wholetrans/docs-mastodon
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix invalid scope parameter on authorization code token request (#1608)

Browse source
This commit is contained in:
Emelia Smith 2025-03-10 10:18:51 +01:00 committed by GitHub
parent 7da6e97fcc
commit 6295bb34f9
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 4 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

7
content/en/client/authorized.md
View file

@ -55,24 +55,25 @@ Now that we have an authorization `code`, let's obtain an access token that will
```bash ```bash
curl -X POST \ curl -X POST \
-F 'grant_type=authorization_code' \
-F 'client_id=your_client_id_here' \ -F 'client_id=your_client_id_here' \
-F 'client_secret=your_client_secret_here' \ -F 'client_secret=your_client_secret_here' \
-F 'redirect_uri=urn:ietf:wg:oauth:2.0:oob' \ -F 'redirect_uri=urn:ietf:wg:oauth:2.0:oob' \
-F 'grant_type=authorization_code' \
-F 'code=user_authzcode_here' \ -F 'code=user_authzcode_here' \
-F 'scope=read write push' \
https://mastodon.example/oauth/token https://mastodon.example/oauth/token
``` ```
Note the following: Note the following:
- We are requesting a `grant_type` of `authorization_code`
- `client_id` and `client_secret` were provided in the response text when you registered your application. - `client_id` and `client_secret` were provided in the response text when you registered your application.
- `redirect_uri` must be one of the URIs defined when registering the application. - `redirect_uri` must be one of the URIs defined when registering the application.
- We are requesting a `grant_type` of `authorization_code`, which still defaults to giving us the `read` scope. However, while authorizing our user, we requested a certain `scope` -- pass the exact same value here.
- The `code` can only be used once. If you need to obtain a new token, you will need to have the user authorize again by repeating the above [Authorize the user]({{< relref "client/authorized#authorize-the-user" >}}) step. - The `code` can only be used once. If you need to obtain a new token, you will need to have the user authorize again by repeating the above [Authorize the user]({{< relref "client/authorized#authorize-the-user" >}}) step.
The response of this method is a [Token]({{< relref "entities/token" >}}) entity. We will need the `access_token` value. Once you have the access token, save it in your local cache. The response of this method is a [Token]({{< relref "entities/token" >}}) entity. We will need the `access_token` value. Once you have the access token, save it in your local cache.
The `scope` of resulting Access Token will be the scopes approved during the [Authorization Request]({{< relref "client/authorized#login" >}})
{{< hint style="warning" >}} {{< hint style="warning" >}}
Treat the `access_token` as if it were a password. We recommend you encrypt this value when storing in your cache, to prevent accidental credential exposure. Treat the `access_token` as if it were a password. We recommend you encrypt this value when storing in your cache, to prevent accidental credential exposure.
{{< /hint >}} {{< /hint >}}