Is there any service that runs on ATproto that *doesn't* require a BlueSky login yet?
-
Kuba Suder • @mackuba.eu on 🦋replied to BeAware :fediverse: last edited by
@BeAware Ok so I'm not sure I understand what you want exactly So you could have a PDS that you've installed on your server, sign up for an account on that PDS, and then log in to WhiteWind and Frontpage with that account. At that point the only places where you'd have something to do with Bluesky infrastructure is:
- the Bluesky Relay which WhiteWind and Frontpage almost certainly pull data from because I'm sure they don't run their own
- the plc.directory which registers DIDs -
BeAware :fediverse:replied to Kuba Suder • @mackuba.eu on 🦋 last edited by
@mackuba Oh...hmm...if I host my own PDS, they don't get my account "info" (email and such private info), but I'd still sign up through BlueSky? Or is there a seperate sign up/account database that is hosted on the PDS?
I ask, because when using whitewind, it says to login using bluesky. Is there an account system on PDS that will just *work* with it as well? They're just conflating ATProto with BlueSky and I'm seperating them, essentially?
Hope this makes sense. I'm trying to explain. As you know, I'm not very good at getting my point across.
-
Kuba Suder • @mackuba.eu on 🦋replied to BeAware :fediverse: last edited by
@BeAware Yeah yeah, that's basically the same thing - I've seen some discussions a few times "How should we call this on the website? Log in with what?", but generally I think most people agreed that "Bluesky" will be more meaningful to more new users than "AT Protocol"…
-
Kuba Suder • @mackuba.eu on 🦋replied to Kuba Suder • @mackuba.eu on 🦋 last edited by
@BeAware In practice it should work this way: you enter either the address of your PDS, or your handle which is resolved to your DID which is then used to find the address of your PDS, then the app contacts your PDS to authenticate to your account and get back access token from the PDS. If your on your own PDS then none of your account data is hosted on Bluesky servers except the (public) DID JSON file on plc.directory.
-
BeAware :fediverse:replied to Kuba Suder • @mackuba.eu on 🦋 last edited by
@mackuba That's because most people are used to having a corporation in control. I consider it an issue.
I've been fighting Fedi on using the "Mastodon" term for this reason.
I'd really hate to see Fediverse become completely controlled by Mastodon. They've already been doing some very sus stuff and *only* control about 73%....
-
Kuba Suder • @mackuba.eu on 🦋replied to Kuba Suder • @mackuba.eu on 🦋 last edited by
@BeAware I think you could even not have a "Bluesky profile" record with bio and avatar etc. to use WhiteWind this way (I'm not 100% sure though how the account tooling works on the installable PDS).
-
BeAware :fediverse:replied to Kuba Suder • @mackuba.eu on 🦋 last edited by
@mackuba Thanks for these bits of info!
Much appreciated. I might be looking into how to host these things soon, as it was my misunderstanding of the way it works that was stopping me from delving into it further.
-
Kuba Suder • @mackuba.eu on 🦋replied to BeAware :fediverse: last edited by
@BeAware Also things are kind of in flux with OAuth at the moment - they've been working on it for the past few months, but it's only partially deployed so far and not ready, there have been some required updates to the PDS related to this, and most third party apps don't support OAuth login just yet, so things might be a bit messy in that area in the next few months.
-
BeAware :fediverse:replied to Kuba Suder • @mackuba.eu on 🦋 last edited by
@mackuba Oh okay. I'm ignorant on OAuth as well. Is that what's used to login to other sites like Whitewind?
If that's the case, I might be better off waiting until that's ironed out as that's pretty much what I'm trying to do in the end.
-
Kuba Suder • @mackuba.eu on 🦋replied to BeAware :fediverse: last edited by
@BeAware It's like when you log in to your Mastodon/Fedi account in an app, you're shown your server's login page in a browser and then "Do you want to authorize app X to do Y?" and you press "Authorize". And in Bluesky/ATProto at the moment you enter that "app password" at the moment to log in, you give the app password to the third party app itself instead of to your server's login form. It's less secure because they get that password itself instead of a token & they get access to whole acct.
-
BeAware :fediverse:replied to Kuba Suder • @mackuba.eu on 🦋 last edited by
@mackuba Oof...yeah, that's a bit worrisome for me. I'll keep checking in to see how OAuth is coming before I dive into it all the way.