These are called when retrieving or adding to a user's inbox and outbox.
AuthenticatePostInbox: any valid user? someone is sending you a message
AuthenticateGetInbox: user must own the inbox (getting your home feed)
AuthenticatePostOutbox: user must own the outbox (sending a new message)
AuthenticateGetOutbox: any valid user? getting your timeline.
Check the Authentication header. go-fed handles this with HTTP Signatures, so we should support that. JWTs wouldn't be too hard either (so you could use what we have set for the front end). Not sure about other schemes. We should see what Mastodon uses (so that Masto users can like, reply to, etc posts)
These are called when retrieving or adding to a user's inbox and outbox.
Check the
Authentication
header. go-fed handles this with HTTP Signatures, so we should support that. JWTs wouldn't be too hard either (so you could use what we have set for the front end). Not sure about other schemes. We should see what Mastodon uses (so that Masto users can like, reply to, etc posts)