Home | Notifications | New Note | Local | Federated | Search | Logout

Note Detail

Marius@Marius@marius.federated.id (2026-04-30 22:22:29)
Huzzah!! After about a little less than one month I have managed to deploy the new versions of the #GoActivityPub libraries containing RFC9421 for both outbound request signing and inbound verification, to both #FedBOX and #ONI.


During this tme we contributed to another Go module to add support for our use cases, then we ended up replacing it all together with another one having a simpler API.


In the process I managed to simplify the go-ap/auth module to contain only the verifiers for OAuth and HTTP-Signatures (in both draft and RFC compatible flavours).


This post is in fact, the first one that uses them for remote dissemination, and if you see it on your timeline it doesn’t neccessarily mean that your instance supports this signature type, but rather that the “double knocking” mechanism of retrying with the old draft version is functional. Here’s to hoping it won’t be needed for much longer. 🥂
---Reply---
silverpill@silverpill@mitra.social (2026-05-06 21:53:27)
@Marius

>inbound verification

Is it enabled on this instance? I tried to send a POST request signed according to RFC-9421 to your inbox, the response was 401.

Timestamp: 2026-05-06T12:50:30Z

cc @mariusor

---Replies---

marius@mariusor@metalhead.club (2026-05-07 00:09:08)
@silverpill 

I'm not sure which instance you mean, these two actors are different.

@marius@marius.federated.id 

@marius@federated.id 

The first one is on an instance that should have RFC9421 enabled, but the second isn't.

I enabled request debug on it, if you want to try again.