tried switching HTTP Sig keyId to actor URL for aaronpk, but Mastodon wouldn't verify

https://chat.indieweb.org/dev/2022-11-05#t1667687865621700
2022-11-05 15:39:05 -07:00 · 2022-11-05 15:39:05 -07:00 · 001cd1fe11
commit 001cd1fe11
--- a/activitypub.py
+++ b/activitypub.py
@ -57,9 +57,9 @@ def send(activity, inbox_url, user_domain):
    # https://w3c.github.io/activitypub/#authorization
    # https://tools.ietf.org/html/draft-cavage-http-signatures-07
    # https://github.com/tootsuite/mastodon/issues/4906#issuecomment-328844846
-    acct = 'acct:%s@%s' % (user_domain, user_domain)
+    key_id = request.host_url + user_domain
    key = MagicKey.get_or_create(user_domain)
-    auth = HTTPSignatureAuth(secret=key.private_pem(), key_id=acct,
+    auth = HTTPSignatureAuth(secret=key.private_pem(), key_id=key_id,
                             algorithm='rsa-sha256', sign_header='signature',
                             headers=('Date', 'Digest', 'Host'))

--- a/common.py
+++ b/common.py
@ -238,9 +238,11 @@ def postprocess_as2(activity, target=None, key=None):
            # underspecified, inferred from this issue and Mastodon's implementation:
            # https://github.com/w3c/activitypub/issues/203#issuecomment-297553229
            # https://github.com/tootsuite/mastodon/blob/bc2c263504e584e154384ecc2d804aeb1afb1ba3/app/services/activitypub/process_account_service.rb#L77
+            actor_url = request.host_url + activity.get('preferredUsername')
            activity.update({
                'publicKey': {
-                    'id': activity.get('preferredUsername'),
+                    'id': actor_url,
+                    'owner': actor_url,
                    'publicKeyPem': key.public_pem().decode(),
                },
                '@context': (util.get_list(activity, '@context') +
--- a/tests/test_activitypub.py
+++ b/tests/test_activitypub.py
@ -171,7 +171,8 @@ class ActivityPubTest(testutil.TestCase):
            'following': 'http://localhost/foo.com/following',
            'followers': 'http://localhost/foo.com/followers',
            'publicKey': {
-                'id': 'foo.com',
+                'id': 'http://localhost/foo.com',
+                'owner': 'http://localhost/foo.com',
                'publicKeyPem': MagicKey.get_by_id('foo.com').public_pem().decode(),
            },
        }, got.json)