing at a different point in the state machine and it's not actually the key check. :D
I'll debug more tomorrow though, I reached my limit for today.
@evan yep, my client double knocks with RFC9421 and Draft HTTP signatures. Triple knocks actually in the case of key fetches, where the third time is tried w/o a signature.
@mariusor Just as a note, it should also accept RFC 9421 signatures, if you'd prefer to use them.