OOB OAuth redirect_url not supported

[jk-na]

When trying to create an OAUTH app, it fails via either the commandline using the mastodon API instructions or via the pixelfed website, where I am getting the following error when trying to use urn:ietf:wg:oauth:2.0:oob as the redirect uri,

One or more redirects have an invalid url format.

I'm trying to use use an OAUTH connection to syndicate suitable posts from my website to my pixelfed account, I've got it working with pleroma and I don't see this on the list of API differences so hoped that it would also work with pixelfed.

Can you advise what I should use instead, if that redirect_uri cannot be used?

[cytrinox]

I've implemented an exporter for Darktable to directly upload images to Pixelfed. Unfortunately, it's not easy to get the OAuth2 code for copy&paste into Darktable, as OOB is not supported by Pixelfed.

For all offline apps like Darktable - even Lightroom integration would be possible for Pixelfed - this issue blocks the usage by non-technical users. You can still extract the code with with web-developer debugging tools.

[wakest]

hey @dansup any thoughts on this issue? Seems like maybe not the hardest problem that could result in a number of apps being able to support Pixelfed

[dansup]

@jk-na @cytrinox @wakest I was able to successfully create a client app and authorize with a redirect_uris=urn:ietf:wg:oauth:2.0:oob.

1. POST request to https://pixelfed.social/api/v1/apps?redirect_uris=urn:ietf:wg:oauth:2.0:oob&client_name=Pixelfed

2. GET https://pixelfed.social/oauth/authorize?client_id=XXXXX&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=read+write+follow+push&response_type=code

3. Authorize & and a code=XXXX is returned as expected.

[wakest]

@h3poteto does this solve the hold up you were experiencing with fedistar

[h3poteto]

OK, I will check it.

[h3poteto]

Not working.

$ curl -X POST -H "Content-Type: application/json" `'https://pixelfed.social/api/v1/apps?redirect_uris=urn:ietf:wg:oauth:2.0:oob&client_name=Pixelfed'
{"id":"xxxxx","name":"Pixelfed","website":null,"redirect_uri":"urn:ietf:wg:oauth:2.0:oob","client_id":"xxxxx","client_secret":"xxxx","vapid_key":null}%

2. And I open https://pixelfed.social/oauth/authorize?client_id=xxxxx&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=read+write+follow&response_type=code on my browser
3. Press "Authorize" button, but nothing happens. I can't get authorization code.

[pbrkr]

@dansup could we get this issue re-opened? Or make a new issue from the comment by @h3poteto above?

It also looks like #4293 may be related to this failure.

[dansup]

@pbrkr @h3poteto As I mentioned, POST https://pixelfed.social/api/v1/apps?redirect_uris=urn:ietf:wg:oauth:2.0:oob&client_name=Pixelfed, notice the redirect_uris not redirect_uri

[h3poteto]

@dansup What do you mean? I'm using redirect_uris in POST request https://pixelfed.social/api/v1/apps?redirect_uris=urn:ietf:wg:oauth:2.0:oob&client_name=Pixelfed. Is it wrong?

[tassoman]

POST and GET resources takes different parameters, as seen in comment 24, POST have final S in redirect_uris

[danschwarz]

@dansup could we get this issue re-opened? Or make a new issue from the comment by @h3poteto above?

It also looks like #4293 may be related to this failure.

Agree it's exactly the same issue.

[cytrinox]

@dansup This issue is still unresolved and blocks integration of non-web third-party apps. Please reopen the issue.

When urn:ietf:wg:oauth:2.0:oob is used as redirect_uri on request, backend sends a response with HTTP Location header set to this uri. At this point, a recent browser does nothing, as the location is invalid.

On redirect_uri=urn:ietf:wg:oauth:2.0:oob, the backend must response with a HTML site that contains the code so the user can copy&paste the code into third-party app. This is not implemented so OOB OAuth is not supported at all by Pixelfed.