Mastodon follow request (strange inbox path)

naturzukunft · October 8, 2024, 3:29pm

Hi there,
i’m using mastodon to find the profile of fredy@dev.rdf-pub.org

Requesting: https://dev.rdf-pub.org/.well-known/webfinger?resource=acct:fredy@dev.rdf-pub.org
gives me:

{
    "subject": "acct:fredy@dev.rdf-pub.org",
    "links": [
        {
            "rel": "self",
            "type": "application/activity+json",
            "href": "https://dev.rdf-pub.org/d54c5840-2af9-453c-be1b-0307a10e3dde/cb0f2267-ed1a-421c-9328-dba149882513"
        }
    ]
}

Requesting https://dev.rdf-pub.org/d54c5840-2af9-453c-be1b-0307a10e3dde/cb0f2267-ed1a-421c-9328-dba149882513
gives me:

{
    "id": "https://dev.rdf-pub.org/d54c5840-2af9-453c-be1b-0307a10e3dde/cb0f2267-ed1a-421c-9328-dba149882513",
    "type": [
        "prov:Entity",
        "Person"
    ],
    "inbox": "https://dev.rdf-pub.org/d54c5840-2af9-453c-be1b-0307a10e3dde/inbox",
    "prov:wasAttributedTo": {
        "id": "https://dev.rdf-pub.org/d54c5840-2af9-453c-be1b-0307a10e3dde"
    },
    "prov:wasGeneratedBy": {
        "id": "https://dev.rdf-pub.org/d54c5840-2af9-453c-be1b-0307a10e3dde/45f3b0ec-1b74-49ff-92f8-27afd675d853"
    },
    "https://schema.rdf-pub.org/oauth2IssuerUserId": "1bdbbb62-3bb1-4a9c-8f7d-4a56e1696f4e@login.m4h.network",
    "publicKey": "https://dev.rdf-pub.org/d54c5840-2af9-453c-be1b-0307a10e3dde/52173e2a-6cd0-43de-b147-fcd0f324dd6b",
    "endpoints": "https://dev.rdf-pub.org/d54c5840-2af9-453c-be1b-0307a10e3dde/e6a2081d-5c3b-4c77-a1c0-9d5efe4e9477",
    "name": "fredy",
    "outbox": "https://dev.rdf-pub.org/d54c5840-2af9-453c-be1b-0307a10e3dde/outbox",
    "preferredUsername": "fredy",
    "published": "2024-09-17T17:09:23.673121168Z",
    "@context": [
        "https://schema.org/docs/jsonldcontext.json",
        "https://rdf-pub.org/schema/rdf-pub-context.json",
        "https://w3id.org/security/v1",
        "https://www.w3.org/ns/activitystreams"
    ]
}

Everything seems to work well so far.

If i now click on the “follow” button, i get an request:
POST “/e83aa7a7-6dee-4863-9ffb-e7f57d866d6c/inbox”, parameters={}

How can i find out, where this strange inbox path comes from ?

naturzukunft · October 8, 2024, 4:01pm

The body of the POST “/e83aa7a7-6dee-4863-9ffb-e7f57d866d6c/inbox”, parameters={}

{
  "@context": "https://www.w3.org/ns/activitystreams",
  "id": "https://mastodon.social/bcd7123d-8b70-4564-9902-5d635de89604",
  "type": "Follow",
  "actor": "https://mastodon.social/users/naturzukunft",
  "object": "https://dev.rdf-pub.org/e83aa7a7-6dee-4863-9ffb-e7f57d866d6c/7826f428-40cd-46bd-b1bb-54bdd01bb257"
}

naturzukunft · October 8, 2024, 6:05pm

Does mastodon cache actor urls ?

thisismissem · October 8, 2024, 7:41pm

Accounts are stored by actor id (URI) in Mastodon, but the issue here may be that multi-type objects aren’t necessarily well supported by many fediverse software packages, which were written assuming a single type — though it looks like Mastodon is handling this correctly for actors: mastodon/app/services/activitypub/process_account_service.rb at 258dce125668ccac45d6d0958da1c841ab7cfcee · mastodon/mastodon · GitHub

naturzukunft · October 8, 2024, 9:38pm

that looks like a cache problem. we have now managed to display the profile with activitypub.academy and send a follow request. I’m sure this also worked with mastodon.social. But then I deleted the DEV DB, so the user @fredy@dev.rdf-pub.org got a new id.

thisismissem · October 8, 2024, 10:03pm

Yeah, that’ll cause problems. If you wanna do a database reset, send out a Delete on the actor first, otherwise the trust of signing keys breaks because suddenly keys mismatch

naturzukunft · October 9, 2024, 7:03am

I don’t understand that, a delete activity with the actor subject as object? And who is the recipient?

trwnh · October 9, 2024, 7:22am

Yes, an actor deleting themselves and delivered to the actor’s followers as well as as:Public. Mastodon considers this to be an “account deletion”.

{
  "@context": "https://www.w3.org/ns/activitystreams",
  "id": "https://domain.example/some-activity",
  "actor": "https://domain.example/some-actor",
  "type": "Delete",
  "object": "https://domain.example/some-actor",
  "to": [
    "https://domain.example/some-actor/followers",
    "https://www.w3.org/ns/activitystreams#Public"
  ]
}

naturzukunft · October 9, 2024, 7:52am

ok, that makes sense. but i’m not sure, if i want to implement a “release everything” for deleting the dev db
Maybe i just use another actor name. That mastodon is caching actor urls for webfinger “names” is strange, because names can change!

So
@user1@testserver.org can be https://testserver.org/081
and
@user2@testserver.org can be https://testserver.org/082.

user1 and user2 are in my case the prefferedUsername. so the user will be able to change it.

@user1@testserver.org is an alias for @081@testserver.org, but only as long as the prefferedUsername of @081@testserver.org is user1.

trwnh · October 9, 2024, 11:00am

Not in Mastodon, they can’t

We can only hope that their logic around usernames and ids will improve over time…

naturzukunft · October 9, 2024, 11:38am

How mastodon is handling this internally doesn’t matter. But if mastodon expect the same behaviour for other Fedi Instances, that would be strange.