Watching #ActivityPub requests roll into my new app in a steady stream and be met with an even steadier stream of errors, heh
TIL that a bunch of these services don't have paths for their actors' public keys and when they say `/path/to/user#keyId` they're saying "it's in the Actor object instead", and not that somehow magically squeezing the URL fragment into the request will yield a goddamn thing.
Yes, it was in the book. There's a lot in the book.
Oh wait, my code does take that into account.
There's a lot of code, stop laughing.
Looks like I can't fetch some users' keys using my server key. I have to use the key for the person's inbox they posted to? Rude.
@squinky@teh.entar.net hmm, you should be able to, given it's an unauthenticated resource... But then again maybe some sites require a signed request.
@julian I didn't need to do signed GET requests in my testing environment and what I'm learning is that I can't just s/POST/GET/ and assume it will go through. There's different headers, for one thing.
Learning in a hurry.