OpenWebAuth provides a light-weight form of cross-domain authentication between websites on the open web.
This PR shows how Mastodon users could log in as visitors on OpenWebAuth enabled services like Hubzilla and the project nicknamed "Streams" or any Fediverse server which implements the server-side of OpenWebAuth. Mastodon users do not need an account on the other server.
In practice, it depends on the services and the permissions that the Mastodon user has on the other server's services; e.g. a user on Hubzilla or Streams could allow a Mastodon user to post on his wall, upload a picture to his cloud etc.
Note: this is only the 'client' side of the protocol i.e. Hubzilla/Streams users could not log in to Mastodon.
How this can be tested:
Prerequisites:
Hubzilla or Streams server ("OWA-S")
user on Mastodon
Procedure:
Log in on Mastodon
In the same browser in a new tab: open the login screen of the OWA-S, perform a 'remote authentication' and enter the Mastodon handle as identifier
Expected outcome:
The Mastodon user should now be logged in to the OWA-S as a visitor.
Note: this is just a test scenario for the protocol.
In a more real-life scenario, resources on Hubzilla/Streams would be available as
https://OWA-S/?zid=
in order for the user having this Mastodon handle to access the resource on the OWA-S.
The protocol code was borrowed from the Hubzilla code and adapted by me to work with the Mastodon code. I did not make an effort to re-use existing code in Mastodon.
Pitch
OpenWebAuth provides a light-weight form of cross-domain authentication between websites on the open web. This PR shows how Mastodon users could log in as visitors on OpenWebAuth enabled services like Hubzilla and the project nicknamed "Streams" or any Fediverse server which implements the server-side of OpenWebAuth. Mastodon users do not need an account on the other server. In practice, it depends on the services and the permissions that the Mastodon user has on the other server's services; e.g. a user on Hubzilla or Streams could allow a Mastodon user to post on his wall, upload a picture to his cloud etc. Note: this is only the 'client' side of the protocol i.e. Hubzilla/Streams users could not log in to Mastodon.
How this can be tested:
Prerequisites:
Hubzilla or Streams server ("OWA-S") user on Mastodon
Procedure:
Log in on Mastodon In the same browser in a new tab: open the login screen of the OWA-S, perform a 'remote authentication' and enter the Mastodon handle as identifier
Expected outcome:
The Mastodon user should now be logged in to the OWA-S as a visitor.
Note: this is just a test scenario for the protocol.
In a more real-life scenario, resources on Hubzilla/Streams would be available as https://OWA-S/?zid=
in order for the user having this Mastodon handle to access the resource on the OWA-S.
The protocol code was borrowed from the Hubzilla code and adapted by me to work with the Mastodon code. I did not make an effort to re-use existing code in Mastodon.
Checks done: Rspec:
$ rspec spec/requests/magic_spec.rb
Randomized with seed 41651 4/4 |======================================================================================= 100 =======================================================================================>| 4 examples, 0 failures
Rubocop:
$ rubocop app/controllers/magic_controller.rb spec/requests/magic_spec.rb config/routes.rb Inspecting 3 files ...
3 files inspected, no offenses detected
https://github.com/glitch-soc/mastodon/issues/2412
Motivation
https://github.com/glitch-soc/mastodon/issues/2412