Email or username:

Password:

Forgot your password?
All posts Dr. Quadragon ❌'s posts Post Back to profile
Top-level
Alexey Skobkin

@drq
1. It depends on what type of app you're building.
2. Are you sure that you've got an access token and not the token which is used to get access token?
3. Invalid grant could mean that you didn't set permissions you wanted to have when requesting the token.

OAuth can be non-obvious sometimes.
Also this library is not an exame of an excellent documentation.

20 Apr 2022 at 21:36 | Wall-to-wall | Open on lor.sh
25 comments
Dr. Quadragon ❌

@skobkin

1. A group bot
2. No, I'm not. There are however two methods:
Authenticate (which takes context, login and password)
AuthenticateToken (which takes context, supposedly an access token and some redirect uri)
3. Permissions are set, I checked.

20 Apr 2022 at 21:40 | Open on mastodon.ml
Dr. Quadragon ❌

@skobkin There's a RegisterApp function that supposedly returns the redirect uri, however I don't want to register a new app every time I have to log on. Do I _have_ to save it somewhere in the config then?

20 Apr 2022 at 21:49 | Open on mastodon.ml
Alexey Skobkin

@drq
No. It returns the URL you've specified while registering back to you. Or sets it to special value (apps.go:42).
I'd say that you should check the Mastodon OAuth docs this time.
Here:
docs.joinmastodon.org/spec/oau
And here:
docs.joinmastodon.org/methods/

BTW I forgot that you can also just show the code to the user without redirection, so you still can implement the "app"/"server" flow without web endpoints. Check this second link for such example.

So your flow could be like:
- Get auth URL from the bot
- Go there, enter your creds
- Copy the code from the browser
- Enter it to your bot
- Bot retrieves an access token and stores it somewhere.

And if you're planning to register the bot as an app from itself then you also need to store the app credentials.

@drq
No. It returns the URL you've specified while registering back to you. Or sets it to special value (apps.go:42).
I'd say that you should check the Mastodon OAuth docs this time.
Here:
docs.joinmastodon.org/spec/oau
And here:
docs.joinmastodon.org/methods/

BTW I forgot that you can also just show the code to the user without redirection, so you still can implement the "app"/"server" flow without web endpoints. Check this second link for such example.

20 Apr 2022 at 22:12 | Open on lor.sh
Dr. Quadragon ❌

@skobkin App creds are stored no problem

20 Apr 2022 at 22:13 | Open on mastodon.ml
Alexey Skobkin

@drq
And if it's still not clear, in the case without endpoints you can just leave redirect URL empty and it'll be replaced by that 'magic' value 'urn:ietf:wg:oauth:2.0:oob' which will lead to the auth code (not token!) to be displayed to the user (you) after entering your login and password in the browser.

20 Apr 2022 at 22:16 | Open on lor.sh
Dr. Quadragon ❌

@skobkin Yeah, so I need to rewrite the configuration routine according to that. Thanks.

20 Apr 2022 at 22:17 | Open on mastodon.ml
Alexey Skobkin

@drq
Yes, something like that.
You can probably just add two commands to your bot like:

./bot login # prints URL
./bot retrieve-token <code> # takes code, gets token and then stores it.

20 Apr 2022 at 22:21 | Open on lor.sh
Alexey Skobkin

@drq
Also probably
./bot register-app

But it could be done in the 'login' command easily, so it's not necessary.

20 Apr 2022 at 22:23 | Open on lor.sh
Alexey Skobkin

@drq
Did you get it to work in the end?

21 Apr 2022 at 9:32 | Open on lor.sh
lionalex replied to Alexey

@skobkin @drq

Guys, I'd like to use your expertise a bit :)
I'm totally new in fediverse, and I'd like to create an ActivityPub server with my own content and make it accessible via Mastodon. What should I start from?
What libs do you suggest? (preferable in Go)

21 Apr 2022 at 11:24 | Open on mastodon.online
Alexey Skobkin replied to lionalex

@lionalex @drq
You should ask @grishka about that. He wrote some nice post about basics of ActivityPub for humans.

Considering the libraries, I'm not so sure. I'd start with looking for existing AP projects in Go and checked out which libraries they use.

21 Apr 2022 at 11:27 | Open on lor.sh
Григорий Клюшников replied to Alexey

Alexey Skobkin, I was meaning to write about ActivityPub but have never gotten around to doing that. There were two posts by Eugen about building a minimal ActivityPub server in Ruby (but trivially portable to any language). I send links to them to anyone who wants to get started quickly.

21 Apr 2022 at 12:22
Григорий Клюшников replied to Alexey
Григорий Клюшников replied to Alexey

Alexey Skobkin, one thing to keep in mind tho: they are outdated and if you follow them as is your implementation won't work with modern Mastodon. The Digest header is now required. It's a sha256 of the request body and you need to include it in the signature as well.

21 Apr 2022 at 12:31
Alexey Skobkin replied to Григорий
lionalex replied to Григорий

@grishka @skobkin @drq

Thank you, guys! Will take a closer look.

What I'm thinking about is a kinda federative media. Someone writes an article on the media's ActivityPub server. The problem here is censorship. The server could be banned by RKN and it would be great to read the article via other servers in the federation.

For instance, it could be a mobile app that connects to a random server (without auth) and use it to get access to the article.

21 Apr 2022 at 16:30 | Open on mastodon.online
Dr. Quadragon ❌ replied to lionalex

@lionalex Make federated Livejournal

@ludivokrug would be thankful for that

@grishka @skobkin

21 Apr 2022 at 16:41 | Open on mastodon.ml
lionalex replied to Dr. Quadragon ❌

@drq @ludivokrug @grishka @skobkin
That's an option, but the problem is the number of servers and it would be great to utilize existing infrastructure

21 Apr 2022 at 17:11 | Open on mastodon.online
Alexey Skobkin replied to lionalex

@lionalex @drq @ludivokrug @grishka

I'm not sure if what're you planning to do is the same as for what purpose ActivityPub was created.

21 Apr 2022 at 17:21 | Open on lor.sh
Dr. Quadragon ❌ replied to lionalex

@lionalex there's a go-fed library, although some may not be happy about its quality

@skobkin

21 Apr 2022 at 12:57 | Open on mastodon.ml
Alexey Skobkin

@drq
So.
2. As far as I can see from my phone, the method you're using (AuthenticateToken) is for the second step of server app flow.
But you're probably building something close to a client app, so you can try another flow if you don't want to implement web interface (and login endpoints) for your bot.

Check the README.md. There are another example which should help you in your case.

You can (should?) also check mastodon.go and Mastodon's OAuth documentation page which can help you to clarify what's going on. But most likely using client's flow will work as you expect.

@drq
So.
2. As far as I can see from my phone, the method you're using (AuthenticateToken) is for the second step of server app flow.
But you're probably building something close to a client app, so you can try another flow if you don't want to implement web interface (and login endpoints) for your bot.

20 Apr 2022 at 21:50 | Open on lor.sh
Dr. Quadragon ❌

@skobkin Don't want to save password in the config. My previous bot didn't require it.

20 Apr 2022 at 21:51 | Open on mastodon.ml
Alexey Skobkin

@drq
What's the problem? It's using its own account.
Anyway you can implement the endpoint for the "server" workflow, but then you'll need to expose your bot to the external network.
And let me guess, your previous bot wasn't getting the token itself and now you're just trying to make things 'right'.

20 Apr 2022 at 21:57 | Open on lor.sh
Go Up