Home | Notifications | New Note | Local | Federated | Search | Logout

Note Detail

Reply to @silverpill@mitra.social
Phantasm@phnt@fluffytail.org (2026-05-04 17:09:56)
@silverpill It's just more stuff nobody wanted and nobody will implement. Emelia is correct in sticking to RFC, but the issue is that there has to be a really good reason to implement two separate authentication mechanisms and C2S isn't a compelling argument. I'm not annoyed by which OAuth version to choose, or what new scopes to make, or what page long flow chart the flow will required. This shouldn't exist at all.

Stick the OAuth endpoints of your server software into the Actor under "endpoints", talk MastoAPI scopes to them and be done with it. If you are implementing a fedi app, chances are high you are working with MastoAPI already in some way (unless you are doing Misskey), introducing a completely new mechanism for authentication is a recipe for disaster.
---Reply---
Phantasm@phnt@fluffytail.org (2026-05-04 17:36:00)
@silverpill Basically the way I see it is another round of reinventing a perfectly functional wheel once again.

---Replies---

silverpill@silverpill@mitra.social (2026-06-01 17:38:07)
@phnt So Pleroma allows you to use same OAuth token for MastoAPI and AP C2S endpoints?