Published a blog about the new Social Inbox tool we've made at #DistributedPress which makes it easy to add #ActivityPub to your static websites.
@rra @site Hmm are you self hosting your inbox instance? We have swagger docs generated at /v1/docs
Sadly swagger doesn't have the HTTP auth stuff built in so we don't have an out of the box UI yet.
We use the http signature spec for authentication so you shoukd sign yout request with the private key corresponding to your actor's public key: https://docs.joinmastodon.org/spec/security/#http
@rra sadly the client API is still a WIP but my colleague should be getting to it next week ish. I'll see if I can get a lil somethin done before then though.
technically it should be possible to do it witg curl, you just need to do the digest calculation and signing stuff with openssl or similar. Sadly I don't have ready examples of it cause we did it in js.
Here's how we do it so far: https://github.com/hyphacoop/social.distributed.press/blob/initial/src/server/apsystem.ts#L129
@mauve @cblgh I'm still getting a 400 ("message": "\"[object Object]\" is not valid JSON") so I'm guessing our script doesnt send something yours likes. Anyway I'm out of ideas. If you have a moment to make a script based on the repos code to request an account that would be appreciated. Otherwise I'll wait for a later stage of the release.
@rra @cblgh K! We had a bug in how we authenticated methods which I just fixed today. I also added an account creation script to my staticpub example: https://github.com/RangerMauve/staticpub.mauve.moe/blob/default/create_account.js
Should all be working now!
@mauve Great! I get a 200 indeed (both with your code and the one @cblgh wrote).
This seems to indicate success, but when I then query the user account or do any other action (list admins for instance) I get 500 with "Cannot read properties of undefined (reading 'matchAll')"
I can see that the post request has added something to the store, so the account is there.
This is the path: https://ap.roelof.info/v1/@site@test.roelof.info
This is the actor:
https://test.roelof.info/about.jsonld
@cblgh let us know whether you want to be untagged from this :)
@mauve Hi thanks for the suggestion! Together with @cblgh we managed to recreate the signing code pretty close before you sent it! However we get Bad Request but we're also unsure whether we're overlooking something. Maybe you have an idea?
https://gist.github.com/rscmbbng/63a3066e811aa72a5cab508eb20cdd45