@evan If we are not able to be happy without the Fediverse or even Internet, we have a Problem. My aim is to use Fediverse to connect people online offline (get to know online, meet offline). But it's also important to be able to exchange ideas with people you can't meet offline. So the Fediverse is an enabler.

@evan Hey Evan, can you explain that a bit ?

@fediforum more or less undefined ;-) we can do that and see what happens.

@fediforum Hi @fediforum,
i'm happy about your request. You have to know, that #rdfpub is still in an early stage. However, talking about #rdfpub can only be an advantage ;-)
My english is not the best, especially in understanding speaken words. they cannot copy&pasted to deepl as easy ;-)
We can give a talk a try! Maybe there is another german speaking participants, that can translate questions, that i did not understand.
What exactly can i understand under "a talk" on the fedi-forum?

@evan

The description before the json says: "https://followrec.example/client".
The id in the json is "https:/followrec.example/apps/myapp".
Shouldn't they be identical?

https://codeberg.org/fediverse/fep/src/branch/main/fep/d8c2/fep-d8c2.md#follower-recommender

@evan my server is playing man in the middle! so the answer is somehow yes and no ;-)

See this code: https://gitlab.com/linkedopenactors/rdf-pub/-/blob/feature/blank_nodes/rdf-pub-adapter-driving/src/main/java/org/linkedopenactors/rdfpub/adapter/driving/Oauth2Test.java?ref_type=heads#L53

@evan ok, i'm now able to forward your request to keycloak and the login dialog is shown. but after login ap says:

127.0.0.1 - - [...] "GET /callback?state=xxxxx&session_state=xxxxxxx HTTP/1.1" 200 -
...

File "/usr/lib/python3/dist-packages/oauthlib/oauth2/rfc6749/parameters.py", line 451, in validate_token_parameters
raise MissingTokenError(description="Missing access token parameter.")
oauthlib.oauth2.rfc6749.errors.MissingTokenError: (missing_token) Missing access token parameter.

@evan i saw now, that the client_id is also in the token request and wrapped that too.

now i've:

oauthlib.oauth2.rfc6749.errors.CustomOAuth2Error: (RESTEASY003650: No resource method found for GET, return 405 with Allow header)

"RESTEASY003650" sounds like a keycloak error.

i'm afraid i won't get any further without your support.

@evan took a little longer after all ;-)
what oauth2 client do you use ? is it dynamic client registration? but then i would expect another error.
my keycloak says:

@evan happens when i execute
ap login max@dev.rdf-pub.org

@evan it is the task of the activitypub server to delegate the authentication to an oauth server. In some cases, the activitypub server can also be the oauth server.
The task of the activitypub server is to trust one or more oauth servers. I think it makes sense for an actor or an activitypub client application to be able to decide whether they want to use Facebook, Github or whatever to authenticate themselves.

@evan i'm getting crazy with that blank node stuff ;-)
if you have an actor like that:
{
"@context": ["https://www.w3.org/ns/activitystreams"],
"type": "Person",
"id": "https://example.com/1",
"inbox": "https://example.com/1/inbox.json",
"outbox": "https://example.com/1/feed.json",
"endpoints": {
"oauthAuthorizationEndpoint": "https://example.com/oauth/auth",
"oauthTokenEndpoint": "https://example.com/oauth/token"
},
"name": "John"
}
#activitypub

@evan @context The reason for the usecase "update oauthAuthorizationEndpoint & oauthTokenEndpoint" is that I want to let the client decide where it authenticates itself
#activitypub

@evan @context
aaaahr, I let myself get confused.
If an object has properties in an object without an id, then these are transient according to the specification:

...unless they are intentionally transient.

In the case of the actor, this would mean that oauthAuthorizationEndpoint is transient. which is wrong

In the end, however, this means that https://www.w3.org/ns/activitystreams#endpoints must have an ID and must not be behind a blank node.

https://www.w3.org/TR/activitypub/#obj-id

#activitypub

@evan @context how would the update activity look like to change only 'oauthTokenEndpoint'.

puh, did a lot of work regarding blank nodes in #rdfpub. hope to be able to test @evan ap again tomorrow. time will be short again from monday. the money for rdf-pub has to come from somewhere ;-)
#activitypub

@evan You say that you have never seen endpoints as a linked object. And I was wondering how many C2S servers there are so far that offer Oauth2 endpoints.

@evan 🙂 How many C2S servers have you seen ?

Hi @evan
have trouble with ap. MAybe because we have different understanding if the structure.

Fredy

https://github.com/evanp/ap/issues/46#issuecomment-1867562645

#activitypub

@pfefferle thanks!
https://wordpress.org/plugins/activitypub/#what%20if%20you%20are%20running%20your%20blog%20in%20a%20subdirectory%3F