OmniAuth strategy for Mastodon
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Go to file
Eugen Rochko 1e9408a7ee
Update gempush.yml
4 years ago
.github/workflows Update gempush.yml 4 years ago
lib Add i18n locale (#6) 5 years ago
.gitignore Working commit 7 years ago
Gemfile Initial commit 7 years ago
Gemfile.lock Bump rack from 2.0.5 to 2.0.8 (#8) 4 years ago Adding default scopes 7 years ago
omniauth-mastodon.gemspec Add i18n locale (#6) 5 years ago


Gem Version

Authentication strategy for federated Mastodon instances. This is just slightly more complicated than a traditional OAuth2 flow: We do not know the URL of the OAuth end-points in advance, nor can we be sure that we already have client credentials for that Mastodon instance.


gem 'mastodon-api', require: 'mastodon'
gem 'omniauth-mastodon'
gem 'omniauth'



Rails.application.config.middleware.use OmniAuth::Builder do
  provider :mastodon, scope: 'read write follow', credentials: lambda { |domain, callback_url| "Requested credentials for #{domain} with callback URL #{callback_url}"

    existing = MastodonClient.find_by(domain: domain)
    return [existing.client_id, existing.client_secret] unless existing.nil?

    client = "https://#{domain}")
    app = client.create_app('OmniAuth Test Harness', callback_url)

    MastodonClient.create!(domain: domain, client_id: app.client_id, client_secret: app.client_secret)

    [app.client_id, app.client_secret]

The only configuration key you need to set is a lambda for :credentials. That lambda will be called whenever we need to get client credentials for OAuth2 requests. The example above uses an ActiveRecord model to store client credentials for different Mastodon domains, and uses the mastodon-api gem to fetch them dynamically if they're not stored yet.