Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mastodon implementation misses the point #264

Open
selfisekai opened this issue Dec 8, 2021 · 1 comment
Open

Mastodon implementation misses the point #264

selfisekai opened this issue Dec 8, 2021 · 1 comment

Comments

@selfisekai
Copy link

Grant requires to provide keys and the instance to log in to at initialization. This is not how Mastodon, or pretty much any federated social network works. The fundamental rule of Mastodon is, there's no single instance of it, anyone can set up their own instance, and communicate flawlessly with people from other instances. Per Mastodon docs: "The user must be able to login to any Mastodon server from the app. This means you must ask for the server's domain and use the app registrations API to dynamically obtain OAuth2 credentials.". The box is ticked on provider list, but the implementation is just nonsense.
@simov
Copy link
Owner

simov commented Dec 8, 2021

I see, thanks for the feedback. Grant tries to make certain developer workflows easier, for example having your OAuth app credentials on startup, but that is not a requirement.

For Mastodon specifically there is no default domain set, for that same reason that you mention above:

grant/config/oauth.json

Lines 625 to 630 in 0ba063b

"mastodon": {
"authorize_url": "https://[subdomain]/oauth/authorize",
"access_url": "https://[subdomain]/oauth/token",
"oauth": 2,
"scope_delimiter": " "
},

What that means is that you have to either use the subdomain key, which is the domain in this case, or set the entire authorization URLs. I don't know what is your exact setup, but here is one example configuration:

{
  "defaults": {
    "origin": "https://your-proxy.com",
    "prefix": "/login",
    "transport": "querystring"
  },
  "mastodon": {
    "dynamic": [
      "subdomain",
      "key",
      "secret",
      "scope"
    ],
    "response": ["tokens"],
    "callback": "https://your-app.com/callback"
  }
}

Then the workflow is as follows:

  1. Obtain the domain name

  2. Obtain app credentials, for redirect URIs you should set https://your-proxy.com/login/mastodon/callback

  3. Navigate to https://your-proxy.com/login/mastodon with either POST or GET, in both cases you have to send subdomain=the.domain&key=the-key&secret=the-secret (URL Encoded)

  4. The user logs in, but in the end it is being redirected back to your app at https://your-app.com/callback?token=the-token, assuming you host your proxy as a standalone server, which is again optional

Let me know if that helps.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@simov @selfisekai