Authentication
Solid-OIDC
In v2.0, we partly support authentication through Solid-OIDC. This is detailed in #121.
We do not support yet DPoP to request resources, but it will be implemented as soon as possible. In the meanwhile, the ActivityPub-defined Proxy endpoint should be used to request remote servers.
HTTP Signature
HTTP signature is the recommended way to authenticate for server-to-server ActivityPub interactions. It is generally used when POSTing to other inboxes. We have extended its use so that it can be used on any endpoint, including LDP routes.
There is now a proposal to integrate HTTP signature in the Solid protocol.
Proxy endpoint
The ActivityPub specification mentions a as:proxyUrl
predicate (included in the as:endpoint
predicate of the actor) with the following description:
Endpoint URI so this actor’s clients may access remote ActivityStreams objects which require authentication to access. To use this endpoint, the client posts an
x-www-form-urlencoded`` id parameter with the value being the
id` of the requested ActivityStreams object.
We have implemented this endpoint, and we have extended it for non-GET methods using the multipart/form-data
Content-Type.
To do that, you may pass a `multipart/form-data“ Content-Type with the following fields:
id
: The URI of the resourcemethod
: The HTTP method to use (default toGET
)headers
: The HTTP headers to pass to the request (in JSON format)body
: The body of the request (optional)
Linked Data Signature
In addition to HTTP signature, it is recommended to also verify content posted to inboxes with Linked Data Signatures in order to increase security. This is implemented by only a few ActivityPub-compatible softwares (notably Mastodon), and none enforces it at the moment.
WebID-TLS
Considering WebID-TLS authentication mechanism, used before Solid-OIDC, is now only an option, we will not implement it.