Skip to main content
 

Building an open share button for the distributed social web

Thinking through a “share with Mastodon” button that anyone could embed on a website. It’s a harder problem than a “share with Twitter” button, because there’s no one central host, and it would be ideal to avoid creating a central location to handle these requests. (Mastodon is decentralized, after all.)

As a bonus, I think it would work for indieweb or any other decentralized social platform. Maybe any social platform at all?

This would all be easier if web intents had stuck around. Nonetheless, here’s how it might work. Let’s call it “microshare”, to sit alongside micropub:

  1. User clicks button on page.
  2. JS on the page detects whether the web+social URI scheme has been registered (I wish this was easier, but you can do this by making an asynchronous request and waiting for it to succeed or fail).
  3. If it has, great! Just forward the user to that URI.
  4. If not, ask the user what the domain of their social profile is.
  5. JS (or a back-end server process) goes and fetches that base URL and looks for either a microshare metatag or an HTTP header of the form Link: <https://example.com/microshare>;; rel="microshare". (Mastodon etc would need to support this endpoint and discovery of same.)
  6. If the endpoint exists, the browser opens a new tab and forwards the user to that URI with additional text and url URL string parameters populated with the name and the URL of the page being shared respectively.
  7. This new page contains a button to register the URI as the handler for the web+social URI scheme. It may also either prompt the user to log in, or, if they’re already logged in, share to that social platform, with the text and URL pre-filled into the form.

There are a few issues here that I’d like to iterate on: I wish URI scheme handling and detection was easier in a browser, for one. Secondly, there’s a potential phishing attack where a malicious website could show a fake login page and harvest someone’s login credentials.

Still, what I like about it is that it uses the web’s existing capabilities and doesn’t enforce a central domain handler (or even a domain as a shim). While it seems more convoluted than a standard href link (and it is), it can be achieved on publisher websites with just a few lines of JavaScript.

I’m sure I’ve missed something important, but I wanted to kick this off as a first step. Let me know what you think!

· Posts