Support sign-in with Mitra

Mitra extends the Mastodon API with Ethereum sign-in.

Creating an account

When creating an account, it engages Metamask asking to sign a message. Once signed, it does a POST /api/v1/accounts with a "password" (ethereum signed message), and wallet_address (the Ethereum wallet address). It also requires an invite code.

Screenshot_from_2022-02-07_10-17-41

Signing in

Signing in is similar. Metamask is called and the user signs a message. The signature is sent to POST /oauth/token. A new grant_type called ethereum is introduced, and the "password" (signature) and wallet_address are the same as the previous request.

Screenshot_from_2022-02-07_10-18-18

When first creating an account, mitra-web reuses the credentials to sign the user in.**

Other differences to Mastodon

The response from both endpoints are similar to Mastodon's, although I've noticed a few differences:

  • Accounts have a wallet_address property. I can only seem to see my own wallet by default - it's null for other users.
  • The response from GET /api/v1/instance is minimal, and contains some additional params: https://mitra.social/api/v1/instance