Hmm, looks like the login process in the mastodon.el is complicated AF.
Two possible places to store the credentials: ~/.authinfo.gpg and ~/.emacs.d/mastodon.plstore (both support GPG encryption).
When I make first login the mastodon.el asks me about passphrase then about password 
. Both entered strings should match.
After some experiments I realized that it asks me not about my #Mastodon password but about passphrase to unlock my GPG key (twice 
, then other programs, like Magit or pass frontend doing this only once).
Then, I successfully logged in by entering GPG passphrase twice, entering authorization code from Mastodon instance to authorize mastodon.el and entering the GPG passphrase to store necessary credentials in the /.emacs.d/mastodon.plstore (twice again ).
The official documentation states that mastodon.el will store credentials in the /.authinfo.gpg since 2.0.0, but this is not true . I'm using version 2.0.2 from NonGNU ELPA and it is still saves all credentials to the aforementioned mastodon.plstore. Despite my auth-sources is:
("/.authinfo.gpg" "/.netrc")
After I restart Emacs and enter M-x mastodon, I got:
Decrypting /home/drag0n/.emacs.d/mastodon.plstore...done
Loading home timeline...
Contacting host: mastodon.bsd.cafe:443
Loading fediverse account nil on https://mastodon.bsd.cafe...
error in process filter: mastodon-tl--init*: Looks like the server bugged out: "The access token was revoked"
error in process filter: Looks like the server bugged out: "The access token was revoked"
While I didn't revoked access token, it is still visible in the Mastodon settings, in the list of my authorized applications.
And both mastodon-instance-url and mastodon-active-user have valid values, pointing to the my actual account.
0/10 will not recommend