Implement Webfinger protocol
Why are we doing this work
After adding our first ActivityPub actor in the previous MRs on this epic, we have an ActivityPub actor. Yay! But this is not enough yet to be compatible with the Fediverse.
Mastodon requires instance to implement the Webfinger protocol. This protocol is about adding an endpoint at a well known location which allows to query for a resource name and have it mapped to whatever url we want (so basically, it's used for discovery). Mastodon uses this to query other fediverse apps for actor names, in order to find their profile urls.
Actually, GitLab already implements the Webfinger protocol endpoint through Doorkeeper (this is the action that maps to its route), implemented in GitLab in JwksController.
There is no incompatibility here, we can just extend this controller. Although, we'll probably have to rename it, as it won't be related to Jwks alone anymore.
One difficulty we may have is that contrary to Mastodon, we don't only deal with users. So we need to figure something to differentiate asking for a user from asking for a project, for example. One obvious way would be to use a prefix, like user-<username>
, project-<project_name>
, etc. I'm pondering that from afar, while we haven't implemented much code in the epic and I haven't dig deep into Webfinger's specs, this remark may be deprecated when we reach actual implementation.
Btw, there was also this issue about Webfinger, it may be worth checking at the same time.
Relevant links
Non-functional requirements
-
Documentation: -
Testing:
Implementation plan
-
find a proper new name for controller and change everything impacted -
figure a way to map actor names -
refactor implemented actor if need be to fit those names -
extend the payload
Verification steps
TBD