Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Attempted fix for #483 - Use Activitypub FQN as email during sign up. #490

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

chizutan5
Copy link

@chizutan5 chizutan5 commented Dec 21, 2022

I have attempted to use the strategies from the discord oauth (which has email handing) for mastodon, to provide the oauth client a usable email in the form of the user fqn (user@instance.tld) which should allow gitea to create user accounts through oauth, please correct if needed, but I think this might work.

Linked to issues #483 and go-gitea/gitea#21710

@chizutan5 chizutan5 changed the title Attempted fix for #483 Attempted fix for #483 - Use Activitypub FQN as email during sign up. Dec 21, 2022
@chizutan5
Copy link
Author

@techknowlogick Are you able to take a look at this and advise if something is wrong?

@techknowlogick
Copy link
Collaborator

Thanks for this PR @chizutan5, I'm unsure about merging this PR as some systems expect that when being passed something via the email field that it is indeed the users field. This may lock out users from their account as they wouldn't have access to an email that doesn't exist. Is there a different way to get the email from mastodon, perhaps by passing an additional scope?

@chizutan5
Copy link
Author

Thanks for this PR @chizutan5, I'm unsure about merging this PR as some systems expect that when being passed something via the email field that it is indeed the users field. This may lock out users from their account as they wouldn't have access to an email that doesn't exist. Is there a different way to get the email from mastodon, perhaps by passing an additional scope?

Hi,
Mastodon, Pleroma and possibly Misskey don't actually provide emails at all from what I can find, and there isn't any alternative scopes I know of that support giving it out, this is the only thing that provides an email-like ID which can be used.
Maybe it can be passed on, specifically as "FQN", but this isn't compatible and for any software that needs an email but hasn't had any changes to support this fqn tag.
I would argue that oauth generally negates the need to worry about users being locked out, as if they are, then they usually need to deal with the oauth provider who does have some kind of external contact method.

Maybe it can be possible to send some additional data that can then be interperated by compatible implementations, that tell them "hey, this is an activitypub id" so that it can be handled in some way but still allow legacy implementations to take it into the email field? This was originally a PR to fix a gitea issue where it wasn't possible to create an account through the mastodon oauth, is it better fixed over there by creating an FQN field that satisfies the requirements for needing an email on the account? (Then this PR can just be changed to feed through the FQN instead of claim that it is an email)

It's definitely off topic discussion but I have thought about how gitea could act as an activitypub server and send out activitypub direct messages to activitypub ids instead of emails so that that sort of fix actually works as it might be expected, maybe this oauth implementation is better suited for directly implementing into gitea instead of changing anything here?

I appreciate your feedback, since this could be a breaking change for some software, but I don't have context for what actually uses goth other than gitea.

Thank you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants