mirror of
https://git.pleroma.social/pleroma/pleroma.git
synced 2025-01-09 00:35:30 +00:00
Merge branch 'oauth-token-id' into 'develop'
Return token's primary key with POST /oauth/token See merge request pleroma/pleroma!3380
This commit is contained in:
commit
377f84f367
4 changed files with 28 additions and 4 deletions
|
@ -14,6 +14,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
|
||||||
### Added
|
### Added
|
||||||
|
|
||||||
- MRF (`FollowBotPolicy`): New MRF Policy which makes a designated local Bot account attempt to follow all users in public Notes received by your instance. Users who require approving follower requests or have #nobot in their profile are excluded.
|
- MRF (`FollowBotPolicy`): New MRF Policy which makes a designated local Bot account attempt to follow all users in public Notes received by your instance. Users who require approving follower requests or have #nobot in their profile are excluded.
|
||||||
|
- Return OAuth token `id` (primary key) in POST `/oauth/token`.
|
||||||
|
|
||||||
## Unreleased (Patch)
|
## Unreleased (Patch)
|
||||||
|
|
||||||
|
|
|
@ -256,9 +256,29 @@ This information is returned in the `/api/v1/accounts/verify_credentials` endpoi
|
||||||
|
|
||||||
*Pleroma supports refreshing tokens.*
|
*Pleroma supports refreshing tokens.*
|
||||||
|
|
||||||
`POST /oauth/token`
|
### POST `/oauth/token`
|
||||||
|
|
||||||
Post here request with `grant_type=refresh_token` to obtain new access token. Returns an access token.
|
You can obtain access tokens for a user in a few additional ways.
|
||||||
|
|
||||||
|
#### Refreshing a token
|
||||||
|
|
||||||
|
To obtain a new access token from a refresh token, pass `grant_type=refresh_token` with the following extra parameters:
|
||||||
|
|
||||||
|
- `refresh_token`: The refresh token.
|
||||||
|
|
||||||
|
#### Getting a token with a password
|
||||||
|
|
||||||
|
To obtain a token from a user's password, pass `grant_type=password` with the following extra parameters:
|
||||||
|
|
||||||
|
- `username`: Username to authenticate.
|
||||||
|
- `password`: The user's password.
|
||||||
|
|
||||||
|
#### Response body
|
||||||
|
|
||||||
|
Additional fields are returned in the response:
|
||||||
|
|
||||||
|
- `id`: The primary key of this token in Pleroma's database.
|
||||||
|
- `me` (user tokens only): The ActivityPub ID of the user who owns the token.
|
||||||
|
|
||||||
## Account Registration
|
## Account Registration
|
||||||
|
|
||||||
|
|
|
@ -10,6 +10,7 @@ defmodule Pleroma.Web.OAuth.OAuthView do
|
||||||
|
|
||||||
def render("token.json", %{token: token} = opts) do
|
def render("token.json", %{token: token} = opts) do
|
||||||
response = %{
|
response = %{
|
||||||
|
id: token.id,
|
||||||
token_type: "Bearer",
|
token_type: "Bearer",
|
||||||
access_token: token.token,
|
access_token: token.token,
|
||||||
refresh_token: token.refresh_token,
|
refresh_token: token.refresh_token,
|
||||||
|
|
|
@ -805,10 +805,12 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
|
||||||
"client_secret" => app.client_secret
|
"client_secret" => app.client_secret
|
||||||
})
|
})
|
||||||
|
|
||||||
assert %{"access_token" => token} = json_response(conn, 200)
|
assert %{"id" => id, "access_token" => access_token} = json_response(conn, 200)
|
||||||
|
|
||||||
token = Repo.get_by(Token, token: token)
|
token = Repo.get_by(Token, token: access_token)
|
||||||
assert token
|
assert token
|
||||||
|
assert token.id == id
|
||||||
|
assert token.token == access_token
|
||||||
assert token.scopes == app.scopes
|
assert token.scopes == app.scopes
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue