Has anyone here build a Mastodon social connection?
As far as I can see, the flow would have to be:
Auth0 → My Site → User enters their Mastodon URl → My site creates an app via the API with Read Only scope → Get the OAuth tokens → Send user to authorise the app → Pass that token back to Auth0.
Does that sound right?
We don’t offer Mastodon connection ourselves but I added some tags to your question for better searchability so that maybe someone from community implemented that themselves and will be able to share!
Are you trying to authenticate with a single mastodon server, or allow the user to input a server on the fly and authenticate with any mastodon server?
You should be able to set up a single server as a custom social connection (at least it looks like it if I’m reading their docs correctly).
If you want to federate with all mastodon servers, I think you would currently need a custom social connection for each server, which would be a more complex (and expensive) solution.
Let me know.
It’s fairly simple to set one up for any server. The Mastdon API call is documented at apps API methods - Mastodon documentation
You just POST your app’s name and a redirect URI.
It responds with your client ID and secret.
From there you do the normal OAuth dance.
So, if this were a supported Auth0 product, I’d expect to see:
- Sign in with Twitter
- Sign in with Mastodon
- Sign in with Facebook
Click on Mastodon should show a prompt saying
What’s your Mastodon server? __________
And, from there, Auth0 can create an app on the fly and proceed in the same way as signing in with Twitter.
Does that make sense?
Thanks for the added info. Yes, that makes sense, but isn’t currently possible with the existing custom social connection implementation. You would need a different authorize and token URL for each server, right?
Would it not be possible to infer the server from a full Mastodon ID? I am @email@example.com and that gives both my server and the ID there.
This way no UI change to the Auth0 form would be needed, just some backend logic.
Or am I being thick?
The limitation is in how custom social connections work, it’s not something that is currently possible.