superseriousbusiness / gotosocial

Fast, fun, small ActivityPub server.
https://docs.gotosocial.org
GNU Affero General Public License v3.0
3.83k stars 335 forks source link

[feature] Authenticated RSS feed for Home/Local timelines #1257

Open brechtcs opened 1 year ago

brechtcs commented 1 year ago

Is your feature request related to a problem ?

I'd like to be able to use an RSS reader to read the contents of my home timeline, as well as my instance's local timeline. As far as I know this feature doesn't exist in other ActivityPub servers either, but I think it could be particularly useful for GoToSocial as it doesn't have it's own UI to render timelines. Adding RSS support on top of the Mastodon-compatible APIs would increase the number of clients people can choose to view their timelines.

Describe the solution you'd like.

I think the simplest way to implement authenticated feeds is the way many podcasting platforms do it. Patreon for example uses this format, which is supported by even the most minimal RSS podcatcher:

https://www.patreon.com/rss/nameofthepodcast?auth={user_specific_access_token}

Describe alternatives you've considered.

There's also IndieWeb's Microsub specification dealing with authenticated feeds, supported by it's own range of apps. This could be interesting if there's any interest to combine it with Micropub support as well. It does seem more complicated to implement though, and the range of new clients it opens up isn't nearly as big as the plain RSS solution.

Additional context.

No response

tsmethurst commented 1 year ago

This is kind of a cool idea :eyes: Definitely open to it.

We'd have to think about endpoints for these things -- where should the RSS endpoints actually be served? Since we'd be essentially using rss as an API for getting a read only feed of your authenticated timeline(s), I guess under there somewhere?

tsmethurst commented 1 year ago

I just chatted about it with the other devs, one idea that came out of the room was generating links for RSS subscriptions via the user's settings panel, which could include a read-only token that only works for rss for that specific link. So something like (i don't know) https://example.org/api/v1/timelines/rss/local?auth={whatever} or https://example.org/api/v1/timelines/rss/home?auth={whatever}.

brechtcs commented 1 year ago

Right, some kind of option in user settings to create and revoke tokens if needed is probably a good idea.

As for the endpoint, as an end user I have no strong opinion, because it's something you'd have to copy-paste into your RSS app only once. So whatever makes most sense from a development perspective should be okay.