Implement a Oauth provider in Funkwhale
Our JWT-based solution is not ideal for cli, mobile or desktop apps because the token will eventually expire. Ideally, Funkwhale should offer OAuth-based authorization and authentication so those apps can integrate seamlessly with us.
Resources to check:
Tasks:
-
Registering oauth apps (and specify allowed scopes) -
Manage/revoke apps for an account -
Authorization code grant flow (https://tools.ietf.org/html/rfc6749#section-4.1) -
Update our permissions system to work with the oauth scopes
cc @gordon
Edited by Agate