You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Well, I spent an entire day on the OAuth issue with a few Mastodon instances until I check out Tusky's source code...
If I don't get it wrong, to handle with most APIs you need to get an access token, and there are three ways you can get access token from Mastodon currently (takes pawoo.net as an example):
Open the Setting page and register a new application. Then you can check out if it works instantly:
Register your app with API and then use Authorization Code Flow. After authorization, user copy the authorization code to the app and then the app gets the access token:
importrequestsfromurllib.parseimportquote# Python 3payload= {'client_name': 'your_app',\
'redirect_uris': 'urn:ietf:wg:oauth:2.0:oob',\
'scopes': 'read write follow'}
r=requests.post('https://pawoo.net'+'/api/v1/apps', data=payload)
r.json()
client_id=r.json()['client_id']
client_secret=r.json()['client_secret']
oauth_uri='https://pawoo.net'+'/oauth/authorize'+ \
'?scope='+quote(payload['scopes']) + \
'&response_type='+'code'+ \
'&redirect_uri='+payload['redirect_uris'] + \
'&client_id='+client_idprint('Please open the link in the browser to authorize this application:')
print(oauth_uri)
print('After authentication, please copy the code in the web page')
print('and paste below, then press Enter to continue.')
auth_code=input('Code: ').strip()
params= {'client_id': client_id, 'client_secret': client_secret, \
'grant_type': 'authorization_code', 'code': auth_code, \
'redirect_uri': 'urn:ietf:wg:oauth:2.0:oob'}
access_token=requests.post('https://pawoo.net'+'/oauth/token', params=params).json()['access_token']
header_1= {'Authorization': 'Bearer '+access_token}
requests.get('https://pawoo.net/api/v1/accounts/42', headers=header_1).json()
Now you can check out the OAuth details doc page in step 2. It confused me a few minutes, since it uses a special 'grant_type' called 'refresh_token' which is not supported by all instances I have tested with.
Another confusing issue is the slight difference of parameter, including scopes in register yet scope in authorization and redirect_uris in register yet redirect_uri in authorization. The authorization server requests params precisely so I have received countless invalid_request on this day. The scopes is also a little confusing.
The only thing I want to do now is to hit my computer with my brain :(
The text was updated successfully, but these errors were encountered:
Well, I spent an entire day on the OAuth issue with a few Mastodon instances until I check out Tusky's source code...
If I don't get it wrong, to handle with most APIs you need to get an access token, and there are three ways you can get access token from Mastodon currently (takes pawoo.net as an example):
curl --header "Authorization: Bearer ACCESS_TOKEN_HERE" -sS https://pawoo.net/api/v1/accounts/42Now you can check out the OAuth details doc page in step 2. It confused me a few minutes, since it uses a special 'grant_type' called 'refresh_token' which is not supported by all instances I have tested with.
Another confusing issue is the slight difference of parameter, including
scopesin register yetscopein authorization andredirect_urisin register yetredirect_uriin authorization. The authorization server requests params precisely so I have received countlessinvalid_requeston this day. Thescopesis also a little confusing.The only thing I want to do now is to hit my computer with my brain :(
The text was updated successfully, but these errors were encountered: