Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • World
  • Users
  • Groups
Skins
  • Light
  • Brite
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (Darkly)
  • No Skin
Collapse
Brand Logo
  1. Home
  2. Uncategorized
  3. I think the #ActivityPub client-to-server API is extremely important and underrated.

I think the #ActivityPub client-to-server API is extremely important and underrated.

Scheduled Pinned Locked Moved Uncategorized
activitypubfediverse
109 Posts 11 Posters 0 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • Evan ProdromouE Evan Prodromou

    @steve @smallcircles I also agree that having a separate "home timeline" and "notifications timeline" makes sense. There's an open user story for that:

    https://github.com/swicg/activitypub-api/issues/21

    🫧 socialcoding..S This user is from outside of this forum
    🫧 socialcoding..S This user is from outside of this forum
    🫧 socialcoding..
    wrote last edited by
    #61

    @evan @steve

    The way I see it, this has the wrong stakeholder name of "ActivityPub API client developer" i.e. spec implementer, and a Home Feed is something I may want as a "Solution developer" stakeholder. In other words that library or SDK that offers me the Social API should allow me to model that.

    The user story was also brought up by Mastodon, a Microblogging solution built on top of AP (ideally).

    Evan ProdromouE 1 Reply Last reply
    0
    • 🫧 socialcoding..S 🫧 socialcoding..

      @evan @steve

      > I think it's fair to call the outbox the actor's 'feed'?

      The actor's event bus in a pure event based approach. 😃

      Does that break AP? Current fediverse?
      Can AP be considered an event-driven architecture of sorts (or restrained as such in a solution design)?

      I really like the Motivating use cases section of the AS specs, and the primer that sits on the W3C wiki to that. Those might be further formalized so they are applied consistently.

      Evan ProdromouE This user is from outside of this forum
      Evan ProdromouE This user is from outside of this forum
      Evan Prodromou
      wrote last edited by
      #62

      @smallcircles @steve I know what an "event bus" is but I don't think it applies here. Usually it means a global data structure that attached processes can add events to and read events from. We don't have that in ActivityPub.

      I think it's fair to say that activities are like events.

      I also like the use cases and primer.

      🫧 socialcoding..S 1 Reply Last reply
      2
      0
      • 🫧 socialcoding..S 🫧 socialcoding..

        @evan @steve

        The way I see it, this has the wrong stakeholder name of "ActivityPub API client developer" i.e. spec implementer, and a Home Feed is something I may want as a "Solution developer" stakeholder. In other words that library or SDK that offers me the Social API should allow me to model that.

        The user story was also brought up by Mastodon, a Microblogging solution built on top of AP (ideally).

        Evan ProdromouE This user is from outside of this forum
        Evan ProdromouE This user is from outside of this forum
        Evan Prodromou
        wrote last edited by
        #63

        @smallcircles @steve please comment on the issue!

        1 Reply Last reply
        2
        0
        • mariusM marius

          @steve out of curiousity why do you make a difference between a consumer of AcitvityPub (assumedly you mean something that fetches ActivityPub using HTTP GET) and a C2S client?

          My assumption is that if something fetches ActivityPub objects and is capable of rendering it to another representation for its users, that's a client to server client.

          Client to server has two sections: consumer and producer and I think anything that fulfills any of those can be called a C2S client...

          @smallcircles @evan

          Steve BateS This user is from outside of this forum
          Steve BateS This user is from outside of this forum
          Steve Bate
          wrote last edited by
          #64

          @mariusor @smallcircles @evan C2S has client-side and server-side aspects (different, but overlapping, behavioral requirements, etc.). Both sides consume *and* produce AP data (pull and push for S2S, currently only pull for C2S). Fetching AP data (URI dereferencing) is common to both C2S and S2S.

          mariusM Emelia 👸🏻T 2 Replies Last reply
          0
          • Steve BateS Steve Bate

            @mariusor @smallcircles @evan C2S has client-side and server-side aspects (different, but overlapping, behavioral requirements, etc.). Both sides consume *and* produce AP data (pull and push for S2S, currently only pull for C2S). Fetching AP data (URI dereferencing) is common to both C2S and S2S.

            mariusM This user is from outside of this forum
            mariusM This user is from outside of this forum
            marius
            wrote last edited by
            #65

            @steve yes, but something dumb that only fetches a URL and converts the resulting ActivityPub into a valid other type of representation is a valid client in my opinion. That's what I mean, was that unclear?

            @smallcircles @evan

            Steve BateS 1 Reply Last reply
            0
            • Steve BateS Steve Bate

              @mariusor @smallcircles @evan C2S has client-side and server-side aspects (different, but overlapping, behavioral requirements, etc.). Both sides consume *and* produce AP data (pull and push for S2S, currently only pull for C2S). Fetching AP data (URI dereferencing) is common to both C2S and S2S.

              Emelia 👸🏻T This user is from outside of this forum
              Emelia 👸🏻T This user is from outside of this forum
              Emelia 👸🏻
              wrote last edited by
              #66

              @steve @mariusor @smallcircles @evan this is a huge thread, but off-cuff comment: C2S will need a "proxy" where you can fetch a remote object **with** identity/authentication

              mariusM Ben Pate 🤘🏻B 2 Replies Last reply
              0
              • Emelia 👸🏻T Emelia 👸🏻

                @steve @mariusor @smallcircles @evan this is a huge thread, but off-cuff comment: C2S will need a "proxy" where you can fetch a remote object **with** identity/authentication

                mariusM This user is from outside of this forum
                mariusM This user is from outside of this forum
                marius
                wrote last edited by
                #67

                @thisismissem I have just implemented that for the GoActivityPub servers and it's easier than it sounds.

                The only important step required is to convert the client authorization token (presumably an OAuth2 bearer token) to a valid actor and then further to a valid Private Key with which to sign the remote request. After that the only thing remaining is to pipe verbatim the received response to the client...

                @steve @smallcircles @evan

                Emelia 👸🏻T 1 Reply Last reply
                2
                0
                • Evan ProdromouE Evan Prodromou

                  @smallcircles @steve I know what an "event bus" is but I don't think it applies here. Usually it means a global data structure that attached processes can add events to and read events from. We don't have that in ActivityPub.

                  I think it's fair to say that activities are like events.

                  I also like the use cases and primer.

                  🫧 socialcoding..S This user is from outside of this forum
                  🫧 socialcoding..S This user is from outside of this forum
                  🫧 socialcoding..
                  wrote last edited by
                  #68

                  @evan @steve

                  Well, but a part of the specs can certainly be considered a message bus with channels conceptually.

                  Channel is the name that AsyncAPI uses, which maps to domain aggregates and actor streams.

                  But considering things purely event-based is stretching it, and may be better to discern between commands and events.

                  Evan ProdromouE 1 Reply Last reply
                  0
                  • Emelia 👸🏻T Emelia 👸🏻

                    @steve @mariusor @smallcircles @evan this is a huge thread, but off-cuff comment: C2S will need a "proxy" where you can fetch a remote object **with** identity/authentication

                    Ben Pate 🤘🏻B This user is from outside of this forum
                    Ben Pate 🤘🏻B This user is from outside of this forum
                    Ben Pate 🤘🏻
                    wrote last edited by
                    #69

                    @thisismissem @steve @mariusor @smallcircles @evan

                    Just checking my memory.. this concept exists already, yes?

                    https://www.w3.org/wiki/ActivityPub/Primer/proxyUrl_endpoint

                    Are you just saying that the new API spec should include this? Or am I missing something?

                    Evan ProdromouE Emelia 👸🏻T 2 Replies Last reply
                    2
                    0
                    • mariusM marius

                      @steve yes, but something dumb that only fetches a URL and converts the resulting ActivityPub into a valid other type of representation is a valid client in my opinion. That's what I mean, was that unclear?

                      @smallcircles @evan

                      Steve BateS This user is from outside of this forum
                      Steve BateS This user is from outside of this forum
                      Steve Bate
                      wrote last edited by
                      #70

                      @mariusor @smallcircles @evan I *think* it’s
                      clear. I agree it’s a kind of “client”, just not necessarily a C2S client.

                      mariusM 1 Reply Last reply
                      0
                      • Ben Pate 🤘🏻B Ben Pate 🤘🏻

                        @thisismissem @steve @mariusor @smallcircles @evan

                        Just checking my memory.. this concept exists already, yes?

                        https://www.w3.org/wiki/ActivityPub/Primer/proxyUrl_endpoint

                        Are you just saying that the new API spec should include this? Or am I missing something?

                        Evan ProdromouE This user is from outside of this forum
                        Evan ProdromouE This user is from outside of this forum
                        Evan Prodromou
                        wrote last edited by
                        #71

                        @benpate @thisismissem @steve @mariusor @smallcircles

                        Yes, proxyUrl already exists. There's a use case here:

                        https://github.com/swicg/activitypub-api/issues/10

                        The only other way I've seen this use case discussed is with client-side HTTP Signature keys. There's some kind of negotiation between the server and the client, and then the client can make requests to remote servers using HTTP Signature and a key it controls.

                        Emelia 👸🏻T 1 Reply Last reply
                        2
                        0
                        • Steve BateS Steve Bate

                          @mariusor @smallcircles @evan I *think* it’s
                          clear. I agree it’s a kind of “client”, just not necessarily a C2S client.

                          mariusM This user is from outside of this forum
                          mariusM This user is from outside of this forum
                          marius
                          wrote last edited by
                          #72

                          @steve OK, but why?

                          I feel like I explained my position relatively clearly, I would like to understand yours, even though I feel some animosity has started to crop up.

                          @smallcircles @evan

                          Steve BateS 1 Reply Last reply
                          0
                          • 🫧 socialcoding..S 🫧 socialcoding..

                            @evan @steve

                            Well, but a part of the specs can certainly be considered a message bus with channels conceptually.

                            Channel is the name that AsyncAPI uses, which maps to domain aggregates and actor streams.

                            But considering things purely event-based is stretching it, and may be better to discern between commands and events.

                            Evan ProdromouE This user is from outside of this forum
                            Evan ProdromouE This user is from outside of this forum
                            Evan Prodromou
                            wrote last edited by
                            #73

                            @smallcircles @steve maybe? I guess you could consider the `sharedInbox` to be like that.

                            I think that activities sent to the API by a client are kind of like commands, but they can also be events that happened on a different system.

                            If I got an achievement in a game, and that was sent as an activity to the API, it's more like an event notification than a command.

                            🫧 socialcoding..S 1 Reply Last reply
                            0
                            • mariusM marius

                              @steve OK, but why?

                              I feel like I explained my position relatively clearly, I would like to understand yours, even though I feel some animosity has started to crop up.

                              @smallcircles @evan

                              Steve BateS This user is from outside of this forum
                              Steve BateS This user is from outside of this forum
                              Steve Bate
                              wrote last edited by
                              #74

                              @mariusor @smallcircles @evan No animosity here. However, I’m not sure how to explain it more clearly. I’m referring to C2S as described in chapter 6 of the ActivityPub specification (and the conformance profiles in Section 2.1). It sounded to me like you’re using a more general definition of “client”, which is fine, just different in significant ways (if it only dereferences and renders AP data).

                              🫧 socialcoding..S 1 Reply Last reply
                              0
                              • Evan ProdromouE Evan Prodromou

                                @smallcircles @steve maybe? I guess you could consider the `sharedInbox` to be like that.

                                I think that activities sent to the API by a client are kind of like commands, but they can also be events that happened on a different system.

                                If I got an achievement in a game, and that was sent as an activity to the API, it's more like an event notification than a command.

                                🫧 socialcoding..S This user is from outside of this forum
                                🫧 socialcoding..S This user is from outside of this forum
                                🫧 socialcoding..
                                wrote last edited by
                                #75

                                @evan @steve

                                Rather than sharedInbox I was more thinking that by implementing the HTTP API and msg exchanges in a well-prescribed manner, these would effectively model an event bus conceptually. After which you can talk about it as a higher abstraction that exists, and not get lost in the reeds of the impl details anymore.

                                Evan ProdromouE 1 Reply Last reply
                                0
                                • Steve BateS Steve Bate

                                  @mariusor @smallcircles @evan No animosity here. However, I’m not sure how to explain it more clearly. I’m referring to C2S as described in chapter 6 of the ActivityPub specification (and the conformance profiles in Section 2.1). It sounded to me like you’re using a more general definition of “client”, which is fine, just different in significant ways (if it only dereferences and renders AP data).

                                  🫧 socialcoding..S This user is from outside of this forum
                                  🫧 socialcoding..S This user is from outside of this forum
                                  🫧 socialcoding..
                                  wrote last edited by
                                  #76

                                  @steve @mariusor @evan

                                  He he, language is hard. A case of terminology overload and clashing terms. Domain driven design has the clearly defined bounded context here which is the scope within which terms are valid. Forming a consistency boundary. These context lines are blurred in fediverse talk. 😅

                                  Evan ProdromouE 1 Reply Last reply
                                  0
                                  • mariusM marius

                                    @thisismissem I have just implemented that for the GoActivityPub servers and it's easier than it sounds.

                                    The only important step required is to convert the client authorization token (presumably an OAuth2 bearer token) to a valid actor and then further to a valid Private Key with which to sign the remote request. After that the only thing remaining is to pipe verbatim the received response to the client...

                                    @steve @smallcircles @evan

                                    Emelia 👸🏻T This user is from outside of this forum
                                    Emelia 👸🏻T This user is from outside of this forum
                                    Emelia 👸🏻
                                    wrote last edited by
                                    #77

                                    @mariusor @steve @smallcircles @evan well, your server *knows* it's access token to user mapping, so then you're just doing authorised fetch as that actor from server side

                                    mariusM 1 Reply Last reply
                                    2
                                    0
                                    • Ben Pate 🤘🏻B Ben Pate 🤘🏻

                                      @thisismissem @steve @mariusor @smallcircles @evan

                                      Just checking my memory.. this concept exists already, yes?

                                      https://www.w3.org/wiki/ActivityPub/Primer/proxyUrl_endpoint

                                      Are you just saying that the new API spec should include this? Or am I missing something?

                                      Emelia 👸🏻T This user is from outside of this forum
                                      Emelia 👸🏻T This user is from outside of this forum
                                      Emelia 👸🏻
                                      wrote last edited by
                                      #78

                                      @benpate @steve @mariusor @smallcircles @evan i'm not sure proxyUrl does what I'm thinking of here

                                      1 Reply Last reply
                                      1
                                      0
                                      • Evan ProdromouE Evan Prodromou

                                        @benpate @thisismissem @steve @mariusor @smallcircles

                                        Yes, proxyUrl already exists. There's a use case here:

                                        https://github.com/swicg/activitypub-api/issues/10

                                        The only other way I've seen this use case discussed is with client-side HTTP Signature keys. There's some kind of negotiation between the server and the client, and then the client can make requests to remote servers using HTTP Signature and a key it controls.

                                        Emelia 👸🏻T This user is from outside of this forum
                                        Emelia 👸🏻T This user is from outside of this forum
                                        Emelia 👸🏻
                                        wrote last edited by
                                        #79

                                        @evan @benpate @steve @mariusor @smallcircles my understanding of proxyUrl is that it's just fetching a remote object, but without forwarding authorization

                                        For many cases you want to forward the request as the authenticated user to the remote server, not doing the request anonymously

                                        mariusM 1 Reply Last reply
                                        0
                                        • Emelia 👸🏻T Emelia 👸🏻

                                          @mariusor @steve @smallcircles @evan well, your server *knows* it's access token to user mapping, so then you're just doing authorised fetch as that actor from server side

                                          mariusM This user is from outside of this forum
                                          mariusM This user is from outside of this forum
                                          marius
                                          wrote last edited by
                                          #80

                                          @thisismissem which is what proxyUrl is supposed to do, right?

                                          Did you mean it in a different way?

                                          @steve @smallcircles @evan

                                          1 Reply Last reply
                                          1
                                          0
                                          Reply
                                          • Reply as topic
                                          Log in to reply
                                          • Oldest to Newest
                                          • Newest to Oldest
                                          • Most Votes


                                          • Login

                                          • Don't have an account? Register

                                          • Login or register to search.
                                          Powered by NodeBB Contributors
                                          • First post
                                            Last post
                                          0
                                          • Categories
                                          • Recent
                                          • Tags
                                          • Popular
                                          • World
                                          • Users
                                          • Groups