Support for Fediverse login

[aswathrao]

Should indielogin include Fediverse credentials, like it supports Github (& how Twitter used to work) credentials? I am not sure whether it has already been considered. Thanks.

[aaronpk]

Ideally any Fediverse software would support IndieAuth so that it works with indielogin.com and others directly.

[aswathrao]

I am afraid I didn't clearly describe what I am looking for. I would like to add my id from a Fediverse service to my web address and indieauth.com will use that to authenticate me at a third site. Please see the attached screenshot for the error message.

[aaronpk]

hmm, that's tricky. I don't know a good way to do that regardless of whether it's IndieAuth or Mastodon's specific API. I think we'd need some other rel attribute to indicate that a site might be an IndieAuth provider.

[aswathrao]

Thanks. Probably ping you on a scheme that I am thinking of after I ensure it is a meaningful one.

[Jak2k]

What about trying to call the Mastodon-API route for registering an app? If it's not successful, it's not Mastodon. Otherwise everything that's needed for OAuth is already there. As a bonus, you could keep the result of the check (& the client-id/-secret) in a cache/db.

The API should be quite straightforward to use: https://shkspr.mobi/blog/2024/12/creating-a-generic-log-in-with-mastodon-service/

[aaronpk]

The problem is knowing what type of provider an arbitrary URL is. I'm not going to go hit /api/v1/apps for every hostname that shows up as a rel=me link just to check whether it's Mastodon. Plus, Mastodon is (at least in theory) in the process of fixing their OAuth API to not require dynamic client registration, so I don't want to write any new code specific to Mastodon right now anyway.