squeegily
/
pleroma
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 42 Wiki Activity
Browse Source

Merge branch 'oauth-token-id' into 'develop' 

Return token's primary key with POST /oauth/token

See merge request pleroma/pleroma!3380
feature/config-versioning
feld 3 years ago
parent
2fe3bd8178 6bc8ab225d
commit
377f84f367
4 changed files with 28 additions and 4 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +1
    -0
      CHANGELOG.md
  2. +22
    -2
      docs/development/API/differences_in_mastoapi_responses.md
  3. +1
    -0
      lib/pleroma/web/o_auth/o_auth_view.ex
  4. +4
    -2
      test/pleroma/web/o_auth/o_auth_controller_test.exs

+ 1
- 0
CHANGELOG.md View File

@@ -14,6 +14,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
### Added

- MRF (`FollowBotPolicy`): New MRF Policy which makes a designated local Bot account attempt to follow all users in public Notes received by your instance. Users who require approving follower requests or have #nobot in their profile are excluded.
- Return OAuth token `id` (primary key) in POST `/oauth/token`.

## Unreleased (Patch)



+ 22
- 2
docs/development/API/differences_in_mastoapi_responses.md View File

@@ -256,9 +256,29 @@ This information is returned in the `/api/v1/accounts/verify_credentials` endpoi

*Pleroma supports refreshing tokens.*

`POST /oauth/token`
### POST `/oauth/token`

Post here request with `grant_type=refresh_token` to obtain new access token. Returns an access token.
You can obtain access tokens for a user in a few additional ways.

#### Refreshing a token

To obtain a new access token from a refresh token, pass `grant_type=refresh_token` with the following extra parameters:

- `refresh_token`: The refresh token.

#### Getting a token with a password

To obtain a token from a user's password, pass `grant_type=password` with the following extra parameters:

- `username`: Username to authenticate.
- `password`: The user's password.

#### Response body

Additional fields are returned in the response:

- `id`: The primary key of this token in Pleroma's database.
- `me` (user tokens only): The ActivityPub ID of the user who owns the token.

## Account Registration



+ 1
- 0
lib/pleroma/web/o_auth/o_auth_view.ex View File

@@ -10,6 +10,7 @@ defmodule Pleroma.Web.OAuth.OAuthView do

def render("token.json", %{token: token} = opts) do
response = %{
id: token.id,
token_type: "Bearer",
access_token: token.token,
refresh_token: token.refresh_token,


+ 4
- 2
test/pleroma/web/o_auth/o_auth_controller_test.exs View File

@@ -805,10 +805,12 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
"client_secret" => app.client_secret
})

assert %{"access_token" => token} = json_response(conn, 200)
assert %{"id" => id, "access_token" => access_token} = json_response(conn, 200)

token = Repo.get_by(Token, token: token)
token = Repo.get_by(Token, token: access_token)
assert token
assert token.id == id
assert token.token == access_token
assert token.scopes == app.scopes
end



Write Preview
Loading…
Cancel
Save