I want to accept follow requests with PHP. I am testing with my Mastodon.social account.
The request from my mastodon.social
account to my test server ug-mayen.de
looks like this in my log file:
{"@context":"https://www.w3.org/ns/activitystreams","id":"https://mastodon.social/5b495336-3561-42f8-8bb3-90b6d46db9af","type":"Follow","actor":"https://mastodon.social/users/Astridx","object":"https://ug-mayen.de/index.php?option=com_activitypubs&view=Profil"}
As response for mastodon.social
, I am putting together the following.
{"@context":"https:\/\/www.w3.org\/ns\/activitystreams","id":"https:\/\/ug-mayen.de\/index.php?option=com_activitypubs&view=Profil&id=63babc85ad9d6","type":"Accept","actor":"https:\/\/ug-mayen.de\/index.php?option=com_activitypubs&view=Profil","object":"{\"@context\":\"https:\/\/www.w3.org\/ns\/activitystreams\",\"id\":\"https:\/\/mastodon.social\/5b495336-3561-42f8-8bb3-90b6d46db9af\",\"type\":\"Follow\",\"actor\":\"https:\/\/mastodon.social\/users\/Astridx\",\"object\":\"https:\/\/ug-mayen.de\/index.php?option=com_activitypubs&view=Profil\"}"}
I think my signature is OK. If I use wrong keys, wrong digest or wrong signature, I get 401 Unauthorized.
The answer in my log file is 202 Accepted
HTTP/1.1 202 Accepted
Date: Sun, 08 Jan 2023 12:52:21 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: Mastodon
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Permissions-Policy: interest-cohort=()
Cache-Control: no-cache
Content-Security-Policy: base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://static-cdn.mastodon.social; img-src 'self' https: data: blob: https://static-cdn.mastodon.social; style-src 'self' https://static-cdn.mastodon.social 'nonce-YD13s6qiWcFUNr+Yu7WJww=='; media-src 'self' https: data: https://static-cdn.mastodon.social; frame-src 'self' https:; manifest-src 'self' https://static-cdn.mastodon.social; connect-src 'self' data: blob: https://static-cdn.mastodon.social https://files.mastodon.social wss://mastodon.social; script-src 'self' https://static-cdn.mastodon.social 'wasm-unsafe-eval'; child-src 'self' blob: https://static-cdn.mastodon.social; worker-src 'self' blob: https://static-cdn.mastodon.social
X-Request-Id: 0c6553d9-743b-4cd4-a1fe-13f48e07e134
X-Runtime: 0.021619
Strict-Transport-Security: max-age=63072000; includeSubDomains
Therefore, I assumed that everything fits.
But when I check my account on Mastodon.social, the following was not successful. There I find the button “Withdraw follow reques
t”. When I move the mouse over the button, the text “Waiting for approval
” appears.
There is only one user in my PHP-CMS, so the username or handle
is not relevant at the moment.
The profile
of my PHP-User is found, even in the Mastodon search.
$ curl -L 'https://ug-mayen.de?option=com_activitypubs&view=Profil' | jq
{
"@context": [
"https://www.w3.org/ns/activitystreams",
"https://w3id.org/security/v1"
],
"id": "https://ug-mayen.de/index.php?option=com_activitypubs&view=Profil",
"type": "Person",
"preferredUsername": "astrid",
"name": "astrid",
"manuallyApprovesFollowers": false,
"discoverable": true,
"inbox": "https://ug-mayen.de/index.php?option=com_activitypubs&view=Inbox",
"outbox": "https://ug-mayen.de/index.php?option=com_activitypubs&view=Outbox",
"followers": "https://ug-mayen.de/index.php?option=com_activitypubs&view=Followers",
"following": "https://ug-mayen.de/index.php?option=com_activitypubs&view=Following",
"publicKey": {
"id": "https://ug-mayen.de/index.php?option=com_activitypubs&view=Profil#main",
"owner": "https://ug-mayen.de/index.php?option=com_activitypubs&view=Profil",
"publicKeyPem": "-----BEGIN PUBLIC KEY-----\r\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkbG9P+WTrKg988crKCVk\r\nY52GRr09jDenYvGtgmEWw7f1nQsurw+KRsSfSHexG2kkUK8AV2s23bKVq5lsxsdL\r\nBieTmDJpygpuFJkMJ3HWEWluugtJ5PVEqHqxWV9YZwnpgOpE1OMteotkGEU5P7U3\r\nNg/xRd37Akel5+ON0DPy1YAuWA7wPISZuU4a6JhZVdkB5eH2kO3UyJlVLOOWsfuz\r\nCvJPNcoMPiMpk7C8FBlGZTuvWytWqxzN/CioZh2eCTEM/UFoKmw57/GJG4xghUPM\r\nLVOb2lN0MGc0RWXmq+Rc+DpjOPPZxnfEXtdbyJRDpR+udcqfCZoZr+7R35sG/vY+\r\n3QIDAQAB\r\n-----END PUBLIC KEY-----"
},
"summary": "Blog Summary",
"url": "https://ug-mayen.de/",
"publishedDate": "2017-04-05T00:00:00Z",
"icon": {
"type": "Image",
"mediaType": "image/png",
"url": "https://fimidi.com/system/accounts/avatars/109/440/699/924/678/668/original/3bfc7e943863a577.jpg"
}
}
My mastodon.social user who wants to follow is also included in the list of the followers.
$ curl -L 'https://ug-mayen.de?option=com_activitypubs&view=Followers' | jq
{
"@context": "https://www.w3.org/ns/activitystreams",
"id": "https://ug-mayen.de/index.php?option=com_activitypubs&view=Followers",
"type": "OrderedCollection",
"totalItems": 3,
"first": "https://ug-mayen.de/index.php?option=com_activitypubs&view=Followers&page=1",
"next": "https://ug-mayen.de/index.php?option=com_activitypubs&view=Followers?page=1",
"partOf": "https://ug-mayen.de/index.php?option=com_activitypubs&view=Followers",
"orderedItems": [
"https://mastodon.social/users/Astridx",
"https://mastodon.world/users/agi2",
"no actor"
]
}
So, now I don’t know what I can do to get the follow request approved and welcome any hints.