I don’t really see the point in forking a project like Mastodon unless you are already deeply involved with its development. It doesn’t do enough that you couldn’t rewrite it better (as in in a way you understand better and with lessons from the original taken into account) in the time it would take you to fully understand all the details of the existing code base.
a token that you’ve been authenticated against your home instance.
I assume you are talking about OpenId Connect (or OAuth 2.0 but that is basically what OpenId Connect is based on) here. The crucial bit that didn’t really work out with this is the part where users just specify their OpenId Connect provider at login time. All uses I have seen in at least 10 years have a fixed list of providers to choose from because of these trust issues.
Well, in case someone has the same idea, I just checked and the string kbinBot does not appear anywhere in the lemmy git repo.
I also must say the whole conspiracy nonsense in the comments over in that kbin link you posted really doesn’t look good for their user base. Most likely this is some sort of bug or compatibility problem.
The first one won’t work either for private fields.