OmniAuth strategy for Mastodon
Go to file
dependabot[bot] 6b6b1cad4d
Update omniauth requirement from ~> 1.0 to >= 1, < 3
Updates the requirements on [omniauth](https://github.com/omniauth/omniauth) to permit the latest version.
- [Release notes](https://github.com/omniauth/omniauth/releases)
- [Commits](https://github.com/omniauth/omniauth/compare/v1.8.1...v2.1.0)

---
updated-dependencies:
- dependency-name: omniauth
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-31 18:57:28 +00:00
.github/workflows Update gempush.yml 2020-01-12 15:34:33 +01:00
lib Add i18n locale (#6) 2018-10-30 15:40:38 +01:00
.gitignore Working commit 2016-10-22 14:54:20 +02:00
Gemfile Initial commit 2016-10-22 01:45:58 +02:00
Gemfile.lock Update omniauth requirement from ~> 1.0 to >= 1, < 3 2022-08-31 18:57:28 +00:00
README.md Adding default scopes 2016-10-23 12:38:42 +02:00
omniauth-mastodon.gemspec Update omniauth requirement from ~> 1.0 to >= 1, < 3 2022-08-31 18:57:28 +00:00

README.md

OmniAuth::Mastodon

Gem Version

Authentication strategy for federated Mastodon instances. This is just slightly more complicated than a traditional OAuth2 flow: We do not know the URL of the OAuth end-points in advance, nor can we be sure that we already have client credentials for that Mastodon instance.

Installation

gem 'mastodon-api', require: 'mastodon'
gem 'omniauth-mastodon'
gem 'omniauth'

Configuration

Example:

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :mastodon, scope: 'read write follow', credentials: lambda { |domain, callback_url|
    Rails.logger.info "Requested credentials for #{domain} with callback URL #{callback_url}"

    existing = MastodonClient.find_by(domain: domain)
    return [existing.client_id, existing.client_secret] unless existing.nil?

    client = Mastodon::REST::Client.new(base_url: "https://#{domain}")
    app = client.create_app('OmniAuth Test Harness', callback_url)

    MastodonClient.create!(domain: domain, client_id: app.client_id, client_secret: app.client_secret)

    [app.client_id, app.client_secret]
  }
end

The only configuration key you need to set is a lambda for :credentials. That lambda will be called whenever we need to get client credentials for OAuth2 requests. The example above uses an ActiveRecord model to store client credentials for different Mastodon domains, and uses the mastodon-api gem to fetch them dynamically if they're not stored yet.