ReticentJohn
commented
7 years ago This is an unfortunate reality until the API provides access to the ability to alter account preferences. While admittedly strange, running this login method allows the app’s shared urlsession to retain cookies and continue to have access to parts of a Mastodon instance that would otherwise be unreachable by the API alone.
Perhaps to mitigate risk, the login should be upgraded to use the standard flow, and when accessing account preferences the user would just have to login again.
I’ll accept PR’s from anyone who wants to change Amaroq’s login process but I probably won’t do it myself until if/when it actually breaks on mastodon.social.
lambadalambda
zspencer
moritzheiber
Fatima-yo
Amaroq uses a weird login scheme to get the access_token, logging in on a webview and then waiting for an access code to appear in the html. This isn't a valid oauth flow and will possibly break in the future if Mastodon changes it's html. Amaroq should probably implement the usual oauth token exchange mechanism.
I found the issue because Pleroma also implements the Mastodon API, but has different html, so it breaks there.