fix: Authentication flow

Update authentication flow to be aligned with mastodon documentation
Refactor authetnication to be more explicit and easier to understand
Add working examples for each authentication method
Update Documenation

Deprectaed client methods: Authenticate(), AuthenticateApp(), AuthenticateToken(), authenticate()
New client methods: GetAppAccessToken(), GetUserAccessToken(), getAccessToken()

Author: coolapso

README.md

@@ -8,141 +8,33 @@
 
 ## Usage
 
-### Application
-
-```go
-package main
-
-import (
-	"context"
-	"fmt"
-	"log"
-
-	"github.com/mattn/go-mastodon"
-)
-
-func main() {
-	app, err := mastodon.RegisterApp(context.Background(), &mastodon.AppConfig{
-		Server:     "https://mstdn.jp",
-		ClientName: "client-name",
-		Scopes:     "read write follow",
-		Website:    "https://github.com/mattn/go-mastodon",
-	})
-	if err != nil {
-		log.Fatal(err)
-	}
-	fmt.Printf("client-id    : %s\n", app.ClientID)
-	fmt.Printf("client-secret: %s\n", app.ClientSecret)
-}
-```
+There are three ways to authenticate users. Fully working examples can be found in the [examples](./examples) directory.
 
-### Client
-
-```go
-package main
-
-import (
-	"context"
-	"fmt"
-	"log"
-
-	"github.com/mattn/go-mastodon"
-)
-
-func main() {
-	c := mastodon.NewClient(&mastodon.Config{
-		Server:       "https://mstdn.jp",
-		ClientID:     "client-id",
-		ClientSecret: "client-secret",
-	})
-	err := c.Authenticate(context.Background(), "your-email", "your-password")
-	if err != nil {
-		log.Fatal(err)
-	}
-	timeline, err := c.GetTimelineHome(context.Background(), nil)
-	if err != nil {
-		log.Fatal(err)
-	}
-	for i := len(timeline) - 1; i >= 0; i-- {
-		fmt.Println(timeline[i])
-	}
-}
-```
+### User Credentials
+
+This method is the simplest and allows you to use an application registered in your account to interact with the Mastodon API on your behalf.
+
+* Create an application on Mastodon by navigating to: Preferences > Development > New Application
+* Select the necessary scopes
+
+**Working example:** [examples/user-credentials/main.go](./examples/user-credentials/main.go)
+
+### Public Application
+
+Public applications use application tokens and have limited access to the API, allowing access only to public data.
+
+**Learn more at:** [Mastodon docs](https://docs.joinmastodon.org/client/token/)
+
+**Working example:** [examples/public-application/main.go](./examples/public-application/main.go)
+
+### Application with Client Credentials (OAuth)
+
+This option allows you to create an application that can interact with the Mastodon API on behalf of a user. It registers the application and requests user authorization to obtain an access token.
+
+**Learn more at:** [Mastodon docs](https://docs.joinmastodon.org/client/authorized/)
+
+**Working example:** [examples/user-oauth-authorization/main.go](./examples/user-oauth-authorization/main.go)
 
-### Client with Token
-This option lets the user avoid storing login credentials in the application.  Instead, the user's Mastodon server
-provides an access token which is used to authenticate.  This token can be stored in the application, but should be guarded.
-
-```go
-package main
-
-import (
-	"context"
-	"fmt"
-	"log"
-	"net/url"
-
-	"github.com/mattn/go-mastodon"
-)
-
-func main() {
-	appConfig := &mastodon.AppConfig{
-		Server:       "https://stranger.social",
-		ClientName:   "client-name",
-		Scopes:       "read write follow",
-		Website:      "https://github.com/mattn/go-mastodon",
-		RedirectURIs: "urn:ietf:wg:oauth:2.0:oob",
-	}
-	app, err := mastodon.RegisterApp(context.Background(), appConfig)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	// Have the user manually get the token and send it back to us
-	u, err := url.Parse(app.AuthURI)
-	if err != nil {
-		log.Fatal(err)
-	}
-	fmt.Printf("Open your browser to \n%s\n and copy/paste the given token\n", u)
-	var token string
-	fmt.Print("Paste the token here:")
-	fmt.Scanln(&token)
-	config := &mastodon.Config{
-		Server:       "https://stranger.social",
-		ClientID:     app.ClientID,
-		ClientSecret: app.ClientSecret,
-		AccessToken:  token,
-	}
-
-	c := mastodon.NewClient(config)
-	err = c.AuthenticateToken(context.Background(), token, "urn:ietf:wg:oauth:2.0:oob")
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	acct, err := c.GetAccountCurrentUser(context.Background())
-	if err != nil {
-		log.Fatal(err)
-	}
-	fmt.Printf("Account is %v\n", acct)
-
-	finalText := "This is the content of my new post!"
-	visibility := "public"
-
-	// Post a toot
-	toot := mastodon.Toot{
-		Status:     finalText,
-		Visibility: visibility,
-	}
-	post, err := c.PostStatus(context.Background(), &toot)
-
-	if err != nil {
-		log.Fatalf("%#v\n", err)
-	}
-
-	fmt.Printf("My new post is %v\n", post)
-}
-```
 
 ## Status of implementations
 

examples/public-application/main.go

@@ -0,0 +1,66 @@
+package main
+
+import (
+	"context"
+	"fmt"
+	"log"
+
+	"github.com/mattn/go-mastodon"
+)
+
+func main() {
+	// Register the application
+	appConfig := &mastodon.AppConfig{
+		Server:       "https://mastodon.social",
+		ClientName:   "publicApp",
+		Scopes:       "read write push",
+		Website:      "https://github.com/mattn/go-mastodon",
+		RedirectURIs: "urn:ietf:wg:oauth:2.0:oob",
+	}
+
+	app, err := mastodon.RegisterApp(context.Background(), appConfig)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	config := &mastodon.Config{
+		Server:       "https://mastodon.social",
+		ClientID:     app.ClientID,
+		ClientSecret: app.ClientSecret,
+	}
+
+	// Create the client
+	c := mastodon.NewClient(config)
+
+	// Get an Access Token & Sets it in the client config
+	err = c.GetAppAccessToken(context.Background(), app.RedirectURI)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	// Save credentials for later usage if you wish to do so, config file, database, etc...
+	fmt.Println("ClientID:", c.Config.ClientID)
+	fmt.Println("ClientSecret:", c.Config.ClientSecret)
+	fmt.Println("Access Token:", c.Config.AccessToken)
+
+	// Lookup and account id
+	acc, err := c.AccountLookup(context.Background(), "coolapso")
+	if err != nil {
+		log.Fatal(err)
+	}
+	fmt.Println(acc)
+
+	pager := mastodon.Pagination{
+		Limit: 10,
+	}
+
+	// Get the the usernames of users following the account ID
+	followers, err := c.GetAccountFollowers(context.Background(), acc.ID, &pager)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	for _, f := range followers {
+		fmt.Println(f.Username)
+	}
+}

examples/user-credentials/main.go

@@ -0,0 +1,38 @@
+package main
+
+import (
+	"context"
+	"fmt"
+	"log"
+
+	"github.com/mattn/go-mastodon"
+)
+
+// Create client with credentials from user generated application
+func main() {
+	config := &mastodon.Config{
+		Server:       "https://mastodon.social",
+		ClientID:     "ClientKey",
+		ClientSecret: "ClientSecret",
+		AccessToken:  "AccessToken",
+	}
+
+	// Create the client
+	c := mastodon.NewClient(config)
+
+	// Post a toot
+	finalText := "this is the content of my new post!"
+	visibility := "public"
+
+	toot := mastodon.Toot{
+		Status:     finalText,
+		Visibility: visibility,
+	}
+
+	post, err := c.PostStatus(context.Background(), &toot)
+	if err != nil {
+		log.Fatalf("%#v\n", err)
+	}
+
+	fmt.Println("My new post is:", post)
+}

examples/user-oauth-authorization/main.go

@@ -0,0 +1,105 @@
+package main
+
+import (
+	"context"
+	"fmt"
+	"log"
+	"net/url"
+	"os"
+
+	"github.com/mattn/go-mastodon"
+)
+
+func ConfigureClient() {
+	appConfig := &mastodon.AppConfig{
+		Server:       "https://mastodon.social",
+		ClientName:   "publicApp",
+		Scopes:       "read write follow",
+		Website:      "https://github.com/mattn/go-mastodon",
+		RedirectURIs: "urn:ietf:wg:oauth:2.0:oob",
+	}
+
+	app, err := mastodon.RegisterApp(context.Background(), appConfig)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	// Have the user manually get the token and send it back to us
+	u, err := url.Parse(app.AuthURI)
+	if err != nil {
+		log.Fatal(err)
+	}
+	fmt.Printf("Open your browser to \n%s\n and copy/paste the given authroization code\n", u)
+	var userAuthorizationCode string
+	fmt.Print("Paste the code here:")
+	fmt.Scanln(&userAuthorizationCode)
+
+	config := &mastodon.Config{
+		Server:       "https://mastodon.social",
+		ClientID:     app.ClientID,
+		ClientSecret: app.ClientSecret,
+	}
+
+	// Create the client
+	c := mastodon.NewClient(config)
+
+	// Exchange the User authentication code with an access token, that can be used to interact with the api on behalf of the user
+	err = c.GetUserAccessToken(context.Background(), userAuthorizationCode, app.RedirectURI)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	// Lets Export the secrets so we can use them later to preform actions on behalf of the user
+	// Without having to request authroization all the time.
+	// Exporting this as Environment variables, but it can be a configuration file, or database, anywhere you'd like to keep this credentials
+	os.Setenv("MASTODON_CLIENT_ID", c.Config.ClientID)
+	os.Setenv("MASTODON_CLIENT_SECRET", c.Config.ClientSecret)
+	os.Setenv("MASTODON_ACCESS_TOKEN", c.Config.AccessToken)
+}
+
+// Preform user actions wihtout having to re-authenticate again
+func doUserActions() {
+	// Load Environment variables, config file, secrets from db
+	clientID := os.Getenv("MASTODON_CLIENT_ID")
+	clientSecret := os.Getenv("MASTODON_CLIENT_SECRET")
+	accessToken := os.Getenv("MASTODON_ACCESS_TOKEN")
+
+	config := &mastodon.Config{
+		Server:       "https://mastodon.social",
+		ClientID:     clientID,
+		ClientSecret: clientSecret,
+		AccessToken:  accessToken,
+	}
+
+	// instanciate the new client
+	c := mastodon.NewClient(config)
+
+	// Let's do some actions on behalf of the user!
+	acct, err := c.GetAccountCurrentUser(context.Background())
+	if err != nil {
+		log.Fatal(err)
+	}
+	fmt.Printf("Account is %v\n", acct)
+
+	finalText := "this is the content of my new post!"
+	visibility := "public"
+
+	// Post a toot
+	toot := mastodon.Toot{
+		Status:     finalText,
+		Visibility: visibility,
+	}
+	post, err := c.PostStatus(context.Background(), &toot)
+
+	if err != nil {
+		log.Fatalf("%#v\n", err)
+	}
+
+	fmt.Printf("My new post is %v\n", post)
+
+}
+
+func main() {
+	ConfigureClient()
+	doUserActions()
+}

go.work.sum

@@ -1,5 +1,10 @@
 github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M=
+golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
+golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y=
+golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk=
+golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=