Fix sign-in and sign-out with Toot!

I’m beta testing a fediverse client for iOS called Toot!. These seem to be the changes necessary for allowing Toot to sign into (and out of) pleroma instances.

• In the OAuth token exchange response, Mastodon provides (and Toot expects) a created_at property containing the current unix timestamp.

• In the account view (which Toot checks after sign-in), the sensitive source should have a boolean value (instead of a string).

• For signing out, Mastodon provides (and Toot expects) an /oauth/revoke POST endpoint that it provides the client id and secret and the OAuth token to revoke. Mastodon returns a 200 OK response with an empty JSON object as the body, so I did the same. Note that the endpoint doesn’t actually invalidate the token yet (hence the WIP), since I wasn’t sure how to do that. (Delete the row? Set valid_until to the current timestamp?)

I’ll appreciate any kind of feedback.

TODO:

• Fix the tests.
• The codebase uses both DateTime and NaiveDateTime. I’ll read up on the differences, can you offer any guidelines on when to use which?
• The revoke route should actually revoke tokens. I’m fine with it not being present (and can split the PR if it’s complicated or contentious), but having that route without actually revoking tokens seems like it might cause security headaches down the line.