Fix #658: Support blind key rotation in HTTP Signatures
Closes #658 (closed)
Cf https://blog.dereferenced.org/the-case-for-blind-key-rotation
When we fail on an invalid signature while authenticating an HTTP request, we'll now:
- Catch the error
- Refetch the actor object (to potentially load a new public key)
- Retry the signature verification with the new public key (and fail for real this time in case of error)
Todo:
-
Regenerate local actor key when a Delete activity occur
Edited by Agate