Open selfisekai opened 2 years ago
I see, thanks for the feedback. Grant tries to make certain developer workflows easier, for example having your OAuth app credentials on startup, but that is not a requirement.
For Mastodon specifically there is no default domain set, for that same reason that you mention above:
What that means is that you have to either use the subdomain
key, which is the domain in this case, or set the entire authorization URLs. I don't know what is your exact setup, but here is one example configuration:
{
"defaults": {
"origin": "https://your-proxy.com",
"prefix": "/login",
"transport": "querystring"
},
"mastodon": {
"dynamic": [
"subdomain",
"key",
"secret",
"scope"
],
"response": ["tokens"],
"callback": "https://your-app.com/callback"
}
}
Then the workflow is as follows:
Obtain the domain name
Obtain app credentials, for redirect URIs you should set https://your-proxy.com/login/mastodon/callback
Navigate to https://your-proxy.com/login/mastodon
with either POST or GET, in both cases you have to send subdomain=the.domain&key=the-key&secret=the-secret
(URL Encoded)
The user logs in, but in the end it is being redirected back to your app at https://your-app.com/callback?token=the-token
, assuming you host your proxy as a standalone server, which is again optional
Let me know if that helps.
Grant requires to provide keys and the instance to log in to at initialization. This is not how Mastodon, or pretty much any federated social network works. The fundamental rule of Mastodon is, there's no single instance of it, anyone can set up their own instance, and communicate flawlessly with people from other instances. Per Mastodon docs: "The user must be able to login to any Mastodon server from the app. This means you must ask for the server's domain and use the app registrations API to dynamically obtain OAuth2 credentials.". The box is ticked on provider list, but the implementation is just nonsense.