Follow Token
This token represents a one-way follow created by a user (unlike the mutual connection, a follow needs no acceptance).
The token must contain an audience (aud) field pointing to the identity being followed. It may carry an optional content (c) field. For other constraints see the Action Tokens.
Subtypes
| Subtype | Description |
|---|---|
| FLLW | Follow |
| FLLW:DEL | Unfollow |
A follow takes effect immediately and does not require the target to confirm. The target may, however, disable followers entirely via the privacy.allow_followers setting — in that case incoming follows are silently dropped (rest at status D).
Content-Addressing
This token is content-addressed using SHA-256:
- The entire JWT token (header + payload + signature) is hashed
- Action ID format:
a1~{base64_hash} - See Content-Addressing & Merkle Trees for details
Database Key
The deduplication key for a follow token is {type}:{issuer}:{audience} (e.g. FLLW:alice.example.com:bob.example.com).
Purpose: ensures only ONE active follow from a given issuer to a given audience. Re-following after an unfollow creates a new token with the same key, superseding the previous one.
Example
User @alice.cloudillo.net follows @bob.cloudillo.net:
| Field | Value |
|---|---|
| iss | alice.cloudillo.net |
| aud | bob.cloudillo.net |
| iat | 2024-04-13T00:01:10.000Z |
| k | 20240101 |
| t | FLLW |