References related to Authentication With Svelte + SQLite: https://medium.com/@mateuszpiorowski/oauth2-is-so-complicated-or-90-lines-of-code-with-svelte-ab0f5d80d659 With Auth.js + Node.js + Mastodon!: https://medium.com/@jibla/auth-js-exploration-1b6c27cf076f code: https://github.com/jibla/authjs-node-example ## Example Auth Flow for Mastodon: ref: https://docs.joinmastodon.org/client/token/#app ### Step 1 - Get Client info sent: `curl -X POST -F 'client_name=Mastodon Map' -F 'redirect_uris=urn:ietf:wg:oauth:2.0:oob' -F 'scopes=read write push' -F 'website=https://mastomap.magnificent.nz' https://mastodon.nzoss.nz/api/v1/apps` response (json): ``` { "id":"6929", "name":"Mastodon Map", "website":"https://mastomap.magnificent.nz", "redirect_uri":"urn:ietf:wg:oauth:2.0:oob", "client_id":"RzTkGQY5MXuvRpMjhG6QuW3NADRjTn14e_JqywgX0IA", "client_secret":"Sm6hUzIyvnAjYh6j1vXITJqObqCCwK-es33PAoRuhmI", "vapid_key":"BDyHmBqMmcoCZQPQoSBAlRG06AuOMsJ64hQyTLUxoB8gP-uaACHJyAGRBj0JjtMtbl7WuQxRNuHh2fFQqSfmQMs=" } ``` ### Step 2 - Get Auth Token sent: ``` curl -X POST \ -F 'client_id=RzTkGQY5MXuvRpMjhG6QuW3NADRjTn14e_JqywgX0IA' \ -F 'client_secret=Sm6hUzIyvnAjYh6j1vXITJqObqCCwK-es33PAoRuhmI' \ -F 'redirect_uri=urn:ietf:wg:oauth:2.0:oob' \ -F 'grant_type=client_credentials' \ https://mastodon.nzoss.nz/oauth/token ``` response (json): ``` { "access_token":"l3rutZOWZ_LTkku-kjdeZ6F2tv7mucBid5AIgpLEjbg", "token_type":"Bearer", "scope":"read", "created_at":1702891488 } ``` ### Step 3 - Verify Auth Token sent: ``` curl \ -H 'Authorization: Bearer l3rutZOWZ_LTkku-kjdeZ6F2tv7mucBid5AIgpLEjbg' \ https://mastodon.nzoss.nz/api/v1/apps/verify_credentials ``` response (json): ``` { "name":"Mastodon Map", "website":"https://mastomap.magnificent.nz", "vapid_key":"BDyHmBqMmcoCZQPQoSBAlRG06AuOMsJ64hQyTLUxoB8gP-uaACHJyAGRBj0JjtMtbl7WuQxRNuHh2fFQqSfmQMs=" } ``` ### Step 4 - actual request (for user 1, i.e. lightweight): sent: ``` curl \ -H 'Authorization: Bearer l3rutZOWZ_LTkku-kjdeZ6F2tv7mucBid5AIgpLEjbg' \ https://mastodon.nzoss.nz/api/v1/accounts/1/followers?limit=6 | jq > MastoFollowers.json ``` and see MastoFollowers.json for the first 6 results (see limit=6 above).