401 "Public key not found" on propagating webmention into Mastodon about bridgy-fed HOT 12 CLOSED

Mea culpa. That was basically the only thing I forgot to check, and I now feel bad.
Thank you very much for taking the time to look into it.

What happened from my side: I have a reasonably convoluted 404.php that handles redirects, 410, rewrites, etc. Turned out I ended up sanitizing the incoming request too much before passing it on to the regexes that match for rewrites - so much that I actually removed the query strings. Thank you for finding it.

from bridgy-fed.

another instance, from me.

both instances against https://mastodon.social/ , running 2.4.* or later.

from bridgy-fed.

mastodon/mastodon#8057 describes the same error message, but for a client to server use case. bridgy fed is server to server.

from bridgy-fed.

my best guess is, mastodon is saying it can't find our public key to verify the HTTP Signature for the ActivityPub inbox delivery POST. afaik we use old OStatus/WebFinger style acct: URIs for HTTP Signature key ids, hence mastodon's error messages like Public key not found for key acct:[email protected].

mastodon/mastodon#4906 (comment) says:

For legacy, OStatus purposes the keyId can also be [acct:]username@domain, since OStatus used to return magic key in WebFinger.

...but that was from ~1y ago. i haven't found anything in the mastodon release notes from the last half year or so that mentions dropping that support, but... ¯\_(ツ)_/¯

from bridgy-fed.

aha. hey @deponeWD, looks like your site isn't fully set up for bridgy fed yet. you need a representative h-card on https://danielehniss.de/ .

you can test on https://fed.brid.gy/.well-known/[email protected] . once that URL works, try replying to a mastodon post with bridgy fed again!

from bridgy-fed.

tentatively closing. feel free to reopen!

from bridgy-fed.

Hey, I'm getting this same error. As far as I can tell, I've followed the instructions on fed.brid.gy, so could you point me to the right direction?

This url works: https://fed.brid.gy/.well-known/[email protected] or at least it shows something. I'm not sure what it is supposed to show.

Here's the full error:

https://fed.brid.gy/log?start_time=1550519275&key=https%3A%2F%2Fposts.arjoranta.fi%2F2019%2Fanother-brigy-test+https%3A%2F%2Fmastodontti.fi%2Finbox

from bridgy-fed.

sorry for the trouble, @jaranta! and thanks for the details. i'll take a look soon.

from bridgy-fed.

@jaranta it looks like you've set up the /.well-known/*redirects (details) on http://arjoranta.fi/ but not on https://posts.arjoranta.fi/ . try adding them there too.

from bridgy-fed.

Thanks for the tips! I had added redirects there too, but I think some of the other Known server redirects were messing with this one. I reordered the redirects in the .htaccess and managed to get it to work.

from bridgy-fed.

I'd like to re-open this bug.

https://fed.brid.gy/log?key=https%3A%2F%2Fpetermolnar.net%2Farticle%2Ffreenas-domoticz-zigbee-zwave-rflink%2F+https%3A%2F%2Fmastodon.social%2Finbox&start_time=1605540721

I 2020-11-16 15:31:53.823396 requests.post https://mastodon.social/inbox {'gateway': True, 'data': b'{"@context":"https://www.w3.org/ns/activitystreams";,"type":"Create","object":[...]
I 2020-11-16 15:32:01.850761 Received 401: Public key not found for key acct:[email protected]
E 2020-11-16 15:32:01.852118 401 Client Error: Unauthorized for url: https://mastodon.social/inbox ; Public key not found for key acct:[email protected]
E 2020-11-16 15:32:01.866498   File "/srv/oauth_dropins/webutil/util.py", line 1484, in call
    resp.raise_for_status()

  File "/env/lib/python3.7/site-packages/requests/models.py", line 943, in raise_for_status
    raise HTTPError(http_error_msg, response=self)

and in the same log:

I 2020-11-16 15:32:02.159472 requests.post https://mastodon.technology/inbox {'gateway': True, 'data': b'{"@context":"https://www.w3.org/ns/activitystreams";,"type":"Create","object":[...]
I 2020-11-16 15:32:06.212333 Received 202: 
I 2020-11-16 15:32:06.216731 Received 202
I 2020-11-16 15:32:06.216983 Got 202 headers:{'Date': 'Mon, 16 Nov 2020 15:32:06 GMT', 'Content-Type': 'text/html', 'Transfer-Encoding': 'chunked', 'Connection': 'keep-alive', 'Server': 'Mastodon', 'X-Frame-Options': 'DENY', 'X-Content-Type-Options': 'nosniff', 'X-XSS-Protection': '1; mode=block', 'Vary': 'Accept-Encoding', 'Content-Encoding': 'gzip', 'Cache-Control': 'no-cache', 'Content-Security-Policy': "base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.technology; img-src 'self' https: data: blob: https://mastodon.technology; style-src 'self' 'unsafe-inline' https://mastodon.technology; media-src 'self' https: data: https://mastodon.technology; frame-src 'self' https:; manifest-src 'self' https://mastodon.technology; connect-src 'self' data: blob: https://mastodon.technology https://cdn.mastodon.technology wss://mastodon.technology; script-src 'self' blob: https://mastodon.technology; child-src 'self' blob: https://mastodon.technology; worker-src 'self' blob: https://mastodon.technology", 'X-Request-Id': '5ecc6f1f-c63d-438a-a55e-33c6c039598d', 'X-Runtime': '3.873351'}

https://fed.brid.gy/.well-known/[email protected] looks happy.

from bridgy-fed.

sorry for the trouble, @petermolnar! looks like the problem might be that your site's redirect to bridgy fed is stripping the query parameters. try preserving them?

$ curl -v 'https://petermolnar.net/.well-known/webfinger?resource=acct:[email protected]'
...
< HTTP/2 302 
< location: https://fed.brid.gy/.well-known/webfinger

from bridgy-fed.