GitLab

Our JWT-based solution is not ideal for cli, mobile or desktop apps because the token will eventually expire. Ideally, Funkwhale should offer OAuth-based authorization and authentication so those apps can integrate seamlessly with us.

Resources to check:

• Mastodon OAuth API
• Django OAuth Toolkit
• #629 (closed)

Tasks:

• Registering oauth apps (and specify allowed scopes)
• Manage/revoke apps for an account
• Authorization code grant flow (https://tools.ietf.org/html/rfc6749#section-4.1)
• Update our permissions system to work with the oauth scopes

cc @gordon