Getting somewhere with OAuth and Mastodon #4
Comments
scripting
changed the title
|
I asked the question on Masto and got the answer. It needed to be a POST, and I used GET. https://mastodon.social/@danijel@mastodon.green/109365501836831605 Now I'm past that error and on to the next one. It's such a slog but once you get it it tends to stay got. ;-) "{"error":"invalid_grant","error_description":"The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."}" I also figured out that I can run the bridge code in the debugger so things are going much faster now. |
Bing!I fiddled around with things and got the access token. So now, theoretically I should be able to post something to our test Masto. |
|
But I'm stuck again. The redirect_url that I send to the "oauth/token" call -- nothing is happening with it. I end up with the access token on the server, but nothing on the client. It should be getting something it can save in localStorage to use to make future calls. Nothing like that is happening.. |
|
I probably need another fresh start to get over this hump. It feels like the last one, but so did the previous one. ;-) Someday someone is going to figure out how to make this not take a week. |
|
Im unsure where your issue stems from, but here are two to me unintuitive observations that I made messing about with mastodons oauth api last week.
hope that helps :) |
|
Hi, I'm not sure if I understand this correctly however with OAuth2 nothing is supposed to happen with the |
|
Thanks for the help, I’m taking a break to clear my head and my eyes, I’m sure I’ll get it, I’ve had the same thing going with Twitter for years. 😀 |
|
I got it. There was a segment of the docs that I had skimmed over when starting, and hadn't gone back to. See screen shot. So now I have it returning a code to the browser, I assume this will be what I send to the server to post something on behalf of a user.
|
|
I'll clean all this up for an upload tomorrow assuming all goes well from here. ;-) |
|
To get my Hello World working, I'm looking at the docs for statuses. https://docs.joinmastodon.org/methods/statuses/ I can't believe that the stuff about polls is required. I don't want a poll. I just want to post "Hello World". Wft. I better pick this up tomorrow, I'm overloaded. ;-) |
|
I'm still wandering around in the dark. ;-) But I am getting somewhere.
|
Bing! Bing! Bing! |
|
Well, I thought I was going to be able to get a Hello World status to post quickly, but I don't know where everything goes. Do I have to send the token as a header. Can't tell for sure. Why doesn't someone do a freaking Hello World example. The code for the API packages really try to hide the basic stuff that's going over the line, so much ridiculous abstraction, there really isn't very much going on here. Anyway I'm going to take a nap and a walk, and then come back. I want two basic calls to work and then I'll clean it up and upload the result.
|
|
@scripting I'm not sure it applies to our case, but I found an article on posting a new status on the command line over the api. The curl command (not my real token 😃) was I got some JSON back and the status was posted. |
|
@scotthansonde — very helpful. I’ll get this in the code and let you know how it goes. can you find a way to get info about the user? |
|
@scotthansonde -- I need to do a fresh start in the morning. I used the example you provided but something isn't working. It's saying the token I provided isn't valid. That says that the process before trying to post a message has a problem. And it's been a long day. ;-) |
|
We're at the start of another day and still don't have Hello World working. But I think it's really close. Okay -- so here's where we are, quickly. I can get the four crucial bits of information you get back from Mastodon when you successfully connect. But when I try to use the access_token to post a status, I get back an error saying:
Here's the code I'm using to post the status message. PS: Thanks to @scotthansonde for his help and support -- he cruises through stuff in a way I don't, and his input has been very helpful. |
|
So, first thing -- if you have working code that posts a status message, esp if it's JavaScript, could you look at my code above and see if there's anything that might make Masto think that I'm not including the bearer token as it expects it? I'm going to look for examples. I have to believe the access token the server gave me is good. I'm also going to look for actual JS code that posts a status to see if there are any other ways I might do this. I'm also going to start over on the server with a new app, and set it up again, just to review that side of it. See if the problem shakes out that way. Thanks for any help you can offer. 😄 |
|
I don't have JS code, but trying that status API in curl, I noticed it requires form data on the way in (not JSON, as it looks like you're providing based on |
|
I found an old library mastodon.js that also uses $.ajax to post statuses. It has a generic post function. With |
|
@scotthansonde -- there's a bunch of stuff in there that's defined externally to the routine like checkArgs, arguments. Some things we can guess what they are -- but the mystery is what they're passing as data, exactly. I can't find any examples, but it's hard to construçt a search for this stuff because the terms are so generic. Could you send me the full file via email? |
|
never mind i see you linked to it ;-) |
|
I'm wiped out. Exhausted and need a fresh/fresh start this time. But I'm going to do that after I get this working. Here's my theory -- Mastodon is insisting that the user doesn't have an token. The error seems to imply that it isn't getting the token, but I'm going on the theory that the message is slightly misleading. Possibly it means "I got the token but it's no good." So here's what I'm doing. I'm going to stop for now trying to get the code to work. Instead I'm going to get it easily testable, online, and release the source. And then others can join me in testing the same code. And I'm going to start with that assumption that the problem isn't wirh the code that's telling Masto to do a post, rather it's that it's not got a good token. Back in a bit... |
Ya know, you're like the only person out there trying hard to keep the web working the we all benefitted from it years ago. Keep at it, you're doing awesome. Sending respect and a hug:-) |
|
@lrdj -- thank you. i'm doing it because there's a huge block of new code working that needs to see the rest of the world and the world needs to see it. Feeds are able to do a lot more than people think they can. The pairing betw feeds and Masto is going to be a big boom. I can't wait. That's why I'm pushing. ;-) |
First a nit. In the second form above: I don't see anything wrong with your code, but I always do If you look at this in the "Network" tab of your browser's DevTools window, you should see something like the following request & headers sent (some might be missing. I don't know which are necessary, I just copied this from my "Network" tab): And there should be an OPTIONS request sent over the wire, to do the CORS stuff. Once you get that working, in your original I haven't explained why you're getting You can watch this all happen in the network tab, when sending requests through https://mammudeck.com/?api=login |
|
I got the code mostly cleaned up, and there are current versions of the client and server here: https://github.com/scripting/reallySimpleActivityPub/tree/main/mastoGlue So now you can look at both sides of the connection. |
Also, no pull requests.http://scripting.com/2020/05/26/194558.html?title=bugReportsNotPullRequests |
|
I'm not seeing where the call to The server code appears to be the In the POST to I comparing the OPTIONS preflights from http://test.masto.land and https://mammudeck.com/?api=login, I see the OPTIONS requests as in the linked screenshots below. My guess is that some of the "Request Headers" in the mammudeck.com request are missing from the test.masto.land request, but I don't know which ones are important. Your code didn't generate this, Mammudeck CORS OPTIONS request: https://user-images.githubusercontent.com/40873/202993527-3aa1a180-be15-4036-82f8-cc80ca7c9ac6.jpg I noticed one bug in your code. In the Good luck. I have no idea why I'm up at 3am, but I am (I DID sleep 4 hours, so all is not lost). |
|
Thanks, Scott. I’m in, and was able to do some testing of Dave’s Mastodon
Client API code.
…On Nov 21, 2022 at 2:37:45 AM, Scott Hanson ***@***.***> wrote:
@billstclair <https://github.com/billstclair> https://social.scottfr.de
is a test instance I set up for @scripting <https://github.com/scripting>
and I. I've approved your account, so now there's 3 of us. 😃
—
Reply to this email directly, view it on GitHub
<#4 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAAJ7KKXCUXJIDAE466EAMLWJMRETANCNFSM6AAAAAASESRTRE>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
Hi, I'm not sure but this part doesn't look quite right to me: If you use the OAuth authorization code flow (as you're doing) the grant type should be |
Yes, the nginx web server is configured to redirect all http requests to https. |
|
@Riff451 -- that was the problem. I am now able to post to the test instance. Hello World. I worked around the CORS issue by putting the code that sends the message to the instance in the server app, which doesn't have any CORS restrictions. Whew! And thank you. ;-) |
|
I updated the code in the mastoland folder. https://github.com/scripting/reallySimpleActivityPub/tree/main/mastoGlue There's a lot more work to do, but hopefully now it will go more steadily since we have a template for communicating with Masto. |
|
I've done the factoring that was needed to get ready to add support for a lot of other verbs. I have two verbs working --
Both use the access_token we have via logging on and it all works as far as I can tell. You can try it out by going to http://test.masto.land/. To enter a new status message, click on the Masto Toot button and enter the text you want to toot. Click OK, it should appear on the test server. The result will be displayed in the JavaScript console. Any errors will appear in a dialog box. You can test the second one by opening the JavaScript console and type:
You should see a bunch of info about the user in the console. When you've done this please confirm here. I have updated the source in this repo. |
|
Next up, I want to upload a picture with a toot. |
To try it out now you need to have an account on the test instance https://social.scottfr.ee/. I've opened up sign-in for new accounts so people can try it out. Just be aware that it is a test instance that will most likely be deleted when this project is complete. |
|
oops sorry about that scott. ;-) |
|
@scripting I can confirm that both mastodon.toot () (via the Masto Toot button) and mastodon.getUserInfo () (in the console) both work for me, returning their results as JSON in the console. |
Never mind. I figured it out.I'm testing some code and have a question about any limits on what characters can be in the text of a status. If I ask the API to toot this text, it does it, no errors. Prosecution Rests as Trump Company Trial Moves Faster Than Expected But if I add a # and a space at the beginning I get a 422 error. # Prosecution Rests as Trump Company Trial Moves Faster Than Expected Does anyone here know anything about that? |
|
Tune into the test Masto server. I got something fun running. When you see the code you'll plotz. There's a FeedLand feature most people don't know about. 😄 |
I don't see it. Your last commit to http://test.masto.land was seven hours ago. Are you talking about https://social.scottfr.ee? I don't see anything there, either. |
|
I haven't released any new code. The stories flowing through there from the NYT is what (at least I find) interesting. I will have new code out tomorrow probably. |
|
Ah. I saw the posts, but I didn't know that they came from an RSS feed. Cool! |
|
I created an account on social.scottfr.ee, made a manual toot, then made a toot from test.masto.land and saw the toot on my account on social.scottfr.ee. |
|
I made an account on social.scottfr.ee and went to test.masto.land to make an API-toot - worked nicely! |
|
@billstclair — even better than an RSS feed. I’ll explain later today.. |
|
@billstclair — I see from your profile you like websockets. Me too! ☘️ |
|
Here's the first demo app I want to share with you. https://github.com/scripting/feedlandSocket It connects up with the feedland.org server, receiving a realtime stream of new feed items, as FeedLand discovers them. This is core functionality for the news app that's streaming NYT into the Mastodon server. |
|
I've watched feedland.org's Dev Tools "Network" panel for a little while. It connects to the same WebSocket as the example above, ws://feedland.org:1466/. There appear to be only three messages that pass through the WebSocket, It is indeed a fire hose. Everything comes over the wire. This makes the server code very simple, but I'm wondering how well it scales, whether it's worth keeping a list of desired feeds, defaulting to everything, for each connection, and send only messages for those feeds. Whether the memory of the list of feeds and probing it, for each connection, each time an event happens is a good trade-off to the savings in transmission bandwidth, I don't know. The feedland.org server knows which feeds those are. Other clients might want to send a subscription list, or a new feed, over the WebSocket. Just thinking out loud. What's there works well. Cool technology. |
|
I'll worry about scaling later if it becomes an issue. It's a tradeoff, right -- complexity and performance on one side, and lots of net traffic on the other. Right now the installed base of FeedLand is tiny and it just isn't an issue. That's pretty much how I work. I tend to over-engineer and provide for situations that never happen. So I compensate for that by choosing not to worry. ☘️ For now think in terms of applications. What can you do with this functionality? I have it piping NYT articles to Mastodon. I plan to open that up as a public service once we turn a few more corners. BTW there is no newFeed message. The client doesn't care. If the user does, there's a menu command that shows the new feeds to you in chronologic order with checkboxes that makes it dead-simple to subscribe. |
|
Thanks, Dave. Makes sense. It's simple, and it works well. |
|
BTW -- how do I know they're NYT articles? At first I just looked at the URL of the feed the item came from. If the domain was at nytimes.com that was good enough for me. Then I realize I have a category in my account called NYT that I've put all the NYT feeds in. And as with everything in FeedLand, I can get at it through a public data structure, in this case an OPML subscription list, the standard data exchange format in rss.land. Here's the URL for the list. http://feedland.org/opml?screenname=davewiner&catname=nyt This mechanism can be used for collections whose URLs don't match. But I went with the NYT at first because their items are so uniform. No guesswork as to what I'll find in each one. They all have titles and descriptions are short. We really ought to get this discussion to move somewhere else. I'll link to it so the FeedLand users can see it. |
|
Here's the first item I posted to Mastodon using Radio3. It's not ready to release yet, it still requires a user interface for configuring it with a specific Mastodon server. But for now, every link I post through Radio3 will go through Twitter, RSS, the Linkx page on Scripting News and Mastodon. I chose Radio3 to start with because it was the simplest app to hook up to Masto. |
|
Next question here -- |
|
Friends, I need Mastodon-literate folk such as yourselves to try out this new app. https://github.com/scripting/feedToMasto It's for Node.js folk, but you don't have to know very much but the basics. This is an important app -- it's the first one that hooks RSS directly up to Mastodon via the API. So far no one has validated that it works, so I am reluctant to promote it. Please help. :-) |
Uh oh!
There was an error while loading. Please reload this page.
Where I'm at.
I have a test Mastodon server up.
I have a bridge server app I can access from a web browser.
I have registered an app with Mastodon.
I have made an oauth/authorize call and get back a code. (Took a lot of trial and error!)
The next step is not working.
I am getting a 404 when I call oauth/token on the same server.
Here's what the call looks like:
https://social.scottfr.ee/oauth/token?grant_type=authorization_code&client_id=xxx&client_secret=xxx&redirect_uri=http://scripting.com/&scope=read+write+follow&code=xxx
These are the docs I'm using.
https://docs.joinmastodon.org/methods/apps/oauth/
I feel like I'm almost there, but missing something.
Any help appreciated.
The text was updated successfully, but these errors were encountered: