med-mastodon.com is one of the many independent Mastodon servers you can use to participate in the fediverse.
Medical community on Mastodon

Administered by:

Server stats:

365
active users

#httpsignatures

0 posts0 participants0 posts today
洪 民憙 (Hong Minhee)<p><strong>Fedify 1.6</strong></p> <p><a href="https://hackers.pub/@hongminhee/2025/fedify-1-6" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">hackers.pub/@hongminhee/2025/f</span><span class="invisible">edify-1-6</span></a></p>
Fedify: an ActivityPub server framework<p>We're excited to announce the release of <a class="mention hashtag" rel="nofollow noopener noreferrer" href="https://hollo.social/tags/Fedify" target="_blank">#<span>Fedify</span></a> 1.6.1, which marks the beginning of the 1.6 series following the retraction of version 1.6.0. This release introduces significant new capabilities that expand Fedify's deployment options and enhance security compatibility across the <a class="mention hashtag" rel="nofollow noopener noreferrer" href="https://hollo.social/tags/fediverse" target="_blank">#<span>fediverse</span></a>.</p><p><strong>🌐 Cloudflare Workers support</strong></p><p>Fedify 1.6 introduces first-class support for <a href="https://workers.cloudflare.com/" rel="nofollow noopener noreferrer" target="_blank">Cloudflare Workers</a>, enabling <a class="mention hashtag" rel="nofollow noopener noreferrer" href="https://hollo.social/tags/serverless" target="_blank">#<span>serverless</span></a> deployment of <a class="mention hashtag" rel="nofollow noopener noreferrer" href="https://hollo.social/tags/ActivityPub" target="_blank">#<span>ActivityPub</span></a> applications at the edge.</p><p><strong>New components</strong></p><ul> <li><strong><a href="https://fedify.dev/manual/kv#workerskvstore-cloudflare-workers-only" rel="nofollow noopener noreferrer" target="_blank"><code>WorkersKvStore</code></a></strong>: A key–value store implementation using <a href="https://developers.cloudflare.com/kv/" rel="nofollow noopener noreferrer" target="_blank">Cloudflare's KV API</a> for persistent storage in Workers environments</li><li><strong><a href="https://fedify.dev/manual/mq#workersmessagequeue-cloudflare-workers-only" rel="nofollow noopener noreferrer" target="_blank"><code>WorkersMessageQueue</code></a></strong>: A message queue implementation leveraging <a href="https://developers.cloudflare.com/queues/" rel="nofollow noopener noreferrer" target="_blank">Cloudflare Queues</a> for reliable message processing</li> </ul><p><strong>Key features</strong></p><ul> <li>Seamless integration with <a class="mention hashtag" rel="nofollow noopener noreferrer" href="https://hollo.social/tags/Cloudflare" target="_blank">#<span>Cloudflare</span></a>'s serverless runtime</li><li>Automatic handling of queue message processing through Workers' <code>queue()</code> method</li><li>Support for <a href="https://developers.cloudflare.com/workers/runtime-apis/nodejs/" rel="nofollow noopener noreferrer" target="_blank">Node.js compatibility flag</a> required for Fedify's cryptographic operations</li><li>Manual queue processing via <code>Federation.processQueuedTask()</code> method</li> </ul><p>For a complete working example, see the <a href="https://github.com/fedify-dev/fedify/tree/1.6-maintenance/examples/cloudflare-workers" rel="nofollow noopener noreferrer" target="_blank">Cloudflare Workers example</a> in the Fedify repository.</p><p><strong>🏗️ Federation builder pattern</strong></p><p>Fedify 1.6 introduces the <code>FederationBuilder</code> class and <code>createFederationBuilder()</code> function to support <a href="https://fedify.dev/manual/federation#builder-pattern-for-structuring" rel="nofollow noopener noreferrer" target="_blank">deferred federation instantiation</a>. This pattern provides several benefits:</p><ul> <li><strong>Deferred instantiation</strong>: Set up dispatchers and listeners before creating the federation object</li><li><strong>Better code organization</strong>: Avoid circular dependencies and improve project structure</li><li><strong>Cloudflare <a class="mention hashtag" rel="nofollow noopener noreferrer" href="https://hollo.social/tags/Workers" target="_blank">#<span>Workers</span></a> compatibility</strong>: Accommodates binding-based architectures where resources are passed as arguments rather than globals</li><li><strong>Modular setup</strong>: Build complex federations piece by piece before instantiation</li> </ul><p>The builder pattern is particularly useful for large applications and environments like Cloudflare Workers where configuration data is only available at runtime.</p><p><strong>🔐 HTTP Message Signatures (RFC 9421)</strong></p><p>Fedify 1.6 implements the official <a href="https://www.rfc-editor.org/rfc/rfc9421" rel="nofollow noopener noreferrer" target="_blank">HTTP Message Signatures standard (RFC 9421)</a> specification, the final revision of the HTTP Signatures specification.</p><p><strong>Double-knocking mechanism</strong></p><p>To ensure maximum compatibility across the fediverse, Fedify 1.6 introduces an intelligent double-knocking mechanism:</p><ol> <li><strong>Primary attempt</strong>: <a href="https://www.rfc-editor.org/rfc/rfc9421" rel="nofollow noopener noreferrer" target="_blank">RFC 9421</a> (HTTP Message Signatures) for modern implementations</li><li><strong>Fallback</strong>: <a href="https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-12" rel="nofollow noopener noreferrer" target="_blank">Draft cavage version</a> for legacy compatibility</li><li><strong>Adaptive caching</strong>: The system remembers which version each server supports to optimize future requests</li> </ol><p>This approach ensures seamless communication with both modern and legacy ActivityPub implementations while positioning Fedify at the forefront of security standards.</p><p><strong>Interoperability testing</strong></p><p>The RFC 9421 implementation has been thoroughly tested for interoperability with existing ActivityPub implementations that support RFC 9421 signature verification:</p><ul> <li><strong>Mitra 4.4.0</strong>: Successfully verified Fedify-generated RFC 9421 signatures</li><li><strong>Mastodon 4.4.0 development version</strong>: Tested RFC 9421 signature verification against Fedify's implementation (refer to <a href="https://github.com/mastodon/mastodon/pull/34814" rel="nofollow noopener noreferrer" target="_blank">Mastodon PR #34814</a>, though Mastodon 4.4.0 has not yet been released)</li> </ul><p>These tests confirm that other ActivityPub implementations can successfully verify RFC 9421 signatures generated by Fedify, ensuring proper federation as the ecosystem gradually adopts the official specification. While these implementations currently support verification of RFC 9421 signatures, they do not yet generate RFC 9421 signatures themselves—making Fedify one of the first ActivityPub implementations to support both generation and verification of the modern standard.</p><p><strong>🔍 WebFinger enhancements</strong></p><p><strong>Dedicated WebFinger lookup</strong></p><p>The new <a href="https://fedify.dev/manual/context#webfinger-lookups" rel="nofollow noopener noreferrer" target="_blank"><code>Context.lookupWebFinger()</code></a> method provides direct access to <a href="https://datatracker.ietf.org/doc/html/rfc7033" rel="nofollow noopener noreferrer" target="_blank">WebFinger</a> data, offering developers more granular control over account discovery and resource resolution beyond the higher-level <a href="https://fedify.dev/manual/context#looking-up-remote-objects" rel="nofollow noopener noreferrer" target="_blank"><code>Context.lookupObject()</code></a> method.</p><p><strong>🛠 Context API improvements</strong></p><p><strong>Context data replacement</strong></p><p>The new <a href="https://fedify.dev/manual/context#replacing-the-context-data" rel="nofollow noopener noreferrer" target="_blank"><code>Context.clone()</code></a> method enables dynamic context data replacement, providing greater flexibility in request processing and data flow management. This is particularly useful for middleware implementations and complex request routing scenarios.</p><p><strong>🚀 Migration considerations</strong></p><p><strong>Backward compatibility</strong></p><p>Fedify 1.6 maintains full backward compatibility with existing applications. The new HTTP Message Signatures and double-knocking mechanisms work transparently without requiring any code changes.</p><p><strong>Node.js version requirement</strong></p><p><strong>Important</strong>: Fedify 1.6 requires Node.js 22.0.0 or later for Node.js environments. This change does not affect applications using Deno or Bun runtimes. If you're currently using Node.js, please ensure your environment meets this requirement before upgrading.</p><p><strong>New deployment options</strong></p><p>For new deployments, consider leveraging Cloudflare Workers support for:</p><ul> <li>Global edge deployment with low latency</li><li>Serverless scaling and automatic resource management</li><li>Integration with Cloudflare's ecosystem of services</li> </ul><p><strong>🎯 Looking forward</strong></p><p>Fedify 1.6 represents a significant expansion of deployment possibilities while maintaining the framework's commitment to broad compatibility across the fediverse. The addition of Cloudflare Workers support opens new architectural patterns for federated applications, while the RFC 9421 implementation ensures Fedify stays current with emerging ActivityPub security standards.</p> <p>For detailed migration guides, API documentation, and examples, please visit the <a href="https://fedify.dev/" rel="nofollow noopener noreferrer" target="_blank">Fedify documentation</a>. Join our community on <a href="https://matrix.to/#/#fedify:matrix.org" rel="nofollow noopener noreferrer" target="_blank">Matrix</a> or <a href="https://discord.gg/bhtwpzURwd" rel="nofollow noopener noreferrer" target="_blank">Discord</a> for support and discussions.</p><p><a class="mention hashtag" rel="nofollow noopener noreferrer" href="https://hollo.social/tags/fedidev" target="_blank">#<span>fedidev</span></a> <a class="mention hashtag" rel="nofollow noopener noreferrer" href="https://hollo.social/tags/RFC9421" target="_blank">#<span>RFC9421</span></a> <a class="mention hashtag" rel="nofollow noopener noreferrer" href="https://hollo.social/tags/HTTPSignatures" target="_blank">#<span>HTTPSignatures</span></a> <a class="mention hashtag" rel="nofollow noopener noreferrer" href="https://hollo.social/tags/HTTPMessageSignatures" target="_blank">#<span>HTTPMessageSignatures</span></a> <a class="mention hashtag" rel="nofollow noopener noreferrer" href="https://hollo.social/tags/CloudflareWorkers" target="_blank">#<span>CloudflareWorkers</span></a></p>
Riussi<p>Any C# developer want to contribute a C# example of how to do HTTP Signing to go along with our existing Java, JavaScript, Python and Go examples?</p><p><a href="https://docs.upvest.co/documentation/getting_started/http_signatures/implementing_http_signatures_samples" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">docs.upvest.co/documentation/g</span><span class="invisible">etting_started/http_signatures/implementing_http_signatures_samples</span></a></p><p><a href="https://github.com/upvestco/http-signature-examples" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/upvestco/http-signa</span><span class="invisible">ture-examples</span></a></p><p><a href="https://hachyderm.io/tags/dotnet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dotnet</span></a> <a href="https://hachyderm.io/tags/csharp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>csharp</span></a> <a href="https://hachyderm.io/tags/http" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>http</span></a> <a href="https://hachyderm.io/tags/httpsignatures" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>httpsignatures</span></a></p>
洪 民憙 (Hong Minhee) 🤏🏼<p>This document, edited by <span class="h-card" translate="no"><a href="https://fed.brid.gy/r/https://snarfed.org/" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>snarfed.org</span></a></span>, is really helpful for implementing <a href="https://todon.eu/tags/Fedify" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fedify</span></a> in practice.</p><p><a href="https://swicg.github.io/activitypub-http-signature/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">swicg.github.io/activitypub-ht</span><span class="invisible">tp-signature/</span></a></p><p><a href="https://todon.eu/tags/fedidev" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fedidev</span></a> <a href="https://todon.eu/tags/ActivityPub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ActivityPub</span></a> <a href="https://todon.eu/tags/httpsignatures" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>httpsignatures</span></a></p>
spla :fed: :vim:<p>Si no ho he entés malament, si vols que un servidor <a href="https://mastodont.cat/tags/Mastodon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Mastodon</span></a> et faci cas quan li envies una activitat <a href="https://mastodont.cat/tags/Activitypub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Activitypub</span></a>, per exemple "Follow", et cal signar amb la clau privada del usuari emissor, xifrada amb el hash SHA256, l'activitat en format json que li envies. <br>Si el servidor Mastodon receptor no rep la signatura vàlida en els "headers", no fa ni cas.<br><a href="https://mastodont.cat/tags/HTTPSignatures" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HTTPSignatures</span></a></p>
@reiver ⊼ (Charles) :batman:<p>I hate this requirement of having to sign the HTTP request to see the Activity-JSON for ActivityPub actor.</p><p>I hate it so much.</p><p>...</p><p>It makes it so I cannot do a simple "curl" command to get an ActivityPub actor's activity-JSON.</p><p><a href="https://mastodon.social/tags/ActivityPub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ActivityPub</span></a> <a href="https://mastodon.social/tags/ActivityStreams" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ActivityStreams</span></a> <a href="https://mastodon.social/tags/Fediverse" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fediverse</span></a> <a href="https://mastodon.social/tags/HTTPSignatures" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HTTPSignatures</span></a> <a href="https://mastodon.social/tags/Mastodon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Mastodon</span></a></p>
Kingsley Uyi Idehen<p><span class="h-card"><a href="https://mymath.rocks/endpoints/SYn3cl_N4HAPfPHgo2x37XunLEmhV9LnxCggcYwyec0" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>helge</span></a></span>,</p><p>Is <a href="https://github.com/HelgeKrueger/bovine/blob/main/docs/client_to_server_activitypub.md#this" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/HelgeKrueger/bovine</span><span class="invisible">/blob/main/docs/client_to_server_activitypub.md#this</span></a> your Client built to work with a generic <a href="https://mastodon.social/tags/ActivityPub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ActivityPub</span></a> server? </p><p>I am interested in clients that want to work with our backend. </p><p>Note, <a href="https://mastodon.social/tags/DBMS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DBMS</span></a> and Authentication matters are none issues since our servers implement most of these protocols (including the likes of <a href="https://mastodon.social/tags/HTTPSignatures" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HTTPSignatures</span></a> etc). </p><p>/cc <span class="h-card"><a href="https://social.gabekangas.com/users/gabek" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>gabek</span></a></span> <span class="h-card"><a href="https://flipboard.social/@mike" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>mike</span></a></span> <span class="h-card"><a href="https://mastodon.social/@atomicpoet" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>atomicpoet</span></a></span> <span class="h-card"><a href="https://mastodon.social/@davew" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>davew</span></a></span> <span class="h-card"><a href="https://mastodon.social/@judell" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>judell</span></a></span> <span class="h-card"><a href="https://mastodon.social/@Mastodon" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Mastodon</span></a></span> <span class="h-card"><a href="https://social.coop/@smallcircles" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>smallcircles</span></a></span></p>
Raphael Luckom<p>Notes so far on <a href="https://indieweb.social/tags/Mastodon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Mastodon</span></a>'s <a href="https://indieweb.social/tags/ActivityPub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ActivityPub</span></a> implementation, covering basics on <a href="https://indieweb.social/tags/WebFinger" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WebFinger</span></a>, <a href="https://indieweb.social/tags/HTTPSignatures" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HTTPSignatures</span></a>, <a href="https://indieweb.social/tags/JSONLD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>JSONLD</span></a> signatures, and <a href="https://indieweb.social/tags/ActivityStream" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ActivityStream</span></a> vocab. Pretty much a loosely-organized collection of links to useful specs and implementations for understanding how Mastodon specifically does things.</p><p><a href="https://raphaelluckom.com/posts/Things%20I%27ve%20learned%20about%20ActivityPub%20so%20far.html" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">raphaelluckom.com/posts/Things</span><span class="invisible">%20I%27ve%20learned%20about%20ActivityPub%20so%20far.html</span></a></p>