ostatus auth

The first step in talking to a mastodon/ostatus instance is to authenticate to the API. The docs are rather scarse on this topic so I'm putting a path-of-least-resistance note here on how to get started.

OAUTH has the concept of an app that is accessing your account. This in theory allows the denial of a particular piece of software by the site administrator. Start by registering the app with the mastodon instance.

$ curl https://mastodon.xyz/api/v1/apps -d "client_name=superbot&redirect_uris=http://example.com&scopes=read"
{"id":2..., "redirect_uri":"http://example.com", "client_id":"51d...", "client_secret":"80a..."}

Once a client ID is established, visit the authorize endpoint in a browser.


The browser will be redirected to the redirect_uri with a code.


Here's where it all comes together, the client id, the client secret, and the code.

$ curl -D - 'https://mastodon.xyz/oauth/token' -d 'client_id=51d...&client_secret=80a...&

Then you will be rewarded with an access_token for use in private mastodon api calls.

In reading some other code, it should work to use a grant_type of password, the browser step can be skipped, go directly to the oauth/token step and add username= and password=. I tried this myself without success but it might have been something small I overlooked thats causing the error. Also username/password is not recommended as an auth flow anyways.