I am making a chat plugin for PeerTube and one of my features is to allow any user to authenticate to the chat with an external Fediverse account. I achieve this by taking the same approach as Owncast. That is by having the server sending an OTP code with ActivityPub DM to the user that wants to authenticate, and then validate this code.
My current issue is that I struggle to find a way for the server to send this ActivityPub Note to the user that requests it. Is there a function or API call that I can use to send this DM?
I could send the message manually through a normal POST but ActivityPub requires the messages to be signed. So for that to work I would have to get the servers private key that correlate to the server actor and sign the message. Is this possible to get through code in a plugin?
For the livechat plugin, I have a different approach. This is not implemented yet, but it is on my roadmap¹.
I plan to use OAuth2, with the Mastodon API to dynamically create OAuth applications:
There are other fediverse application that are compatible with this API. So it is a good compromise.
Note: sending DM is not 100% compatible either with all fediverse platforms: for example Peertube don’t implement DM, so you won’t receive any DM if you try to authenticate to another Peertube instance.
¹: i already have implemented OpenID Connect (based on OAuth2) to authenticate with a custom OIDC provider (for example: your website, google, facebook, …). I have just to adapt the code for the Mastodon-compatible way. Using this protocole, i can retrieve the username, nickname and avatar that will be used in the chat.