documentation icon indicating copy to clipboard operation
documentation copied to clipboard
verified publisher icon mastodon

Document new OAuth changes for 4.3.0

Open ThisIsMissEm opened this issue 1 year ago • 8 comments

  • [x] Add /.well-known/oauth-authorization-server documentation, per https://github.com/mastodon/mastodon/pull/29191
  • [x] Document deprecation of redirect_uri on Application and addition of redirect_uris
  • [x] Document added support for mutliple redirect URIs for OAuth Applications, per https://github.com/mastodon/mastodon/pull/29192
  • [x] Add warning hints around client_id, client_secret, access_token and code values that they should be treated as if they are password, and stored securely.
  • [x] Document removal of required read scope for GET /api/v1/apps/verify_credentials (this now just requires a valid access token), per https://github.com/mastodon/mastodon/pull/27142
  • [x] Reworked OAuth Scopes page to be clearer.
  • [x] Document client_secret_expires_at on Application, per https://github.com/mastodon/mastodon/pull/30317/
  • [x] Document the fact that on 4.2.x Applications could be deleted at any time and result in broken authentication flows, fixed by https://github.com/mastodon/mastodon/pull/30316
  • [x] Document Application vs CredentialApplication split, per https://github.com/mastodon/mastodon/pull/29192
  • [x] Document new profile scope, per https://github.com/mastodon/mastodon/pull/30357 & https://github.com/mastodon/mastodon/pull/29087
  • [ ] Document PKCE Extension, and why using PKCE is recommended for all applications, per: https://github.com/mastodon/mastodon/pull/31129
  • [ ] Document Removal of OAuth Resource Owner Password Grant Flow, per: https://github.com/mastodon/mastodon/pull/30960

This branch is based on #1444

ThisIsMissEm avatar May 15 '24 18:05 ThisIsMissEm

I have noticed that there is some churn here due to my editor using Prettier for markdown documents. We may want to consider adopting prettier for this repository.

ThisIsMissEm avatar May 15 '24 18:05 ThisIsMissEm

This pull request has merge conflicts that must be resolved before it can be merged.

github-actions[bot] avatar Jun 11 '24 11:06 github-actions[bot]

Have address majority of the code review comments and left replies where I disagree with said comments or need more information.

ThisIsMissEm avatar Jun 19 '24 19:06 ThisIsMissEm

This pull request has resolved merge conflicts and is ready for review.

github-actions[bot] avatar Jun 19 '24 20:06 github-actions[bot]

This pull request has merge conflicts that must be resolved before it can be merged.

github-actions[bot] avatar Aug 22 '24 12:08 github-actions[bot]

This pull request has resolved merge conflicts and is ready for review.

github-actions[bot] avatar Aug 23 '24 13:08 github-actions[bot]

Do we need anything here before merging it, as the 4.3 beta has been released?

renchap avatar Aug 26 '24 08:08 renchap

Do we need anything here before merging it, as the 4.3 beta has been released?

@renchap I can follow up with a new PR for the last two items

ThisIsMissEm avatar Aug 26 '24 10:08 ThisIsMissEm

@renchap have rebased this and finished the two remaining tasks.

ThisIsMissEm avatar Oct 01 '24 20:10 ThisIsMissEm

I took the liberty to commit my two small adjustments, so that we can finally merge.

Feel free to open up a follow-up PR if you disagree with my changes. And thanks for all the hard work on this!

oneiros avatar Oct 10 '24 12:10 oneiros

@oneiros those changes looked good, I think in the future reworking all this documentation to be more like AT Protocol's OAuth documentation might be a good idea. I think the current tutorial-based documentation leaves a lot to be desired.

ThisIsMissEm avatar Oct 10 '24 16:10 ThisIsMissEm