Email or username:

Password:

Forgot your password?
Top-level
John Spurlock

... then stores the login info in the browser

For OAuth dorks, it'll show the token expiration and granted scope

Also whether or not the server supports the excellent OAuth server metadata spec, and whether the server supports PKCE (a security improvement that is a newer part of the spec)

10 comments
John Spurlock replied to John

You'll see that only the newest Mastodon 4.3 (still beta only?) supports this new metadata, but it should be rolling out widely soon.

John Spurlock replied to John

anyway, once you have an active login it will be displayed in the top-right corner, and you can follow profiles with a tap of the "Follow" button

John Spurlock replied to John

now Pleroma is special here, it supports following like this in bog-standard ActivityPub!

ie just posting a small json payload to the logged-in user's outbox endpoint

hopefully more ActivityPub servers support this soon, as it should be very similar to what they already do for S2S

John Spurlock replied to John

misskey and micro.blog from @manton both support client registration for clients like this by simply providing a website url

it's called "indieauth" (displayed in the login info row, otherwise falls back to mastodon-style app-creation-based registration)

there is a newer emerging standard for dynamic client registration, but no one supports it yet - I'll add it when one does!

micro.blog doesn't support C2S follows via the outbox yet, but we can fallback to the micro.blog api here

John Spurlock replied to John

you'll notice that browser.pub not only requests the ability to follow, but _also_ to read, generally

this gives the logged-in user the ability to explore ActivityPub collections that may not be public, only accessible via auth (if the server supports such collections over ActivityPub C2S)

in theory, you could imagine building a thing on top of these collections that looks like your personal mastodon timeline, but using spec-standard ActivityPub

in practice, tho, here is my mastodon inbox 🤦‍♂️

John Spurlock replied to John

Pleroma, however, is a different story - a better story

here is my Pleroma account, listing my private inbox collection - essentially my home timeline

this is not public, but available to ActivityPub C2S clients like browser.pub with a valid auth token

John Spurlock replied to John

Under the hood, the personal inbox is represented as an essentially infinite ActivityPub OrderedCollection, with no 'totalItems' count property, and no 'last' pointer

I can keep iterating down my inbox reverse chron this way in the json...

John Spurlock replied to John

... or by hitting "next" in the visual view

maybe I should add some sort of automatic revealing of the next item on scroll

John Spurlock replied to John

and of course you can't see my personal Pleroma 'inbox' collection here, since you aren't logged in as me

as it should be

if anyone finds any additional endpoints available to read over C2S when authed (on any AP server impl), let me know - I'd be very curious to know what's supported out there

John Spurlock replied to John

one more for today: just got @pixelfed oauth working too

similar to mastodon, you can add an existing pixelfed.social account, and follow any fediverse user directly from browser.pub

and, similar to mastodon, pixelfed does not seem to support any additional ActivityPub over C2S when authed

Go Up