librelist archives

« back to archive

Running Friendica in a subdomain - with domain-based user IDs

Running Friendica in a subdomain - with domain-based user IDs

From:
rysiek
Date:
2013-04-01 @ 23:51
Hi there,

I am trying to run Friendica in a subdomain to a domain I control, but 
with user IDs built upon the domain, not the subdomain.

In other words, Friendica runs under:
https://friendica.example.com/

But I want such user IDs to work:
user@example.com

There is a problem with Diaspora in such a scenario. This mail is 
long, and a tl;dr is provided at the bottom.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

I don't really care about subdomain-based user IDs 
(user@friendica.example.com), they can be disabled, or they can work, 
irrelevant to me.

Why do I want this? Because users on our server already have several 
services accessible with the same user ID and password: e-mail, 
XMPP/Jabber, all user user@example.com. Making such an ID work also 
with our Friendica instance makes a lot of sense to us.

The quick and dirty approach I took is redirecting 
https://example.com/.well-known/host-meta to 
https://friendica.example.com/.well-known/host-meta. This works well 
for Friendica instances, as far as I can tell -- please correct me if 
I'm wrong, but apparently Friendica does not really care about the 
user@example.com ID once it gets the 
https://friendica.example.com/profile/user address.

That means that if both user@example.com and 
user@friendica.example.com point to the same 
https://friendica.example.com/profile/user address, it's completely 
irrelevant which form one uses to subscribe.

Which is great news. :)


However! I also tested that with Diaspora, and here be dragons. If I 
use the user@friendica.example.com address, everything works great -- 
connecting, posting, commenting, etc.

If I use the user@example.com form, Diaspora is able to figure out the 
proper profile link (https://friendica.example.com/profile/user), 
connecting works and posts created on Diaspora are properly federated 
to Friendica.

Unfortunately, no posts nor comments created by the Friendica user are 
federated to Diaspora.

Why? 

Diaspora caches the user@example.com form -- compare:
https://joindiaspora.com/people/28e99d9f36c1e222
https://joindiaspora.com/people/4650de93049023bf

The first account was connected to with the short form; the second 
with the long one. Both forms work for both accounts, but for 
Diaspora, the first one will *always* only have the short form, the 
second will *always* only have the long form.

Now, because of this -- and I am guessing here, as I have not seen 
Friendica's post push -- when Friendica pushes new content to 
Diaspora, it identifies the author somehow. Probably by the long form 
(as that's the "natural" form for the Friendica server); Diaspora sees 
tester@friendica.example.com instead of tester@example.com, and 
discards pushed data as invalid.

How to fix it?

I see several possible courses of action. First of all, here's how 
Diaspora connects to accounts (I'm sure most of you already know this, 
just a reminder):
http://www.sarahmei.com/blog/2011/09/17/how-diaspora-connects-users/

Now, that means that at some point, when connecting with 
user@example.com that is actually a user@friendica.example.com, 
Diaspora will request this page:
https://friendica.example.com/xrd/?uri=user@example.com

The response will contain:
 <XRD xmlns="http://docs.oasis-open.org/ns/xri/xrd-1.0">
  <Subject>user@example.com</Subject>
  <Alias>user@example.com</Alias>
  <Alias>https://friendica.example.com/profile/user</Alias>
  (...)

The easiest solution would seem to be to change Subject to always show 
the canonical (i.e. long) version of the ID:
user@friendica.example.com

This will fail due to this line in code:
https://github.com/diaspora/diaspora/blob/develop/lib/webfinger_profile.rb#L24

Diaspora will think it's a different user than requested, and the 
connection will fail.

This is also the reason why a simple redirect from:
https://friendica.example.com/xrd/?uri=user@example.com
...to...
https://friendica.example.com/xrd/?uri=user@friendica.example.com
...will not work here.

Changing <Alias> to the canonical/long version will not work, as 
Diaspora ignores this field.

I am in contact with Diaspora devs, maybe I can push some changes 
there, but maybe not -- hence this e-mail.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

tl;dr:
Friendica installed in friendica.example.com, but we want IDs to be 
(also) user@example.com. Redirecting:
http://example.com/.well-known/host-meta
...to...
http://friendica.example.com/.well-known/host-meta
...works great for other Friendicas.

Due to the way Diaspora handles remote accounts and webfinger however, 
connecting works, but Friendica posts are not pushed to Diaspora.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Due to all of the above, the only road I see that Friendica can take 
to make such a config work is to have an admin config option "user ID 
canonical domain name" that, regardless how account data is queried or 
where the user ID shows up, it always contains just a single version 
(in this example, it would be user@example.com).

What do you guys think? Does that make sense?

-- 
Pozdr
rysiek