Hi all,
I am trying to wrote some sample Follow code and Instance response code on the Fediverse, but am not having success after a prolonged period of time.
In short, I am trying to simulate a Follow request from one instance to another. The Follow Request instance is supposed to be farhan@p.farhan.codes. This runs some custom Python code I have written. The receiving host is ngrok@ee880c3b32b8.ngrok.io, an active instance running Pleroma.
I am having the receiving host, in this case ee880c3b32b8 (dot) ngrok (dot) io (changed because of forum limitations), reach back out to the test server, p.farhan.codes/users/farhan, upon which it reports back that there was a failure.
I suspect the mistake is somewhere in the httpsig or the response, but I have no idea where or what. My follow code is as follows below. Feel free to also reach out to the running host p.farhan.codes.
I did not understand what you mean by not making the actor object available. Do you mean that the Requested instance, in this case ee880c3b32b8(dot)ngrok(dot)io, will reach back out to the requestor instance? Would that be a request to /inbox/username? I have code that does exactly that and replies with the public portion of the certificate used to send the initial certificate. However, I still receive an “error” message.
My thoughts are either:
A. The format that it is replying in is not correct - However, I verbatim copied a Mastodon instance’s reply format.
B. Something is wrong with the HTTP sig code
C. Something else.
I read the Mastodon documentation, but to be honest, it is not very clear on how a response to the actor object should look.
It will request the actor object from the URL you specify in the actor field in your activity. The object should be a well-formed JSON document, with the public key among other things. Please read the tutorials I linked, they explain everything you need to achieve the exact thing you’re trying to do. Just replace Ruby code with Python equivalent.
Are you sure you’re signing your requests correctly? Your actor object appears to be valid now, including the public key, at least Smithereen happily accepts it (see on my instance).
Edit: see my definitely working Java code for HTTP signatures. You may skip Digest, the part where you hash the entire request body, but be aware that some Mastodon instances won’t accept requests without it.