lightweight/mastodon-userstats
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
mastodon-userstats/AuthNotes.md

2.2 KiB
Raw Permalink Blame History

References related to Authentication

With Svelte + SQLite: https://medium.com/@mateuszpiorowski/oauth2-is-so-complicated-or-90-lines-of-code-with-svelte-ab0f5d80d659

With Auth.js + Node.js + Mastodon!: https://medium.com/@jibla/auth-js-exploration-1b6c27cf076f code: https://github.com/jibla/authjs-node-example

Example Auth Flow for Mastodon:

ref: https://docs.joinmastodon.org/client/token/#app

Step 1 - Get Client info

sent:

curl -X POST \
  -F 'client_name=Mastodon Map' \
  -F 'redirect_uris=urn:ietf:wg:oauth:2.0:oob' \
  -F 'scopes=read write push' \
  -F 'website=https://mastomap.magnificent.nz' \
  https://mastodon.nzoss.nz/api/v1/apps`

response (json):

{
  "id":"6929",
  "name":"Mastodon Map",
  "website":"https://mastomap.magnificent.nz",
  "redirect_uri":"urn:ietf:wg:oauth:2.0:oob",
  "client_id":"RzTkGQY5MXuvRpMjhG6QuW3NADRjTn14e_JqywgX0IA",
  "client_secret":"Sm6hUzIyvnAjYh6j1vXITJqObqCCwK-es33PAoRuhmI",
  "vapid_key":"BDyHmBqMmcoCZQPQoSBAlRG06AuOMsJ64hQyTLUxoB8gP-uaACHJyAGRBj0JjtMtbl7WuQxRNuHh2fFQqSfmQMs="
}

Step 2 - Get Auth Token

sent:

curl -X POST \
  -F 'client_id=RzTkGQY5MXuvRpMjhG6QuW3NADRjTn14e_JqywgX0IA' \
  -F 'client_secret=Sm6hUzIyvnAjYh6j1vXITJqObqCCwK-es33PAoRuhmI' \
  -F 'redirect_uri=urn:ietf:wg:oauth:2.0:oob' \
  -F 'grant_type=client_credentials' \
  https://mastodon.nzoss.nz/oauth/token

response (json):

{
  "access_token":"l3rutZOWZ_LTkku-kjdeZ6F2tv7mucBid5AIgpLEjbg",
  "token_type":"Bearer",
  "scope":"read",
  "created_at":1702891488
}

Step 3 - Verify Auth Token

sent:

curl \
  -H 'Authorization: Bearer l3rutZOWZ_LTkku-kjdeZ6F2tv7mucBid5AIgpLEjbg' \
  https://mastodon.nzoss.nz/api/v1/apps/verify_credentials

response (json):

{
  "name":"Mastodon Map",
  "website":"https://mastomap.magnificent.nz",
  "vapid_key":"BDyHmBqMmcoCZQPQoSBAlRG06AuOMsJ64hQyTLUxoB8gP-uaACHJyAGRBj0JjtMtbl7WuQxRNuHh2fFQqSfmQMs="
}

Step 4 - actual request (for user 1, i.e. lightweight):

sent:

curl \
  -H 'Authorization: Bearer l3rutZOWZ_LTkku-kjdeZ6F2tv7mucBid5AIgpLEjbg' \
  https://mastodon.nzoss.nz/api/v1/accounts/1/followers?limit=6 | jq > MastoFollowers.json

and see MastoFollowers.json for the first 6 results (see limit=6 above).