From 5f1fbe8422338ad9c7c6e30eaf365fe718b7920a Mon Sep 17 00:00:00 2001 From: alemi Date: Thu, 29 Feb 2024 00:10:45 +0100 Subject: [PATCH] docs: how to auth --- README.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 9314e75..03412fb 100644 --- a/README.md +++ b/README.md @@ -19,4 +19,13 @@ simple and easy! ## usage right now it's super crude: you must pass ` ` as cli arguments to make it work, but next versions may include session storage and user_id resolution -note that user_id is underlying id, not your fully qualified name! +note that user_id is your underlying id, not the fully qualified name! + +## authentication +the easy way is to steal an auth token from your browser (check any request's headers), but the proper way is to follow [Mastodon's](https://docs.joinmastodon.org/client/token/) [Oauth](https://docs.joinmastodon.org/client/authorized/) [flow](https://docs.joinmastodon.org/api/oauth-scopes/) + + 1. if you already have an application (client_id and client_secret) skip this, otherwise register one agains `/api/v1/apps` + 2. request access by visiting `/oauth/authorize` from a logged-in browser passing your application's client_id + 3. with the received code, POST again against `/oauth/token` but from your application, requesting a proper auth token from your given auth code + +and done! received `access_token` is ready to use