What is Nostr?
anna /
npub1f67…s5qm
2023-07-25 16:16:27

anna on Nostr: ok how does this idea sound: to have kinda like auth_fetch but for clients. when you ...

ok how does this idea sound:

to have kinda like auth_fetch but for clients. when you log in a client you generate a key that goes to your home server. when you make a client<>server ap request, you include that key, and the receiving server can validate that against your home server, using an activitypub extension.

this would still allow servers to block servers, and it would avoid allowing malicious servers querying data using the client api, as well as being compliant with base ap

the only negative is that if your server *hard* requires this auth for every ap query, you won't have anonymous access, but then it's a trade off between hard blocking servers and allowing un-logged in users

hmmmm
Author Public Key
npub1f67qrzm95xe497g0jda70x6uxwr9ru2j39sg38axfj4ff05c979qmps5qm