10
45
Fork
You've already forked doipjs
28

Reddit no longer verifying #67

Open
opened 2024年01月26日 15:45:29 +01:00 by yarmo · 6 comments
Owner
Copy link

This issue was first opened here: keyoxide/keyoxide-web#192

Reddit claims are indeed no longer verifying. It appears Reddit is taking measures to ban scrapers: keyoxide/keyoxide-web#192 (comment)

Need to do more research. Just as with Twitter, we could try and use oembed to perform the verification.

This issue was first opened here: https://codeberg.org/keyoxide/keyoxide-web/issues/192 Reddit claims are indeed no longer verifying. It appears Reddit is taking measures to ban scrapers: https://codeberg.org/keyoxide/keyoxide-web/issues/192#issuecomment-1413723 Need to do more research. Just as with Twitter, we could try and use oembed to perform the verification.
Author
Owner
Copy link

Indeed, oembed is a viable strategy. Here's my existing proof fetched through ombed: https://www.reddit.com/oembed?url=https://www.reddit.com/user/YarmoM/comments/hhd318/openpgp_proof/

--edit It is viable, but requires the proof to be part of the title, since the post content is not included in the oembed data

Indeed, oembed is a viable strategy. Here's my existing proof fetched through ombed: https://www.reddit.com/oembed?url=https://www.reddit.com/user/YarmoM/comments/hhd318/openpgp_proof/ --edit It is viable, but requires the proof to be part of the title, since the post content is not included in the oembed data
Member
Copy link

After some testing, here are a few notes:

  • The original (.json) API does support CORS and thus would function in a typical browser environment
    • Example (I opened DevTools on a codeberg tab to ensure CORS was processed):
      image
    • However, unless it would be different inside of keyoxide, Firefox's "Tracking Protection" seems to falsely flag the API as a tracker, meaning it may be unusable in the browser for most firefox users
  • The oembed API does indeed only show the title, and also does not support CORS (though that is a net zero in terms of requests, as the original verification method is marked as NOCORS regardless)
After some testing, here are a few notes: - The original (`.json`) API does support CORS and thus would function in a typical browser environment - Example (I opened DevTools on a codeberg tab to ensure CORS was processed): ![image](/attachments/2332f28f-b2ad-455a-b461-b8b2f9ad6582) - However, unless it would be different inside of keyoxide, Firefox's "Tracking Protection" seems to falsely flag the API as a tracker, meaning it may be unusable in the browser for most firefox users - The oembed API does indeed only show the title, and also does not support CORS (though that is a net zero in terms of requests, as the original verification method is marked as NOCORS regardless)
234 KiB

In terms of Reddit there are a few routes we could take:

  1. moving request to the client to prevent rate limiting (but risking clashes with tracking protection 😕)
  2. downgrade to oEmbed
  3. using PushShift/PullPush
  4. copy redlib's approach of generating guest OAuth tokens

Personally, I would take the redlib route of mimicking Reddit's Android app as they do here: github.com/redlib-org/redlib@99097da6b8/src/oauth.rs and if that ends up being prevented fall back to oEmbed.

In terms of Reddit there are a few routes we could take: 1. moving request to the client to prevent rate limiting (but risking clashes with tracking protection 😕) 2. downgrade to oEmbed 3. using [PushShift](https://github.com/pushshift/api)/[PullPush](https://pullpush.io/) 4. copy [redlib](https://github.com/redlib-org/redlib)'s approach of generating guest OAuth tokens Personally, I would take the redlib route of mimicking Reddit's Android app as they do here: https://github.com/redlib-org/redlib/blob/99097da6b8243cbd2f84f297ca2f33118206cb28/src/oauth.rs and if that ends up being prevented fall back to oEmbed.
Linking https://community.keyoxide.org/d/317-cant-verify-reddit for cross-visibility

Is it possible to change the message from "The claim COULD NOT BE verified by the proof." to something like "Claim verification currently not possible." and maybe some kind of orange icon instead of the red cross mark?

This way it doesn't directly look like it is a failed verification. People could still manually verify.

Is it possible to change the message from "The claim COULD NOT BE verified by the proof." to something like "Claim verification currently not possible." and maybe some kind of orange icon instead of the red cross mark? This way it doesn't directly look like it is a failed verification. People could still manually verify.
I have this issue (or a similar issue?) as well. Keyoxide profile: https://keyoxide.org/aspe%3Akeyoxide.org%3ABW4JHVBB5HM3DMAVNSY34QAEQU Proof link: https://www.reddit.com/user/GideonBear/comments/1mz1mny/proof/ Discussion on Matrix: https://matrix.to/#/!dEfJkFpQpwvbzcegRX:matrix.org/$iHAsFGijvf4CIoyvHEPrACtEgfstBw9VApqgc1q7n6M?via=matrix.org&via=tedomum.net
Sign in to join this conversation.
No Branch/Tag specified
main
dev
fix-irc-fetcher
new-claim-eveonline-143
prepare-new-release
fix-jsdoc-types
yarn-to-npm
support-openpgp-aspe-claims
support-html-alias
improve-activitypub-support
v1-restructure
into-es-module
support-aspe
fix-js-lsp-issues
improve-linting
add-markers
support-opencollective-claim
support-entity-decoding
use-rome-tools
support-cloudflare-buster
support-fediverse-posts
matrix-room-verification
2.1.0
2.1.0-rc.3
2.1.0-rc.2
2.1.0-rc.1
2.0.1
2.0.0
2.0.0-rc.1
1.2.9
1.2.8
1.2.7
1.2.6
1.2.5
1.2.4
1.2.3
1.2.2
1.2.1
1.1.1
1.1.0
1.0.4
1.0.3
1.0.2
1.0.1
1.0.0
v0.19.1-alpha.0
0.19.0
0.18.3
0.18.2
0.18.1
0.18.0
0.17.5
0.17.4
0.17.3
0.17.2
0.17.1
0.17.0
0.16.4
0.16.3
0.16.2
0.16.1
0.16.0
0.15.7
0.15.6
0.15.5
0.15.4
0.15.3
0.15.2
0.15.1
0.15.0
0.14.0
0.13.0
0.12.9
0.12.8
0.12.7
0.12.6
0.12.5
0.12.4
0.12.3
0.12.2
0.12.1
0.12.0
0.11.2
0.11.1
0.11.0
0.10.5
0.10.4
0.10.3
0.10.2
0.10.1
0.10.0
0.9.4
0.9.3
0.9.2
0.9.1
0.9.0
0.8.5
0.8.4
0.8.3
0.8.1
0.7.4
0.7.3
0.7.2
0.7.1
0.7.0
0.6.0
0.5.1
0.5.0
0.4.2
0.4.1
0.4.0
0.3.0
0.2.0
Labels
Clear labels
bug
Something is not working

Archived

enhancement
New feature

Archived

Contribution welcome
Get started contributing here
Good first issue
Good if you are new to the project or to open source contributions
Impact
External
Affects the people using the project
Impact
Internal
Affects on the people working on the project
Priority
Critical
Work on right now
Priority
High
Work on at earliest convenience
Priority
Low
Work on in spare time
Priority
Medium
Work on regularly
Review
Duplicate
Already exists
Review
Off Topic
Does not fall within the scope of the repo/project
Status
Backlog
Is not being worked on yet
Status
Blocked
Is waiting on something or someone
Status
Completed
Is done
Status
In Progress
Is being worked on
Status
Investigating
Is waiting on research or questions
Status
Needs Decision
Is waiting on a decision by the devs/contributors
Status
Needs Info
Is waiting on additional information before it can be solved
Status
Needs Triage
Is new issue that needs reviewing
Status
Testing
Is being checked and verified
Status
Waiting For Review
Is waiting on reviewers to approve
Status
Won't Fix
Won't be fixed
Type
Bug
Related to something not working as intended
Type
CI
Related to continuous integration
Type
Documentation
Related to documentation
Type
Enhancement
Related to a new feature or an improved one
Type
New Claim
Related to a new identity claim/proof
Type
Security
Related to security
Type
Tests
Related to code tests
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
5 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
keyoxide/doipjs#67
Reference in a new issue
keyoxide/doipjs
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?