RFE: mastodon account verification

[nirik]

It would be nice if noggin could verify fas accounts for mastodon

See: https://docs.joinmastodon.org/user/profile/#verification

It should likely work like:

• mastodon user adds to their profile: a label of fas or fedoraaccountsystem or the like, with a link to https://accounts.fedoraproject.org/user/whatever/
• noggin adds a profile field for 'mastodon account'
• the users profile page adds a: <link href="https://social.example.com/@username" rel="me"> for the mastodon account listed in the profile.

This way users could validate that a specific mastodon account was linked to a specific userid in noggin.

[abompard]

Note that it can also be a regular link in the form <a href="https://social.example.com/@username" rel="me">Mastodon account</a>

That said, the profile pages are not currently public, so the Mastodon server's crawler will not be able to check the link.

[nirik]

Hum... it just occurred to me that all those pages require authentication. ;( So this might not work at all?

[abompard]

Yeah. I see two ways out:

• use something else entirely, like a fedorapeople page
• have a public page for user info in noggin, where we would publish "stuff", the definition of "stuff" needing to be discussed of course. And that's a major change because we would need to revisit some fundamental assumptions about security in Noggin.

[nirik]

A public page would be very nice IMHO. We could also put ssh public keys there so people could more easily share them...

Another possible way to do that might be to have a fasjson-public endpoint that has that data?

[abompard]

I suppose people already have a public page in the wiki, no? Should we use that instead? And maybe have a macro that inserts the rel="me" attribute in the link?

[nirik]

We could, but I sure hate depending on the wiki for more things. ;(