Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mastodon as a identity source #4193

Open
vitunvuohi opened this issue Dec 9, 2022 · 4 comments · May be fixed by #13607
Open

Mastodon as a identity source #4193

vitunvuohi opened this issue Dec 9, 2022 · 4 comments · May be fixed by #13607
Labels
enhancement New feature or request

Comments

@vitunvuohi
Copy link

vitunvuohi commented Dec 9, 2022
edited
Loading

Is your feature request related to a problem? Please describe.
It would be fantastic to hook authentik up to a particular mastodon instance to allow for oauth signin. This might also work for other fediverse social platforms like Pleroma.

Describe the solution you'd like
Add mastodon as a potential source for federation and social login. I think the code would be something roughly like the attached (but I am not familiar enough to test it, so I don't have a specific PR)

Describe alternatives you've considered
I have tried setting it up as an oidc connection to test, but that is not quite ideal as mastodon only supports oauth2 and not full oidc. Things like username don't automatically populate. I thought about making my own build for authentik but I don't think I know enough to do that yet 😞 .

Additional context
Here is roughly what I think might work for Mastodon? Then an admin could simply paste the URLs of their instance, after creating a new developer application to get the client key and id:
https://[instance]/oauth/authorize
https://[instance]/oauth/token
https://[instance]/api/v1/accounts/verify_credentials for profile

class MastodonClient(OAuth2Client):
    """Mastodon OAuth2 Client"""

    def get_access_token(self, **request_kwargs):
        "Fetch access token from callback request."
        auth = HTTPBasicAuth(self.source.consumer_key, self.source.consumer_secret)
        return super().get_access_token(auth=auth)

class MastodonOAuthRedirect(OAuthRedirect):
    """Mastodon OAuth2 Redirect"""

    def get_additional_parameters(self, source: OAuthSource):  # pragma: no cover
        return {
            "scope": ["read"]
        }


class MastodonOAuth2Callback(OAuthCallback):
    """Mastodon OAuth2 Callback"""

    client_class = MastodonClient
    
    def get_user_id(self, info: dict[str, str]) -> str:
        return info.get("username", "")

    def get_user_enroll_context(
        self,
        info: dict[str, Any],
    ) -> dict[str, Any]:
        return {
            "username": info.get("username"),
            "name": info.get("display_name")
        }


@registry.register()
class MastodonType(SourceType):
    """Mastodon Type definition"""

    callback_view = MastodonOAuth2Callback
    redirect_view = MastodonOAuthRedirect
    name = "Mastodon"
    slug = "Mastodon"

    urls_customizable = True
@vitunvuohi vitunvuohi added the enhancement New feature or request label Dec 9, 2022
@BeryJu
Copy link
Member

BeryJu commented Mar 17, 2023

Hey @vitunvuohi that code already looks basically correct, feel free to PR it even if it's not 100% tested

Also (not having really looked into it) I assume there are public Mastodon instances to test this against?

@vitunvuohi
Copy link
Author

Cool! I'll put a PR together. There are a lot of public mastodon instances so it should be pretty easy to test.

@BeryJu
Copy link
Member

BeryJu commented Apr 18, 2024

@vitunvuohi are you still interested in creating a PR for this?

@vitunvuohi vitunvuohi linked a pull request Mar 20, 2025 that will close this issue
Draft
6 tasks
@vitunvuohi
Copy link
Author

Hi @BeryJu , I am back very late to say that I did make a PR here #13607. Better late than never? 😓 . I am happy to offer meemu.org as an instance for testing, but joinmastodon.org has a lot of instances.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

sources/oauth: add mastodon vitunvuohi/authentik
2 participants
@BeryJu @vitunvuohi