-
Notifications
You must be signed in to change notification settings - Fork 50
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
different hub for same topic if denied #138
Comments
hm, now that I'm re-reading this I'm not entirely sure of the intent of this.
@julien51 do you know what this sentence was intended for? Do you know if this feature has actually been used in the context of social web applications? |
Basically think of it in the context of a social network where one distributes different data to different crowds. I have a profile on https://github.com/julien51.json that anyone could subscribe to, but Github may also "redirect" to say "https://github.com/public/julien51.json" if there is no way to identify the subscriber for example. Yes I know it was used at some point but I cannot put my finger on it anymore 🙄 in exactly that context. By default the subscription would be to the "public" resource but if the subscriber was providing an API key, the hub was actually able to tell the subscriber to subscribe to a more complete resource. I am not fully sure I understand the question by initial commenter. If the subscription was denied by the publisher, why would using a different hub be better? |
Wait a second, does this mean the hub can send a Also I don't have a test for this in https://websub.rocks since I didn't even notice this "feature". I'm not sure how to proceed here. Will need to bring this up on the next call. |
We discussed this in today's call, and we need more information from anyone who has implemented a hub as to whether this is something they have implemented or would potentially implement. If you're tagged in this comment, it's because you submitted an implementation report for a hub. @mblaney @barryf @julien51 @Gargron @hashinclude @marten-de-vries @twitch-jordanpotter The scenario is the following: A subscriber attempts to subscribe to There may be other uses for this mechanism as well. Have any of you either:
|
I haven't implemented this, but would like to implement private subscriptions at some stage. If I did, I don't see a compelling reason to redirect unauthenticated users to a public url. |
Flask-WebSub does not support redirection to alternative topic URLs.
If it matches someone's use case, I'd be happy to accept PRs. I do currently 'support' private content subscriptions in a (currently non-public) project by simply having the hub check if the user's session is authorized to access the topic url. This uses the same session logic of the rest of the application. I guess you could see it as an implementation of:
For this specific project, I do not redirect to public URLs if subscription validation fails. Automatically subscribing to the new URL would just lead to confusion as non-public data would be missing, and while I guess the subscriber could ask the user for confirmation before retrying, I don't need functionality like that in my application. |
Mastodon does not implement this. I generally concur with @marten-de-vries's points about this being a confusing user behavior. We currently only send public information over WebSub and don't really have any immediate plans for making private subscriptions work. |
My hub doesn't support this alternative topic URL approach. I'd consider adding the feature if there were use cases, but right now it's intended for public URLs. |
Twitch's hub will support topics for public data (e.g. a user's online status) and private data (e.g. a user's private messages). Naturally, subscription requests for private data must be accompanied by an authorization token. However, to be consistent with our API, there will be a few topics that act differently depending on whether an authorization token is provided when subscribing. Thus, the same topic can have multiple behaviors, depending on the existence of an authorization token! For example, the To mirror our API, our hub must send different notifications for the Thus, with our setup, I don't feel this feature matches Twitch's requirements. That said, I definitely appreciate the objective that's trying to be fulfilled! |
Thanks for the feedback everyone, super helpful. On today's call, the group resolved to drop the feature with the following resolution:
|
The editor's draft has been updated to reflect this change. https://w3c.github.io/websub/ |
For me, it would only make sense to indicate a different hub for same topic if denied.
From #127
The text was updated successfully, but these errors were encountered: