I know this will start a conversation about how this should work, but I’d like to restrict this to the facts: how does it work?
I’ve implemented what I believe to the correct flow for remote follows:
You use Webfinger to look up the remote server’s follow action URL template.
You direct the user to this URL, replacing the template placeholder with the actor to be followed. For example: https://mastodon.social/authorize_interaction?uri={uri}
The redirect to this URL takes place and the user can take action.
But it’s here, where with Mastodon, I receive the error: "Unfortunately, there was an error looking up the remote account"
I see the remote server making a successful request to the actor’s IRI on my server, so the flow looks to be successful, however this catch-all error happens anyway.
Does anybody have the spec of what is needed to make this work?
In which format have you added the uri? In Friendica we just use the url-encoded contact url and not the handle. For Mastodon accounts you have got three different representations:
https://domain.tld/users/user
user@domain.tld
https://domain.tld/@user
You have to use the first format. I’m unsure if it works for the other formats as well.
Yeah, that’s the same I’m doing. The URI is the full ActivityPub actor’s URL, and the remote server is successfully requesting it. So I’m assuming there’s something specific missing in my actor’s response, but I couldn’t come up with anything. So that’s why I was curious if there was a spec I could reference to find out what the remote server (in this case Mastodon) is looking for that I might be missing.
I know this screenshot isn’t terribly helpful, but it just shows that Mastodon is successfully making a request to the resource that it’s trying to get the info of.
the system is performing a webfinger request, also it tries to fetch the profile URL. If you provide me with your profile url, I can check it - but I only later this days, since currently I’m away.
There is no such thing as a spec for Remote Follow, it is implementation-defined and is one of those things from GnuSocial/OStatus-era which didn’t get standardized into ActivityPub.
I would strongly suggest to not use Remote Follow or try to replicate it’s behavior as it works like phishing: Stating your account on another platform and hopefully being sent to your actual instance for the Follow.
Putting a link to the ActivityPub id, why not formatted like a webfinger address (which is an extension of the spec) should be the way to go, ActivityPub implementations tend to allows to paste the link into the search field.
Another other way it could be done would be via custom-schemes (ie. activitypub://follow/$id), sadly browsers are terrible and tend to not allow to pick handlers dynamically, good luck with WHATWG I guess.
Oh weird! Well that’s good to know I’m not crazy and you were able to see the remote follow work. Maybe these other servers I’ve been testing with have something cached from previous testing, too.
I appreciate you trying it out and letting me know!
I believe this exact structure is required, and the rel field is especially important. Also make sure that you’re setting Content-Type to something sensible like application/json.
I think the webfinger is working fine, since the remote server is fetching the profile URL. As an aside, if I simply search for my server within a Mastodon server’s interface, for example, it works fine 100% of the time. So I don’t feel like there’s something fundamentally wrong. Just this very specific remote follow prompt flow.
Have you compared your request flow to what Mastodon does to another instance?
I see a GET of /authorize_interaction?url= followed by the url-encoded https://example.com/users/username and a bunch of headers you may want to compare.
If I’m not mistaken "http://ostatus.org/schema/1.0/subscribe" is required if I want users on my server to support following a remote server, a flow I’m not looking to support at this time. In this case I want a remote server to follow my server (the opposite). Example: A remote mastodon user to follow the account on my server. Please let me know if I’m wrong and this entity is required the other direction as well, though I don’t know in my case what I would do if somebody landed there (I don’t have “users”), but I can deal with that if needed.
Please see the above gif example, as I believe I’m having a hard time concretely explaining the exact flow I’m talking about since “remote follow” doesn’t imply a direction.
To clarify:
I’m redirecting successfully to Mastodon via:
https://{instance}/authorize_interaction?uri=https://ap-test.owncast.tv/federation/user/testing
And it returns:
Unfortunately, there was an error looking up the remote account
Even though it looks up the account fine if you type it in the search bar:
When you want to follow someone using an account on your instance, you need to have this in your webfinger response so the remote server knows where to redirect after you enter username@your.instance.
When you want the opposite side of this flow (i.e. allow mastodon users to remotely interact with something hosted on your instance), you need to ask the user for their username@domain, do a webfinger request and look for that entry, then replace {uri} with the ID of the object to be interacted with and redirect the user to the resulting URL.
You definitely shouldn’t be hardcoding these URL templates.
You definitely shouldn’t be hardcoding these URL templates.
I’m not, I’m just trying to clarify what I’m seeing in the examples to try to be clear what is happening. I’m using Webfinger.
so the remote server knows where to redirect after you enter username@your.instance .
This is where I’m confused. The remote server isn’t doing the redirection, my server is doing the redirection to the remote server for them to authorize the follow.
i think @gabek is right that the subscribe property doesn’t make sense for the flow they’re looking to implement, my guess is that there’s something else wrong with the server actor but i could also imagine that some implementations are requiring that property for symmetry reasons on accident.
@gabek, this is because you’re returning an application/json content-type header, instead of the more specific application/activity+json or application/ld+json; profile="https://www.w3.org/ns/activitystreams" content type. That means that when Mastodon goes to look up the URL it can’t figure out whether it’s an actor or a status.