Discrepancy in Permissions

[levlaz]

Conversation happening here https://lobste.rs/s/qp7idv/easy_way_find_other_developers_at_tech#c_xqi3yp

User reports that there is a discrepancy between the permissions that an instance asks for and the ones that it gets when someone authorizes with Fedidevs.

    Accounts: Read-only access
    Follows: Read and write access

However, when looking at my instance authorized apps it ends up with this:

    Accounts: Read and write access
    Blocks: Read and write access
    Favorites: Read and write access
    Filters: Read and write access
    Follows: Read and write access
    Lists: Read and write access
    Mutes: Read and write access
    Notifications: Read and write access
    Search: Read-only access
    Posts: Read and write access
    Bookmarks: Read and write access
    Media attachments: Write-only access
    Reports: Write-only access

[anze3db]

Hey, @levlaz, thank you for reaching out to me about this!

Fedidevs does create an app with more permissions than it currently needs. I implemented it this way because, as far as I can tell from reading the Mastodon API docs, Mastodon doesn't have an API to update the app once it is created.

Here's a PR that limits the permissions to what's currently needed: https://github.com/anze3db/fedidevs/pull/51. This works, but when I add a new feature that might require additional permission, I'll have to create a brand-new app on every instance.

When I initially implemented this, my judgment call was that it's better to have one app with more permissions than potentially creating multiple apps on every server. If this was the wrong call, let me know and I'll fix it by merging the PR.

PS: I don't have a lobste.rs account, so I can't respond to that thread, but I would really appreciate hearing bkhl's feedback on my dilemma of potentially creating multiple apps on every instance.

[levlaz]

I’m happy to invite you, I think it’s worth joining because that’s where a lot of people who care about this kind of stuff hang out :)

should I use the email from your personal site?

Lev Lazinskiy m: 415.470.2142 e: @.*** linkedin icon download 16x16 - square ( https://www.linkedin.com/in/levlaz/ )

On Mon, Jun 17 2024 at 19:23, Anže Pečar < @.*** > wrote:

Hey, @levlaz ( https://github.com/levlaz ) , thank you for reaching out to me about this!

Fedidevs does create an app with more permissions than it currently needs. I implemented it this way because, as far as I can tell from reading the Mastodon API docs ( https://docs.joinmastodon.org/methods/apps/ ) , Mastodon doesn't have an API to update the app once it is created.

Here's a PR that limits the permissions to what's currently needed: #51 ( https://github.com/anze3db/fedidevs/pull/51 ). This works, but when I add a new feature that might require additional permission, I'll have to create a brand-new app on every instance.

When I initially implemented this, my judgment call was that it's better to have one app with more permissions than potentially creating multiple apps on every server. If this was the wrong call, let me know and I'll fix it by merging the PR.

PS: I don't have a lobste.rs account, so I can't respond to that thread, but I would really appreciate hearing bkhl ( https://lobste.rs/~bkhl ) 's feedback on my dilemma of potentially creating multiple apps on every instance.

— Reply to this email directly, view it on GitHub ( https://github.com/anze3db/fedidevs/issues/50#issuecomment-2174610656 ) , or unsubscribe ( https://github.com/notifications/unsubscribe-auth/AB44P2CYNXKHLZ5ZFR4BSN3ZH5VYTAVCNFSM6AAAAABJOXA2DOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCNZUGYYTANRVGY ). You are receiving this because you were mentioned. Message ID: <anze3db/fedidevs/issues/50/2174610656 @ github. com>

[anze3db]

Oh, yeah, please send the invite to my personal email: anze AT pecar DOT me. Thanks! ❤️

[levlaz]

Just sent the invite!