The secret life of .well-known - eviltoast

I recently went on quite a rabbit hole regarding the .well-known directory, and wrote about it.

  • snowe@programming.devM
    link
    fedilink
    English
    arrow-up
    6
    ·
    1 year ago

    That is really interesting. Does anyone have an example of what a web finger might contain? It says avatar data but I’m interested in how sites use it.

    • ishanpage@programming.devOP
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      Hey Thanks for reading, and I’m glad you found it interesting.

      To my understanding, Webfinger provides a standard API for discovering the user profile details no matter the software running on the node.

      For example,

      $ curl https://programming.dev/.well-known/webfinger\?resource\=acct:snowe@programming.dev | jq
      {
        "subject": "acct:snowe@programming.dev",
        "links": [
          {
            "rel": "http://webfinger.net/rel/profile-page",
            "type": "text/html",
            "href": "https://programming.dev/u/snowe"
          },
          {
            "rel": "self",
            "type": "application/activity+json",
            "href": "https://programming.dev/u/snowe",
            "properties": {
              "https://www.w3.org/ns/activitystreams#type": "Person"
            }
          }
        ]
      }
      
      • snowe@programming.devM
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        lol well look at that. that’s neat. seems a bit roundabout. How do you know the resource though? so you request the user information with the resource query param, but that means you already know the user, which means you likely got it from somewhere else right? if you got it from somewhere else, you likely have the ability to get the profile information from that location rather than requesting information twice. or am I thinking about this completely wrong?

        for example, I completely understand the chatgpt plugin and change password ones, but this one doesn’t really make sense to me, since you have to know information before hitting it.

        • ishanpage@programming.devOP
          link
          fedilink
          English
          arrow-up
          2
          ·
          edit-2
          1 year ago

          You are right that it does feel a little roundabout. My understanding is that webfinger converts from the username to the user profile url and image. This is useful during federation, and for generic fedi/activitypub clients because different Fedi software maps usernames and profiles differently.

          For example, user@lemmy.instance will reside at lemmy.instance/u/user, while user @mastodon.instance will reside at mastodon.instance/user.

          Fom some poking around, it seems that Lemmy does not properly support sending the profile image on Webfinger because I wasn’t able to do it using the rel parameters that are mentioned in the spec.