#Tag · bonfire.cafe

I've created a little #Mastodon 🐘 toot edit history viewer that lets you explore the history of a toot, edit by edit through the #MastodonAPI. Here's an example: https://tomayac.github.io/mastodon-edit-history/#https://mastodon.social/@firefoxwebdevs/116002119945073671. Source code: https://github.com/tomayac/mastodon-edit-history.

GitHub

GitHub - tomayac/mastodon-edit-history: A tool that shows the edit history of toots on Mastodon

A tool that shows the edit history of toots on Mastodon - tomayac/mastodon-edit-history

MastoDiff - Deep Linkable History

Thomas Steiner :chrome:

@tomayac@toot.cafe · 3 days ago

GitHub

GitHub - tomayac/mastodon-edit-history: A tool that shows the edit history of toots on Mastodon

A tool that shows the edit history of toots on Mastodon - tomayac/mastodon-edit-history

MastoDiff - Deep Linkable History

fedicat and 1 other boosted

Todd Sundsted

@toddsundsted@epiktistes.com · 3 months ago

Okay, my analysis is complete! Here are the core changes to Ktistec required for Mastodon API compatibility:

PKCE (Proof Key for Code Exchange) must be optional: Because Mastodon makes PKCE optional, clients don't support it, which means other servers can't require it. PKCE (and the code_challenge parameter) ensures that an authorization code can only be exchanged by the client that initiated the OAuth request.
Support for the client_credentials grant type: The client_credentials grant type is used to grant a client app-level access without requiring user authentication. Mastodon requires this for some of its "public" API endpoints. This necessitates a change to the database schema to allow a null account id in the client secrets table.
Addition of a created_at timestamp property: Mastodon requires a non-standard created_at property in the body of the /oauth/token endpoint response instead of (in addition to) the standard expires_in property.
Support for both form-encoded and JSON request bodies: This isn't a Mastodon requirement per se but popular clients clearly demand some latitude in what they send.
WebFinger must accept requests with no resource parameter: This is honestly a bug on my part.
Mastodon-compatible endpoints: A boatload of them. Clients expect many endpoints and don't gracefully degrade if they're not present. Really I should just implement features like pinned posts and bookmarks...

The only thing here that gives me heartburn is that PKCE is not required.

#ktistec #mastodonapi #oauth

GitHub

GitHub - toddsundsted/ktistec: Single user ActivityPub (https://www.w3.org/TR/activitypub/) server.

Single user ActivityPub (https://www.w3.org/TR/activitypub/) server. - toddsundsted/ktistec

Todd Sundsted

@toddsundsted@epiktistes.com · 3 months ago

Okay, my analysis is complete! Here are the core changes to Ktistec required for Mastodon API compatibility:

PKCE (Proof Key for Code Exchange) must be optional: Because Mastodon makes PKCE optional, clients don't support it, which means other servers can't require it. PKCE (and the code_challenge parameter) ensures that an authorization code can only be exchanged by the client that initiated the OAuth request.
Support for the client_credentials grant type: The client_credentials grant type is used to grant a client app-level access without requiring user authentication. Mastodon requires this for some of its "public" API endpoints. This necessitates a change to the database schema to allow a null account id in the client secrets table.
Addition of a created_at timestamp property: Mastodon requires a non-standard created_at property in the body of the /oauth/token endpoint response instead of (in addition to) the standard expires_in property.
Support for both form-encoded and JSON request bodies: This isn't a Mastodon requirement per se but popular clients clearly demand some latitude in what they send.
WebFinger must accept requests with no resource parameter: This is honestly a bug on my part.
Mastodon-compatible endpoints: A boatload of them. Clients expect many endpoints and don't gracefully degrade if they're not present. Really I should just implement features like pinned posts and bookmarks...

The only thing here that gives me heartburn is that PKCE is not required.

#ktistec #mastodonapi #oauth

GitHub

GitHub - toddsundsted/ktistec: Single user ActivityPub (https://www.w3.org/TR/activitypub/) server.

Single user ActivityPub (https://www.w3.org/TR/activitypub/) server. - toddsundsted/ktistec

Tim Chambers and 3 others boosted

Terence Eden

@Edent@mastodon.social · 4 months ago

🆕 blog! “Getting started with Mastodon's Quote Posts - technical implementation details for servers”

Quoting posts on Mastodon is slightly complex. Because of the privacy conscious nature of the platform and its users, reposting isn't merely a case of sharing a URl.

A user writes a status. The user…

Terence Eden

@Edent@mastodon.social · 4 months ago

🆕 blog! “Getting started with Mastodon's Quote Posts - technical implementation details for servers”

Quoting posts on Mastodon is slightly complex. Because of the privacy conscious nature of the platform and its users, reposting isn't merely a case of sharing a URl.

A user writes a status. The user…

Stéphane Bortzmeyer boosted

Terence Eden

@Edent@mastodon.social · 4 months ago

Another curious #ActivityPub / #MastodonAPI issue.

A Mastodon server is sending me a DELETE message.

The delete is because a user has been deleted.

My server tries to validate the HTTP Signature.

My server looks up the deleted user's main-key.

The user has been deleted so the public key 404s.

My server never acknowledges the delete, so the other server keeps sending me the same request.

So… How do I validate the signature of a deleted user?

Terence Eden

@Edent@mastodon.social · 4 months ago

Another curious #ActivityPub / #MastodonAPI issue.

A Mastodon server is sending me a DELETE message.

The delete is because a user has been deleted.

My server tries to validate the HTTP Signature.

My server looks up the deleted user's main-key.

The user has been deleted so the public key 404s.

My server never acknowledges the delete, so the other server keeps sending me the same request.

So… How do I validate the signature of a deleted user?

🫧 socialcoding.. and 1 other boosted

⚯ Michel de Cryptadamus ⚯

@cryptadamist@universeodon.com · 4 months ago

Ω🪬Ω
#FediAlgo (the customizable timeline algorithm / filtering system for your Mastodon feed) v1.2.2 is deployed now. Has a switch that makes sure any #hashtags / users / etc. that you follow are displayed as filter options even if they don't meet the minimum number of recent toots threshold.

Also a bunch of bug fixes and small improvements.

* Try it here: https://michelcrypt4d4mus.github.io/fedialgo_demo_app_foryoufeed/
* Code: https://github.com/michelcrypt4d4mus/fedialgo_demo_app_foryoufeed
* Video of FediAlgo in action (slightly outdated): https://universeodon.com/@cryptadamist/114395249311910522

#activitypub #algorithm #algorithmicFeed #algorithmicTimeline #Fedi #FediTips #FediTools #Fediverse #Feed #FOSS #GoToSocial #hashtag #hashtags #javascript #MastoAdmin #Mastodon #MastodonApi #mastohelp #mastojs #node #nodejs #opensource #socialmedia #SocialWeb #timeline #TL #typescript #webdev

GitHub

GitHub - michelcrypt4d4mus/fedialgo_demo_app_foryoufeed: Mastodon timeline demo app for FediAlgo, the fully customizable timeline algorithm that will free you from the tyranny of reverse chronological order.

Mastodon timeline demo app for FediAlgo, the fully customizable timeline algorithm that will free you from the tyranny of reverse chronological order. - michelcrypt4d4mus/fedialgo_demo_app_foryoufeed