feat: Improve instance API and OAuth client compatibility#296
Merged
Conversation
- Add configuration.accounts.max_featured_tags to v1 instance API - Add thumbnail field with Hollo logo URL to both v1 and v2 APIs - Add icon array to v2 instance API - Implement actual stats (user_count, status_count, domain_count) from database - Update max_featured_tags and max_pinned_statuses values in v2 API - Clarify TODO comments for configurable values and future features This fixes compatibility issues with clients like DAWN for Mastodon that expect these fields to be present in the instance API response. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
Some clients like tooot send credentials via both Basic auth header and POST body simultaneously. This change allows such requests if all credentials have the same client_id and client_secret, improving compatibility with these clients. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
Contributor
This behavior was actually correct per the OAuth specification. You should not be using both.
|
Contributor
|
That is to say that Tooot needs to fix this, they'd also start breaking against future mastodon versions once the reworked client authentication handling in doorkeeper lands, which follows spec. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR improves compatibility with third-party Mastodon clients by addressing two issues:
1. Instance API Improvements (DAWN for Mastodon compatibility)
Problem: DAWN for Mastodon client failed to connect with error "Cannot read data" because expected fields were missing from the instance API response.
Changes to
/api/v1/instance:configuration.accounts.max_featured_tagsfieldthumbnailfield with Hollo logo URLstatsvalues (user_count,status_count,domain_count) from databaseChanges to
/api/v2/instance:thumbnailobject withurl,blurhash, andversionsfieldsiconarray with Hollo logomax_featured_tagsandmax_pinned_statusesfrom 0 to 102. OAuth Client Authentication (tooot compatibility)
Problem: tooot Android client failed OAuth authentication with 400 error because it sends credentials via both
client_secret_basic(Authorization header) andclient_secret_post(request body) simultaneously.Solution: Modified
clientAuthenticationmiddleware to allow multiple authentication methods if they contain identical credentials. Different credentials still result in a 400 error as per OAuth 2.0 spec.Test plan
Automated checks:
pnpm check)Manual verification: