@jeff why do you think so about client certificates? I'm curious
@solene I feel like they are a bizarrely complicated solution to the issue of identity.
@jeff no problem, I was just curious
so on Gemini you input the login and password concatenated or you use first an input for the login, load a new page and ask for the password?
@solene the second option, yes. "/login.gmi" requests a username, that redirects to "/login/<username>/password.gmi" that requests a password. If validated, a session is then assigned.
If you can follow the spaghetti code, the auth is handled in "external_input_request_gemini:"
@jeff the code seems fine, I don't know fortran but a quick look for a few things didn't bring horrors to me
Maybe when you visit loginfailed.gmi you could make use of a status code? I suppose there is a status code for failed login.
Mastodon is a distributed social network of sorts, and this server hosts a tiny instance of it.