mirror of
https://git.alemi.dev/fedimut.git
synced 2024-11-23 08:54:47 +01:00
docs: how to auth
This commit is contained in:
parent
a8b89feb7a
commit
5f1fbe8422
1 changed files with 10 additions and 1 deletions
11
README.md
11
README.md
|
@ -19,4 +19,13 @@ simple and easy!
|
||||||
## usage
|
## usage
|
||||||
right now it's super crude: you must pass `<HOMESERVER> <AUTH_TOKEN> <YOUR_USER_ID>` as cli arguments to make it work, but next versions may include session storage and user_id resolution
|
right now it's super crude: you must pass `<HOMESERVER> <AUTH_TOKEN> <YOUR_USER_ID>` as cli arguments to make it work, but next versions may include session storage and user_id resolution
|
||||||
|
|
||||||
note that user_id is underlying id, not your fully qualified name!
|
note that user_id is your underlying id, not the fully qualified name!
|
||||||
|
|
||||||
|
## authentication
|
||||||
|
the easy way is to steal an auth token from your browser (check any request's headers), but the proper way is to follow [Mastodon's](https://docs.joinmastodon.org/client/token/) [Oauth](https://docs.joinmastodon.org/client/authorized/) [flow](https://docs.joinmastodon.org/api/oauth-scopes/)
|
||||||
|
|
||||||
|
1. if you already have an application (client_id and client_secret) skip this, otherwise register one agains `/api/v1/apps`
|
||||||
|
2. request access by visiting `/oauth/authorize` from a logged-in browser passing your application's client_id
|
||||||
|
3. with the received code, POST again against `/oauth/token` but from your application, requesting a proper auth token from your given auth code
|
||||||
|
|
||||||
|
and done! received `access_token` is ready to use
|
||||||
|
|
Loading…
Reference in a new issue