Show threadJupiter RowlandMar 8
@silverpill @Connected Places The problem with the Mastodon client API is still that it's a Mastodon API. As in, geared towards only one Fediverse server application. In fact, as in, geared towards a very lack-lustre server application that lacks features which have been present in many other places in the Fediverse for years.

This means that you can use a whole lot of microblogging server applications with Mastodon clients. You can even use Friendica with some Mastodon clients. But then you're limited to the features which Mastodon has as well because the Mastodon client API doesn't support any features that Mastodon doesn't have. Why should it, after all?

At the end of the day, the Mastodon client API is designed and maintained by the Mastodon developers. It's them who decide what it can do and what it can't do. For one, they won't waste their time adding features to it that Mastodon itself doesn't have. Besides, if they did, they'd support Mastodon's direct competition and strengthen their advantages over Mastodon when they could throw rocks into their paths instead like they've always done.

This, by the way, is also one reason why both the developers of Hubzilla and the developer of (streams) and Forte refuse to implement the Mastodon client API. It simply wouldn't cover at least 90% of the features of these server applications, including features which you'll need all the time, everyday. That, and they don't want their software to end up at the mercy of Mastodon's developers and Mastodon's product politics by making it depend on Mastodon's technology. They'd rather have no native mobile app at all (and currently they do).

#Long #LongPost #CWLong #CWLongPost #FediMeta #FediverseMeta #CWFediMeta #CWFediverseMeta #Mastodon #Hubzilla #Streams #(streams) #Forte #MastodonAPI #MastodonClientAPI
Netzgemeinde/Hubzilla

Terence Eden’s BlogMar 2

Adding "Log In With Mastodon" to Auth0

https://shkspr.mobi/blog/2026/03/adding-log-in-with-mastodon-to-auth0/

I use Auth0 to provide social logins for the OpenBenches website. I don't want to deal with creating user accounts, managing passwords, or anything like that, so Auth0 is perfect for my needs.

There are a wide range of social media logins provided by Auth0 - including the usual suspects like Facebook, Twitter, WordPress, Discord, etc. Sadly, there's no support for Mastodon0.

All is not lost though. The Auth0 documentation says:

However, you can use Auth0’s Connections API to add any OAuth2 Authorization Server as an identity provider.

You can manually add a single Mastodon instance, but that doesn't work with the decentralised nature of the Fediverse. Instead, I've come up with a manual solution which works with any Mastodon server!

Background

Every Mastodon1 server is independent. I have an account on mastodon.social you have an account on whatever.chaos. They are separate servers, albeit running similar software. A generic authenticator needs to work with all these servers. There's no point only allowing log ins from a single server.

Fortuitously, Mastodon allows app developers to automatically create new apps. A few simple lines of code and you will have an API key suitable for read-only access to that server. You can read how to instantly create Mastodon API keys or you can steal my PHP code.

User Experience

The user clicks the sign-in button on OpenBenches. They're taken to the Auth0 social login screen:

The user clicks on Mastodon. This is where Auth0's involvement ends!

The user is asked to provide the URl of their instance:

In the background, my server contacts the Mastodon instance and creates a read-only API key.

The user is asked to sign in to Mastodon.

The user is asked to authorise read-only access.

The user is now signed in and OpenBenches can retrieve their name, avatar image, and other useful information. Hurrah!

Auth0

Once you have created a service to generate API keys, it will need to run on a publicly accessible web server. For example https://example.com/mastodon_login.

Here's what you need to do within your Auth0 tennant:

  • Authentication → Social → Create Connection
  • At the bottom, choose "Create Custom".
  • Choose "Authentication" only.
  • Give your connection a name. This will be visible to users.
  • "Authorization URL" and "Token URL" have the same value - the URl of your service.
  • "Client ID" is only visible to you.
  • "Client Secret" any random password; it won't be used for anything.
  • Leave everything else in the default state.

It should look something like this:

Click the "Create" button and you're (almost) done.

Auth0 Icon

You will need to add a custom icon to the social integration. Annoyingly, there's no way to do it through the web interface, so follow that guide to use the command line.

Done!

I'll admit, this isn't the most straightforward thing to implement. Auth0 could make this easier - but it would still rely on users knowing the URl of their home instance.

That said, the Mastodon API is a delight to work with and the read-only permissions reduce risk for all parties.

  • Auth0 did blog about Mastodon a few years ago but never bothered implementing it! ↩︎

  • I do mean Mastodon; not the wider Fediverse. This only works with sites which have implemented Mastodon's APIs. ↩︎

    • #Auth0 #HowTo #mastodon #MastodonAPI #SocialMedia
    Adding "Log In With Mastodon" to Auth0

    I use Auth0 to provide social logins for the OpenBenches website. I don't want to deal with creating user accounts, managing passwords, or anything like that, so Auth0 is perfect for my needs. There are a wide range of social media logins provided by Auth0 - including the usual suspects like Facebook, Twitter, WordPress, Discord, etc. Sadly, there's no support for Mastodon. All is not lost…

    Terence Eden’s Blog
    Terence EdenMar 2

    🆕 blog! “Adding "Log In With Mastodon" to Auth0”

    I use Auth0 to provide social logins for the OpenBenches website. I don't want to deal with creating user accounts, managing passwords, or anything like that, so Auth0 is perfect for my needs.

    There are a wide range of social media logins provided by Auth0 - including the usual suspects like…

    👀 Read more: https://shkspr.mobi/blog/2026/03/adding-log-in-with-mastodon-to-auth0/

    #Auth0 #HowTo #mastodon #MastodonAPI #SocialMedia

    Adding "Log In With Mastodon" to Auth0

    I use Auth0 to provide social logins for the OpenBenches website. I don't want to deal with creating user accounts, managing passwords, or anything like that, so Auth0 is perfect for my needs. There are a wide range of social media logins provided by Auth0 - including the usual suspects like Facebook, Twitter, WordPress, Discord, etc. Sadly, there's no support for Mastodon. All is not lost…

    Terence Eden’s Blog
    Thomas Steiner Feb 4
    I've created a little #Mastodon 🐘 toot edit history viewer that lets you explore the history of a toot, edit by edit, through the #MastodonAPI. Here's an example: https://tomayac.github.io/mastodon-edit-history/#https://mastodon.social/@firefoxwebdevs/116002119945073671. Source code: https://github.com/tomayac/mastodon-edit-history.
    MastoDiff - Deep Linkable History

    QWeb LtdJan 17

    Wondering how easy Mastodon's API is? 😁

    https://www.qweb.co.uk/blog/the-mastodon-api

    #mastodon #mastodev #mastodonapi

    The Mastodon API | QWeb Ltd Web & Game Design, Leeds

    Richard Orilla Dec 18

    I finally did it!

    I've been linking my blog posts here recently to get more readers, but mostly because I wanted to integrate Mastodon directly into my site as my comment engine.

    The system is now live. Replies to this post will appear on my blog!

    #webdev #indieweb #blogging #mastodonapi

    Todd SundstedNov 11

    Okay, my analysis is complete! Here are the core changes to Ktistec required for Mastodon API compatibility:

    • PKCE (Proof Key for Code Exchange) must be optional: Because Mastodon makes PKCE optional, clients don't support it, which means other servers can't require it. PKCE (and the code_challenge parameter) ensures that an authorization code can only be exchanged by the client that initiated the OAuth request.
    • Support for the client_credentials grant type: The client_credentials grant type is used to grant a client app-level access without requiring user authentication. Mastodon requires this for some of its "public" API endpoints. This necessitates a change to the database schema to allow a null account id in the client secrets table.
    • Addition of a created_at timestamp property: Mastodon requires a non-standard created_at property in the body of the /oauth/token endpoint response instead of (in addition to) the standard expires_in property.
    • Support for both form-encoded and JSON request bodies: This isn't a Mastodon requirement per se but popular clients clearly demand some latitude in what they send.
    • WebFinger must accept requests with no resource parameter: This is honestly a bug on my part.
    • Mastodon-compatible endpoints: A boatload of them. Clients expect many endpoints and don't gracefully degrade if they're not present. Really I should just implement features like pinned posts and bookmarks...

    The only thing here that gives me heartburn is that PKCE is not required.

    #ktistec #mastodonapi #oauth

    Comparing f64f24d1...df77bdab · toddsundsted/ktistec

    ActivityPub (https://www.w3.org/TR/activitypub/) server for individual users and small groups. - Comparing f64f24d1...df77bdab · toddsundsted/ktistec

    GitHub
    ⚯ Michel de Cryptadamus ⚯Nov 6

    thanks to @paige for the very flattering and in depth video about the #FediAlgo project and the larger case for having demonic "algorithms" in the #Fediverse.

    https://video.fedihost.co/w/a1522517-704e-44a3-aa0e-5c4e7d49e7d1

    #activitypub #algorithm #algorithmicFeed #algorithmicTimeline #Fedi #FediTips #FediTools #Fediverse #Feed #FOSS #GoToSocial #hashtag #hashtags #javascript #MastoAdmin #Mastodon #MastodonApi #mastohelp #mastojs #node #nodejs #opensource #socialmedia #SocialWeb #timeline #TL #typescript #webdev

    We Have An Algorithm Problem

    PeerTube
    ⚯ Michel de Cryptadamus ⚯Nov 5

    Ω🪬Ω
    Just released version 1.2.32 of #FediAlgo, the customizable timeline algorithm / filtering system for your Mastodon feed. Very minor changes that improve a couple of things in a small way.

    https://universeodon.com/@cryptadamist/115255251993344917

    #activitypub #algorithm #algorithmicFeed #algorithmicTimeline #Fedi #FediTips #FediTools #Fediverse #Feed #FOSS #GoToSocial #hashtag #hashtags #javascript #MastoAdmin #Mastodon #MastodonApi #mastohelp #mastojs #node #nodejs #opensource #socialmedia #SocialWeb #timeline #TL #typescript #webdev

    ⚯ Michel de Cryptadamus ⚯ (@[email protected])

    Attached: 1 image Ω🪬Ω #FediAlgo (the customizable timeline algorithm / filtering system for your Mastodon feed) v1.2.2 is deployed now. Has a switch that makes sure any #hashtags / users / etc. that you follow are displayed as filter options even if they don't meet the minimum number of recent toots threshold. Also a bunch of bug fixes and small improvements. * Try it here: https://michelcrypt4d4mus.github.io/fedialgo_demo_app_foryoufeed/ * Code: https://github.com/michelcrypt4d4mus/fedialgo_demo_app_foryoufeed * Video of FediAlgo in action (slightly outdated): https://universeodon.com/@cryptadamist/114395249311910522 #activitypub #algorithm #algorithmicFeed #algorithmicTimeline #Fedi #FediTips #FediTools #Fediverse #Feed #FOSS #GoToSocial #hashtag #hashtags #javascript #MastoAdmin #Mastodon #MastodonApi #mastohelp #mastojs #node #nodejs #opensource #socialmedia #SocialWeb #timeline #TL #typescript #webdev

    Universeodon Social Media
    AELA_0593Oct 31
    ¡Hola, mundo! 🐘 Estoy publicando esto usando un script de Python y la API de Mastodon. #Python #MastodonAPI