docs: how to auth

This commit is contained in:
əlemi 2024-02-29 00:10:45 +01:00
parent a8b89feb7a
commit 5f1fbe8422
Signed by: alemi
GPG key ID: A4895B84D311642C

View file

@ -19,4 +19,13 @@ simple and easy!
## usage
right now it's super crude: you must pass `<HOMESERVER> <AUTH_TOKEN> <YOUR_USER_ID>` as cli arguments to make it work, but next versions may include session storage and user_id resolution
note that user_id is underlying id, not your fully qualified name!
note that user_id is your underlying id, not the fully qualified name!
## authentication
the easy way is to steal an auth token from your browser (check any request's headers), but the proper way is to follow [Mastodon's](https://docs.joinmastodon.org/client/token/) [Oauth](https://docs.joinmastodon.org/client/authorized/) [flow](https://docs.joinmastodon.org/api/oauth-scopes/)
1. if you already have an application (client_id and client_secret) skip this, otherwise register one agains `/api/v1/apps`
2. request access by visiting `/oauth/authorize` from a logged-in browser passing your application's client_id
3. with the received code, POST again against `/oauth/token` but from your application, requesting a proper auth token from your given auth code
and done! received `access_token` is ready to use