👀 BrowserPub: A browser for debugging #ActivityPub and the ⁂fediverse
The idea here is to make it a bit easier to see how well the various players in the fediverse support the C2S side of the ActivityPub spec.
You can punch in any ActivityPub discoverable web url or fediverse handle, and BrowserPub will discover and display the underlying AP:
e.g.
social profiles: https://browser.pub/https://mastodon.social/@mastodon
or posts:
https://browser.pub/https://mastodon.social/@Gargron/113005517546136592
or fediverse handles:
https://browser.pub/@Gargron@mastodon.social
or even usernames (defaults to mastodon.social for now):
https://browser.pub/Gargron
BrowserPub defaults to a visual representation of the object (if a known type)
everything here is powered by ActivityPub, no server-specific APIs
you can also view the underlying ActivityPub object as JSON...
For known collection properties (like outbox, followers, featured, etc), it will preview the collection and support paging via a "next" link:
And here's @manton 's profile using micro.blog's AP endpoint
https://browser.pub/https://manton.org/activitypub/manton
Threads posts and profiles are also available, for users that have checked the magic box
Here's a post:
https://browser.pub/https://www.threads.net/@evanprodromou/post/C8qtHZEuA0Q
While Threads does not support the replies collection yet, they do support the inReplyTo pointer, which BrowserPub renders above
https://browser.pub/https://www.threads.net/@evanprodromou/post/C-0iXNmvgj7
@manton thanks! still very early days, but working on it in public seems more fitting for something like this
@js 🥳
If I may make a request, some details appear as "invalid" but nothing more is specified. For example the public key for https://browser.pub/https://federated.id
I suspect it's the fact that it's not an RSA key, but I'm not sure.
BrowserPub also supports the new fediverse:creator discovery mechanism
@mariusor Oh cool a good test case
What type of key is that example there? I believe I just use web crypto to parse
@js other actors on the server have rsa keys, like https://browser.pub/https%3A%2F%2Ffederated.id%2Factors%2F8b740680-ccb4-4265-82e7-4ac2ca402750
I should be able to render your urls and tags on that one a bit better as well
Bluesky profiles that are bridged can also be rendered
e.g. @snarfed.org bridged bsky profile
https://browser.pub/https://bsky.brid.gy/ap/did:plc:3ljmtyyjqcjee2kpewgsifvb
@james@bne.social @james@crid.land thanks!
still working on it, but it's already fairly useful as is, so why not build the rest in public
@dave Dave I was going to link the podcast guid to pi.org search, but it doesn't take guids!
https://podcastindex.org/search?q=4c5142a7-a0bc-5c86-bad8-c149d4eceed6
BrowserPub also tries to render custom emojis in content and profile headers, these are in the ActivityPub payload after all
even animated ones
https://browser.pub/https://bolha.one/users/joaonaweb/statuses/112978564080782762
and of course Flipboard is supported, nothing special, just the same ActivityPub spec implementation
https://browser.pub/https%3A%2F%2Fflipboard.social%2Fusers%2Farunshah
@js can I just say that you've done a really lovely job on the rendering of all the information from profiles etc here. It looks really, really good. Thank you.
You can link directly to the podcast pages with the guid though.
https://podcastindex.org/podcast/4c5142a7-a0bc-5c86-bad8-c149d4eceed6
alright, guid-based links to the PI page now active
@js the 
Fixed that for you.😝
⁂ doesn't really show the diversity or interconnectedness of Fedi the way the real logo does. Not to mention, it's less appealing.
ok your urls and tags are rendered a bit better now
also huge props for implementing the liked collection
https://browser.pub/https://federated.id/actors/8b740680-ccb4-4265-82e7-4ac2ca402750
so even though Threads doesn't return collection items in the ActivityPub payload yet, it _does_ include the counts - so at least I can display those
just pushed it live
https://browser.pub/https://threads.net/ap/users/17841401083120503/
@js this is so good
looks like it's going to be immensely helpful for troubleshooting both misconfigured instances or custom implementations (both of which I'm involved in somehow)
(can't debug what you can't see)
thanks!
@thm thanks!
there is a pretty detailed property-level validation system underneath that I intend to surface where necessary
there are some server implementations that don't have their json ld contexts quite right
let's get everyone valid - like you say, it's easier to fix when it's easier to see
@box464 thanks - more to come, but I figured building something like this little by little in public makes sense
let me know if you come across any links that don't look right
I haven't even finished photo albums federation in Smithereen yet, but it already shows them so neatly
@scharfnado it does do signing if it thinks it's necessary (e.g. for Threads)
shoot me over the url that gave you that Unauthorized error and I'll take a look
@js Interesting. I'm trying to figure out why my Threads account has correct numbers for outbox, followers, and following, but none of the individual items are returned. Seems like a problem on the Threads side.
@js @scharfnado
Getting the same error message when my #GoToSocial. You can use https://jasdemi.com/ for testing.
the ActivityPub data model is very flexible, servers can support as much or as little as they want
in Threads case, they include the standard AP properties for outbox, followers, following, but link to a basic object that includes the counts only!
Hopefully we'll see this improve in the future
can see this yourself by using BrowserPub
1. browse to your profile
https://browser.pub/https://www.threads.net/@localjo
2. click the 'json' tab
3. click one of the collection value like 'following' (they are links)
@js @manton When I ran it against @underlap (to dereference using webfinger) and clicked the "debug" button, it showed an item with a red cross, thus:
/attachment: ❌ Invalid object, Invalid link
I'd want to make it clear which item that was referring to.
However, I'd also leave that to others as I am inept at javascript and most other front-end stuff. I was hoping someone else might want to make that change (but not necessarily you - I'm just grateful for the current function).
Those examples were helpful - just pushed an update to render these better
profile: https://browser.pub/https://jasdemi.com/users/jasdemi
post: https://browser.pub/https://jasdemi.com/@jasdemi/statuses/01J61PQ93HEHF0NE9A2DCWFFDX
@js love it as well. Discovered a bug in the contexts end point, thanks.
Hopefully this tool can soon also report issues, give advice and even recommendations. That would be awesome.
Polls are not a Mastodon-specific feature, they can be expressed well in standard ActivityPub, which means standards-based apps like BrowserPub can render them
Here is a recent poll example from @evan
https://browser.pub/https://cosocial.ca/@evan/113005485605693174
@js it is going to sound very fake to say this but this project was at the top of my list for ActivityPub hacks to do. It is so extremely necessary. I am very excited about this work!
thanks! send me any url or input you think it should be handling and I'll take a look
also if you see any weird rendering issues in the "visual" view
more tooltips and validations/recommendations are coming
> everything here is powered by ActivityPub, no server-specific APIs
Please don't waver from this! It's so cool.
@evan every property is listed, and clickable, in the json and outline structured views
in the visual view, any unknown properties are rendered kind of like the outline view, just above the expandable details section
@evan hopefully this can help to make sure folks are supporting C2S as much as possible
I would love to get a standards-based oauth to inbox flow working, do you know of any implementations that support it?
was going to check out Mastodon's new oauth thing in 4.3, but I'm not sure they have any additional AP endpoints behind the auth wall
@js onepage.pub do es. However, we need better specs. I'd like us to set up a taskforce for it at the SocialCG. It's very core!
@js This is really cool. Works great for seeing federated Flipboard accounts and magazines too like @mike@flipboard.com and @the-insight-mike
@js Projects like this are SO important for the development of ActivityPub based services/apps. Bravo!
looks like someone submitted it to hacker news!
and looks like Ghost got their outbox and posts ActivityPub working
although they are not in reverse chron like everyone else (@johnonolan, was this intentional?)
https://browser.pub/index@activitypub.ghost.org
@hongminhee most of the app runs in browser JS without a framework, so I guess view-source? : )
there is a validation model underneath that I haven't wired up to the UI yet, and I'd like to make that available via an API as well as visually
nice! I have found myself that it's kind of fun to click around and find connections, makes this AP data visible and usable by anyone
maybe I'll change the description to "exploring" instead of "debugging", especially since most of the debugging stuff isn't wired up yet : )
@hongminhee thanks!
ah I see you work on Fedify, so you might like to know that the entire backend and frontend for browser.pub is all TypeScript, zero deps except a few Deno std lib functions
Perhaps! It does not use Fedify, but it is all basically vanilla TypeScript
@js I'm glad to hear you're using Deno!
By the way, I've just introduced BrowserPub in the Fedify docs:
https://hollo.social/@fedify/01918ebf-947b-7c05-808e-7e239c319998
@hongminhee thanks, the docs look great
I guess I do almost everything in Deno these days, deployed to Cloudflare via Denoflare (denoflare.dev)
So as I'm bopping around looking at everyone's #ActivityPub in browser.pub, I wanted to have the ability to follow interesting people while I'm browsing.
I just pushed a new update that adds a "Follow" button next to every profile in the visual view
e.g. https://browser.pub/mastodon@mastodon.social
Ideally, I'd like to have these follows take effect here in my main account and not have to create a brand new profile on a brand new site.
This is where OAuth comes in - many existing fediverse servers supported federated login in a standard way
Just enter your account to start the login flow in browser.pub
browser.pub requests the ability to add new follows to your account...
... then stores the login info in the browser
For OAuth dorks, it'll show the token expiration and granted scope
Also whether or not the server supports the excellent OAuth server metadata spec, and whether the server supports PKCE (a security improvement that is a newer part of the spec)
You'll see that only the newest Mastodon 4.3 (still beta only?) supports this new metadata, but it should be rolling out widely soon.
anyway, once you have an active login it will be displayed in the top-right corner, and you can follow profiles with a tap of the "Follow" button
@js you'll probably be better waiting until Client ID Metadata Documents are implemented, otherwise you'll be maintaining a tonne of OAuth App registrations :/
now Pleroma is special here, it supports following like this in bog-standard ActivityPub!
ie just posting a small json payload to the logged-in user's outbox endpoint
hopefully more ActivityPub servers support this soon, as it should be very similar to what they already do for S2S
misskey and micro.blog from @manton both support client registration for clients like this by simply providing a website url
it's called "indieauth" (displayed in the login info row, otherwise falls back to mastodon-style app-creation-based registration)
there is a newer emerging standard for dynamic client registration, but no one supports it yet - I'll add it when one does!
micro.blog doesn't support C2S follows via the outbox yet, but we can fallback to the micro.blog api here
@thisismissem yes I can't _wait_ until that spec is supported in popular implementations
right now I maintain a minimum number of mastodon app registrations based on unique attributes (they are not user-specific), but would love to rely on this less in the future
let me know if you know of a server I can get an account on that implements Client ID Metadata Documents for testing
@js well, considering I'm likely the person doing the mastodon implementation of that (I’m the co-author of that internet draft), it'll be "once I have funding for it”
I know Mastodon are strongly interested in it; I just can't give a good estimate atm of time required.
@js first off never heard of this tool before. This is awesome, second the update is also awesome. third thing, you are awesome for sharing this.
thanks for the kind words! hope it helps you out there in activitypub-land
you'll notice that browser.pub not only requests the ability to follow, but _also_ to read, generally
this gives the logged-in user the ability to explore ActivityPub collections that may not be public, only accessible via auth (if the server supports such collections over ActivityPub C2S)
in theory, you could imagine building a thing on top of these collections that looks like your personal mastodon timeline, but using spec-standard ActivityPub
in practice, tho, here is my mastodon inbox 🤦♂️
Pleroma, however, is a different story - a better story
here is my Pleroma account, listing my private inbox collection - essentially my home timeline
this is not public, but available to ActivityPub C2S clients like browser.pub with a valid auth token
Under the hood, the personal inbox is represented as an essentially infinite ActivityPub OrderedCollection, with no 'totalItems' count property, and no 'last' pointer
I can keep iterating down my inbox reverse chron this way in the json...
... or by hitting "next" in the visual view
maybe I should add some sort of automatic revealing of the next item on scroll
and of course you can't see my personal Pleroma 'inbox' collection here, since you aren't logged in as me
as it should be
if anyone finds any additional endpoints available to read over C2S when authed (on any AP server impl), let me know - I'd be very curious to know what's supported out there
@js this thread is really amazing. I under stand most of it but not all! Would love to see some of this present in a conference talk like format!
one more for today: just got @pixelfed oauth working too
similar to mastodon, you can add an existing pixelfed.social account, and follow any fediverse user directly from browser.pub
and, similar to mastodon, pixelfed does not seem to support any additional ActivityPub over C2S when authed
@js all the collections on FedBOX federated.id filter out activities that don't have the Public namespace as recipient/audience when viewed without an Authorization header. For authorized actors it shows the non public activities that have them as a recipient.
I wonder why more people don't implement this type of filtering.
@js awesome update! Excited to see people build unique ways to read AP collections on top of BrowserPub
just pushed an update out this morning to handle @subclub 's ActivityPub payload for declaring subscription information - renders as a green badge
example subscribers-only profile: https://browser.pub/@petadventures@sub.club
thanks to @bnolens for surfacing this important metadata as json-ld here
@js if I may make a suggestion related to one of my projects: I output Image objects that have the image binary data encoded in the Content property with base64. BrowserPub could transform this to an actual image.
An example of what I mean: https://browser.pub/https%3A%2F%2Fmarius.federated.id%2Foutbox%2F2%2Fobject
