Mastodon API and WEB_DOMAIN #26848

totaldog · 2023-09-07T23:12:59Z

totaldog
Sep 7, 2023

I'm playing with the Mastodon API to create a web app that visualises a user's Mastodon timeline. This will be something that possibly only I will think is cool, but I still want to make it open to other users if I can.

I've set up a Mastodon instance to test this with. I happened to set it up following this documentation using a LOCAL_DOMAIN like example.com and WEB_DOMAIN like mastodon.example.com to leave space for other stuff on the domain.

I realised this creates a minor problem when the application tries to access a user's Mastodon account using OAuth.

If a user tells my application what they consider to be their server name, example.com, then I don't actually know their instance URL to do the auth.

I (finally) realised that WebFinger may be the answer to this. I could request something like https://example.com/.well-known/webfinger?resource=acct:user@example.com to get their instance URL. I feel like this makes sense, but I don't know enough about it. Is this reliable? Is there something more obvious I could be doing?

If this is the right way to do it, would it be a useful addition to the documentation on obtaining client app access. It sure would've helped me, but is it too niche?

Answered by ryanmio

Sep 15, 2023

You're on the right track, webfinger is a good way to resolve the instance URL for OAuth. This is standard practice in the Fediverse for resolving account details and it should work across Mastodon instances. Should be addded to the docs.

View full answer

ryanmio · 2023-09-15T01:57:15Z

ryanmio
Sep 15, 2023

You're on the right track, webfinger is a good way to resolve the instance URL for OAuth. This is standard practice in the Fediverse for resolving account details and it should work across Mastodon instances. Should be addded to the docs.

4 replies

codeofdusk Sep 24, 2023

My instance has a different WEB_DOMAIN from its LOCAL_DOMAIN. On non-mastodon ActivityPub apps I show up as username@WEB_DOMAIN, which isn't a valid Mastodon user when trying to look me up on other Mastodon instances. Metatext, Mona, and mastodon.py can't authorize me via LOCAL_DOMAIN, only WEB_DOMAIN (and show me as user@WEB_DOMAIN). It feels like this isn't very well supported, or is something amiss with my instance?

ryanmio Sep 24, 2023

Differentiating between WEB_DOMAIN and LOCAL_DOMAIN might cause issues for some apps. Can you normalize usernames to LOCAL_DOMAIN on your end?

codeofdusk Sep 24, 2023

Can you normalize usernames to LOCAL_DOMAIN on your end?

Sorry, what do you mean by this?

ryanmio Sep 25, 2023

I mean that if you have multiple domains, ensure that usernames are consistently mapped to your LOCAL_DOMAIN in your app's logic.

If you're running an app interacting with Mastodon and you encounter issues with usernames from different domains (WEB_DOMAIN and LOCAL_DOMAIN), you should ensure that your app uses one consistent domain (preferably LOCAL_DOMAIN) for all operations like OAuth.

Does that help or am I misinterpreting your question?

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Mastodon API and WEB_DOMAIN #26848

Uh oh!

{{title}}

Uh oh!

Replies: 1 comment 4 replies

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Uh oh!

Mastodon API and WEB_DOMAIN #26848

Uh oh!

totaldog Sep 7, 2023

Replies: 1 comment · 4 replies

Uh oh!

ryanmio Sep 15, 2023

Uh oh!

Uh oh!

codeofdusk Sep 24, 2023

Uh oh!

ryanmio Sep 24, 2023

Uh oh!

codeofdusk Sep 24, 2023

Uh oh!

ryanmio Sep 25, 2023

totaldog
Sep 7, 2023

Replies: 1 comment 4 replies

ryanmio
Sep 15, 2023