"Our unique network design prevents data from ever being tracked or censored. dApps continue to live on Mainframe whether governments, tech giants, or we want them to."

Federation is controlled through a central repository, with many instances already blacklisted.

But, federation "only" affects whether or not posts of one instance show up on other, federated instances.

Wait, let me re-read some source code.

gotta run for now, interesting stuff tho

Okay, I'll dump it for here, for later.

Ah, here it is. I was wrong. It uses HTTP Basic authentication.

So, it's by far the simplest to program against. Basically made to rely on only the most basic, old school web protocols.

https://github.com/UndeadMockingbird/AltTech/blob/master/api_wrappers/gnusocialapi/gnusocialapi/gnusocialapi.py

i'd rather have oauth tokens with scopes ¯\_(ツ)_/¯

Yeah ... hmm.

Well, it has its use, of course, or nobody would put in the extra effort, but it's nice having basic auth.

also

> fucking xml

xml?

Oh, right! Now I see it. I thought it was JSON.

you send json, endpoints return xml

Wait ... it is JSON, but also XML. That's weird.

i'm wrong, you just send params

Ah, I remember. For some reason, I got XML in one call and JSON in another. I have no clue why.

It seems weird to me.

When posting an image, you get XML.

actually dunnolol, fuck it i'm tired ¯\_(ツ)_/¯

When posting a status, you send JSON.

Maybe I was using the endpoint weird, but the code is tested and I've been using it for a while, so at least it works. But I might still be needlessly complicated about it. Not sure - I reverse engineered it in the web debugger, because I was too lazy to read the manual. lel

Ah, and you mentioned OAuth: I guess you need it for three legged authentication, i.e. web applications authenticating you to the social media service on your behalf, without having to give away your credentials, just the way when you authorize an app to post to Twitter or Facebook.

Not sure if you can do that with HTTP basic auth.

nope

Ah, okay. That's what I thought, but I was not 100% sure. If you don't think so, either, then you probably can't.

as in you could but you'd end up reimplementing oauth flow, so why bother :^)

Right. Whatever token magic you would have to build would have to basically come down to the same steps and mechanisms OAuth uses already.

So, not sure how GNU Social would do "web apps" and that sort of stuff. They probably cannot right now.

But I am reading some OAuth tests in the GNU Social source code. Not sure if that's a planned feature or already in.

https://github.com/foocorp/gnu-social

fucking opensource

That's good, no?

when someone bothers to write the docs :^)

Eh, it's better than not being able to contribute at all.

oh ... wait, now I understand your comment

You meant to hint at how bad or out of sync the docs are for many OSS projects. Agreed.

The best manual is the source code.