@skobkin There's a RegisterApp function that supposedly returns the redirect uri, however I don't want to register a new app every time I have to log on. Do I _have_ to save it somewhere in the config then?
Top-level
@skobkin There's a RegisterApp function that supposedly returns the redirect uri, however I don't want to register a new app every time I have to log on. Do I _have_ to save it somewhere in the config then? 19 comments
@drq @skobkin Yeah, so I need to rewrite the configuration routine according to that. Thanks. @drq ./bot login # prints URL @drq But it could be done in the 'login' command easily, so it's not necessary. Alexey Skobkin, I was meaning to write about ActivityPub but have never gotten around to doing that. There were two posts by Eugen about building a minimal ActivityPub server in Ruby (but trivially portable to any language). I send links to them to anyone who wants to get started quickly. Alexey Skobkin, one thing to keep in mind tho: they are outdated and if you follow them as is your implementation won't work with modern Mastodon. The Digest header is now required. It's a sha256 of the request body and you need to include it in the signature as well. Thank you, guys! Will take a closer look. What I'm thinking about is a kinda federative media. Someone writes an article on the media's ActivityPub server. The problem here is censorship. The server could be banned by RKN and it would be great to read the article via other servers in the federation. For instance, it could be a mobile app that connects to a random server (without auth) and use it to get access to the article. @drq @ludivokrug @grishka @skobkin @lionalex @drq @ludivokrug @grishka I'm not sure if what're you planning to do is the same as for what purpose ActivityPub was created. |
@drq
No. It returns the URL you've specified while registering back to you. Or sets it to special value (apps.go:42).
I'd say that you should check the Mastodon OAuth docs this time.
Here:
https://docs.joinmastodon.org/spec/oauth/
And here:
https://docs.joinmastodon.org/methods/apps/oauth/
BTW I forgot that you can also just show the code to the user without redirection, so you still can implement the "app"/"server" flow without web endpoints. Check this second link for such example.
So your flow could be like:
- Get auth URL from the bot
- Go there, enter your creds
- Copy the code from the browser
- Enter it to your bot
- Bot retrieves an access token and stores it somewhere.
And if you're planning to register the bot as an app from itself then you also need to store the app credentials.
@drq
No. It returns the URL you've specified while registering back to you. Or sets it to special value (apps.go:42).
I'd say that you should check the Mastodon OAuth docs this time.
Here:
https://docs.joinmastodon.org/spec/oauth/
And here:
https://docs.joinmastodon.org/methods/apps/oauth/
BTW I forgot that you can also just show the code to the user without redirection, so you still can implement the "app"/"server" flow without web endpoints. Check this second link for such example.