Implement OAuth Login Flow
Add ability to authorize to any Pleroma instance. Login form should accept fully qualified username: user@host
and then send all API calls to https://host/api/*
Detailed docs on the process could be found on mastodon docs.
The OAuth API endpoint is available at https://host/oauth/*
e.g., /oauth/authorize
, /oauth/token
, /oauth/revoke
You can see the API code here
https://git.pleroma.social/pleroma/pleroma/tree/develop/lib/pleroma/web/oauth
The routes in the backend code connecting to this source is defined here
https://git.pleroma.social/pleroma/pleroma/blob/develop/lib/pleroma/web/router.ex
You will find that file very helpful in the future.
Only admins should be allowed to login or most features won't work. The public Mastodon API endpoint can be called to find this information:
e.g., https://bikeshed.party/api/v1/accounts/feld
{
"username": "feld",
"url": "https://bikeshed.party/users/feld",
"statuses_count": 7970,
"source": {
"sensitive": false,
"privacy": "private",
"note": ""
},
"pleroma": {
"tags": [],
"relationship": {},
"is_moderator": true,
"is_admin": true,
"confirmation_pending": false
},
"note": "At some point in the past my bio was wiped out and it makes me sad.<br /><br />Admin of bikeshed.party, FreeBSD developer and member of ports-secteam and portmgr. My thoughts are my own, unless they're not. 🧐",
"locked": false,
"id": "1",
"header_static": "https://bikeshed.party/media/338de754-aa13-48c0-b183-c508ac4ebb5f/6969e8437542ace2afc999b42e864e2b5c4818388962ed673c732bf3da4a2a59.png",
"header": "https://bikeshed.party/media/338de754-aa13-48c0-b183-c508ac4ebb5f/6969e8437542ace2afc999b42e864e2b5c4818388962ed673c732bf3da4a2a59.png",
"following_count": 552,
"followers_count": 741,
"fields": [],
"emojis": [],
"display_name": "feld",
"created_at": "2017-11-27T20:17:17.000Z",
"bot": false,
"avatar_static": "https://bikeshed.party/media/aa1fa94df18b55705a2445f3b041153c154c7e5a7db14f10e830771fc025bed5.png?name=ceUmGQdtXZ-3JQ.png",
"avatar": "https://bikeshed.party/media/aa1fa94df18b55705a2445f3b041153c154c7e5a7db14f10e830771fc025bed5.png?name=ceUmGQdtXZ-3JQ.png",
"acct": "feld"
}
A Pleroma extension to the Mastodon API is visible here and shows if the user is an admin or not.