Message from @Undead Mockingbird
Discord ID: 507850305321435157
always exerting control
The API is incredibly simple, with posting an image, for example, being a simple HTTP POST, returning an ID in JSON, and you can then reference that ID in a post to attach it. It's the simplest API I have programmed against so far, out of Mastodon, Gab, Minds, Steemit, Twitter, and Facebook.
but it can be censored right?
someone is in control
Hmm ... let me think.
Yes, the isntance admin could censor.
"Our unique network design prevents data from ever being tracked or censored. dApps continue to live on Mainframe whether governments, tech giants, or we want them to."
Federation is controlled through a central repository, with many instances already blacklisted.
But, federation "only" affects whether or not posts of one instance show up on other, federated instances.
Wait, let me re-read some source code.
gotta run for now, interesting stuff tho
Okay, I'll dump it for here, for later.
Ah, here it is. I was wrong. It uses HTTP Basic authentication.

So, it's by far the simplest to program against. Basically made to rely on only the most basic, old school web protocols.
i'd rather have oauth tokens with scopes ¯\_(ツ)_/¯
Yeah ... hmm.
Well, it has its use, of course, or nobody would put in the extra effort, but it's nice having basic auth.
also
> fucking xml
Oh, right! Now I see it. I thought it was JSON.
you send json, endpoints return xml
Wait ... it is JSON, but also XML. That's weird.
i'm wrong, you just send params
Ah, I remember. For some reason, I got XML in one call and JSON in another. I have no clue why.
It seems weird to me.
When posting an image, you get XML.
actually dunnolol, fuck it i'm tired ¯\_(ツ)_/¯
When posting a status, you send JSON.
Maybe I was using the endpoint weird, but the code is tested and I've been using it for a while, so at least it works. But I might still be needlessly complicated about it. Not sure - I reverse engineered it in the web debugger, because I was too lazy to read the manual. lel
Ah, and you mentioned OAuth: I guess you need it for three legged authentication, i.e. web applications authenticating you to the social media service on your behalf, without having to give away your credentials, just the way when you authorize an app to post to Twitter or Facebook.
Not sure if you can do that with HTTP basic auth.
nope
Ah, okay. That's what I thought, but I was not 100% sure. If you don't think so, either, then you probably can't.
as in you could but you'd end up reimplementing oauth flow, so why bother :^)
Right. Whatever token magic you would have to build would have to basically come down to the same steps and mechanisms OAuth uses already.
So, not sure how GNU Social would do "web apps" and that sort of stuff. They probably cannot right now.
But I am reading some OAuth tests in the GNU Social source code. Not sure if that's a planned feature or already in.
fucking opensource
 
       
      