Activity Pub SSO

We are wondering is there something out there using AP as an SSO process
We could install on any AP instance, login with my AP account > enter
this would send a validation process to that account and come back with a registered token
and just like an SSO open the door to contributing inside that instance
does something like this exist ?

With ActivityPub Client to Server this is trivally the case, as I described on Helge's blog: BIN-2 Moo Client Registration Flow. It might be possible to modify existing FediVerse software to act as ActivityPub Clients. However, this might be quite involved as one needs to unentangle a lot of stuff.

1 Like

“AP SSO” doesn’t really make sense, since AP is just about transport (POST to inbox).

Look instead to OpenID Connect (generic identity provider, IdP) or IndieAuth (identifying as a URL) or RelMeAuth (like IndieAuth, but using a linked identity with OpenID Connect)

That’s nearly a perfect description of OpenWebAuth. It basically uses webfinger and http-signatures, and essentially links your browser session on the current instance to your browser session on your home instance (or instances in the case of Zot/Nomad).

We would promote it as a fediverse specification except for the fact that just like ActivityPub, we’re tying it to an outdated http-signatures spec. I think we should just grab a copy of draft-cavage-http-signatures > 10 and freeze it and call it the fediverse’s supported mechanism - because it already is.


That’s super interesting in many ways ,
if we add a verb authenticate + openWebAuth , we could make it run just like a follow
where any user would validate their own account themselves to be a valid user on any other AP plateform
We are going to implement it as if it exist and it will work between 2 communecter instances
if any platform would like to implement it , that would a great begining in giving cross platform multi context contribution capabilities to our AP communities

If you implement something with an expectation that other people might want to implement similar things, please consider writing a FEP.