Credential Based Authentication #3749
Comments
|
So you are talking about Resource Owner Password Credentials Flow, aren't you? However, this specification says we need not implement it in Misskey because it already provides other ways to authenticate and provide tokens. (Also note that Misskey's authentication method is not Oauth2.) |
|
I hadnt seen that before, but that sounds right. The user provides the app woth their credentials which the app uses in a request to the server which returns the access key. What other ways to authenticate other than the two I mentioned exist in misskey? |
|
"other ways" means "other than Resource Owner Password Credentials Flow." Besides the method you said, apps can use the "/api/app/create" endpoint without authentication, so they can get App Secret without their developer's intervention, therefore they can serve users of all instances automatically. That is like Mastodon. |
|
Currently, Miauth is also available in addition to the above solution. I will close this in favour of #8262. |
Summary
Misskey currently only supports acquisition of accessToken either from the user opening their settings and finding it, or registering an app, generating a link, having user open that link in a browser, having them log in there and accept, then opening the original app with a callback.
Neither of these are ergonomical, especially for client apps. Mastodon (and pleroma) support getting their version of the access key using a username and password combination. By supporting this same functionality it would make it a lot easier to create and use apps/clients for misskey, both for users and developers. Simplifying the workflow as well as making it easier to integrate misskey into existing projects
Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.
The text was updated successfully, but these errors were encountered: