Comments (5)
Some problems to deal with:
- The callback URI is, at present, only known at the time of login. There is no way to provide a callback URI that allows additional redirection parameters. This is intentional.
- At least in manual testing I don't seem to able to successfully do a full OAuth flow; even if I specify a fixed callback URL I only get a "The redirect uri included is not valid" error.
- why can't mastodon just heckin' support OIDC/IndieAuth/whatever argh
from authl.
once again I find myself wishing mastodon/mastodon#4800 to be resolved
from authl.
probably what I'll have to do is regsiter a new app with the full callback URL at the time of initiate_auth
and mastodon can just deal with it
from authl.
got a working session:
>>> client_id,client_secret=Mastodon.create_app('asdf',scopes=['read'],redirect_uris=['https://mew.lvh.me/wibble'])
>>> client=Mastodon(client_id=client_id,client_secret=client_secret)
>>> client.auth_request_url(redirect_uris='https://mew.lvh.me/wibble',scopes=['read'])
'https://mastodon.social/oauth/authorize?client_id=xxx&response_type=code&redirect_uri=https%3A%2F%2Fmew.lvh.me%2Fwibble&scope=&force_login=False'
This resulted in a client redirect to https://mew.lvh.me/wibble?code=xxx
. Passing that code into client.log_in(code='xxx',scopes=['read'],redirect_uri='https://mew.lvh.me/wibble') returned an OAuth token, and after that point,
client.account_verify_credentials()` returns a dict that includes the URL.
Phew.
TBD: is there a scope which ONLY gives me account info?
from authl.
Okay so it looks like the scope read:accounts
gives the minimal information necessary, and then after getting that information it's possible to revoke the token as well.
However, mastodon.py does not provide built-in revocation/logout.
The actual core parts of Mastodon login don't really seem to need the entirety of Mastodon.py anyway - this could probably be handled much more simply. For example, we can probably just determine if the server is Mastodon-compatible by doing a GET on /api/v1/instance
and see if it returns a JSON blob with uri
and version
fields. If so, we know this is Mastodon-esque-enough.
Then, in initiate_auth
we register an application with our callback URL, and then follow the authorization flow with a scope of read:accounts
. Finally, we get the account information with GET /api/v1/accounts/verify_credentials
and then POST /oauth/revoke
now that we have the info we need.
from authl.
Related Issues (20)
- Change Twitter profile ID to use /i/user endpoint HOT 1
- Update mastodon.py API usage
- Separate login Javascript code into its own asset
- Don't let link previewers destroy email login tokens
- Update Twitter handler to v2 API HOT 1
- Support indieauth-metadata endpoint
- Sign in with Tumblr
- Fediverse unit test is incomplete
- Remove url parameter from Handler.check_callback HOT 1
- Retrieval of IndieWeb endpoints HOT 2
- Update IndieAuth flow
- utils.permanent_url needs to normalize scheme and netloc
- Strip spaces from email addresses
- Allow blacklisting domains HOT 1
- Support gravatar/libravatar on email profiles
- IndieAuth: add PKCE support
- Support RelMeAuth HOT 1
- Allow specifying a connection timeout HOT 1
- Allow working with Flask 2.0
- tokens.Serializer: use encryption instead of plain signing
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from authl.