Web UI for per-user/non-public settings

[shiribailem]

As different features get talked about and various complexities come up on how to do and manage things, I think it might be worthwhile to have a private control panel link? Obviously securing it is a concern, even if a little bit minor.

Basically to simplify management as well as make options visible, a simple web page tied to your account that lets you manage things in a more user friendly way, just by using a private link.

I'd suggest it report changes in a message (as a security element), private information be likewise sent (ie. requesting bluesky did).

Great for things like: #1632 #872 #1672

I also feel like while it's not super useful now it's better to build something like this earlier rather than later.

[Tamschi]

It should be possible for Bridgy Fed to distribute login links via DM now, but I don't think it would be secure if they didn't expire fairly quickly.

At least on ATProto, OAuth seems to be possible now, but I'm unsure if you can request an identity-only token yet.

[snarfed]

Yes! This has come up before, eg #1583 and #1421 , and I thought we already had an issue for it, but I couldn't find it. Happy to use this one to track.

It's a big project, with unclear ROI, if any. We'd need to build auth for every network we support, and we only have one per-user setting right now, Bluesky custom handles, which DMs are working well for. On-protocol DMs generally give us auth (and UI!) more or less for free, on every network. I'm generally reluctant to add per-user settings or anything else non-public, but for the ones that do come up, right now I lean toward using DMs for it, not a web UI with multiple custom auth flows.

[shiribailem]

My suggestion was just an obscure link and after-the-fact confirmation of changes in lieu of auth. There's little that's of significant risk there and anything that would be a risk would just be directed to DMs (ie. requesting DID would be a button that triggers the DM as if you had sent the command).

Easiest way I can imagine for reasonable low effort security: unique random code URL and a log of failed requests monitored by a fail2ban config.

Just having a random code URL qualifies as a basic 1-factor security (something you know). It's also entirely valid to have a command/button to enable/disable the web interface for the account and if a serious concern cropped up a second factor could be investigated.

As far as the ROI, it's accessibility. It's very easy for most of us to forget that the majority of users can't navigate a command line (see my other suggestion in #1679 as related to poor user capability)

Additionally sometimes it's just plain easier to navigate and manage a GUI rather than a terminal style interface.