Still just kind of messing around, but....
I noticed CORS wasn't open on Bonfire (or at least not this Archipelago version of Bonfire) and since we're using javascript for logging in to remote instances on Pelago (pelago.1sland.social) I needed to build a proper proxy, in cases where an instance requires same-origin for wellknown, nodeinfo and other discovery endpoints.
But here it is. You can log into Pelago with Bonfire now. 😊
Proper support subscribing as an island admin will likely require Bonfire opening up the Mastodon admin API, notably the 'domain_allows' api for reading purpuposes only, at least.
To explain: For island admins where everyone is in allowlist mode, unless you have mutual federation going on, in other words, unless both sides have the other on their allowlist, it's not going to work. Pelago essentially checks all the members of an archipelago and confirms that all members have each other on their allowlists (and thus have full federation through the archipelago).
Additionally, for this to truly integrate properly with Bonfire, this instance would need to allowlist pelago.1sland.social so it could send notifications to the admin of the instance.