A while ago I posted a thread back on the
spoiler
spez
::: website, with a personal opinion on why the Fediverse seems a bit complicated. It basically goes like this: Mastodon (and pretty much every Fediverse project out there) is based on the idea of using multiple websites.
This is not really a problem on the desktop, as you’re using the browser to log in to the Fediverse. You go to mastodon.social or lemmy.world, maybe bookmark these, and you log in as normal (if you do not check the remember me option at login). Same goes with Facebook, with Xitter, with the
spoiler
spez
::: website etc.
Alright, but the newer generations (not everyone, but many folks part of them) rather use apps instead. And what do these apps do? Present a login screen with fields only for the username and the password (at most).
What are the Fediverse apps doing? They are also asking for the website where they would log you in. So you go open e.g. the Mastodon app, then type the website that you need to access (which in many cases it might not contain the word Mastodon in it), and only then you can enter the credentials.
What am I asking now (especially app developers): Wouldn’t it be better (if doable) to take some cues on how actually email (and XMPP for that matter) works, and ask the user for the username and the password instead in one go?
Like, everyone knows how to use email, everyone is familiar with that. And as I mentioned, XMPP is also doing it as well:
Wouldn’t it be doable?
One challenge with this approach is that AP usernames often include an @. Placeholders, like the example you show, don’t really make clear whether I should enter the email address I registered with, or my ActivityPub username. After all, Facebook will accept my email address and my username just the same, as do many other apps!
You can specify this by using an alternative scheme (@username@server.com) but that’s easy to miss. I think that’s the main reason why apps ask for a domain separately from username and password.
In my opinion, the unnecessary domain dropdown seems like a relatively easy problem to fix (if the user enters username@service, do a webfinger request to see if that user exists), but making it clear to the user that they shouldn’t be entering their @gmail.com into the field becomes more complicated. You may be able to catch the most common email servers with a hard coded list and warm the user, but there will still be confusion among the people who don’t understand how federation works.
As a side note, I much prefer the OAuth authentication flow Mastodon provides, allowing me to enter my domain and logging in through my (already authenticated, configured for 2FA) browser. That doesn’t work for all Fediverse software, though.