Discourse API Keys

[sajattack]

Hey, just wanted to let you know discourse actually does support API keys for non-admins, it's just really poorly documented. There's some documentation here and here and some code here.

[mre]

Oh wow, that's great news. 😄
The second link mentions that write tokens need to be unlocked by the admins. Can you confirm that?
Would mostly be interested in announcing new episodes of "Hello Rust" on the Rust forum. Have you tried that, perhaps? (Was just thinking because your code is also written in Rust)

[sajattack]

Yeah I think I successfully posted to the "What are you working on this week" thread with it if I recall correctly.

[mre]

uh! that's cool. Will give it a shot if I find some time. 👍

[sajattack]

Yeah I just made another test post with it and it worked.

[mre]

Hum... started hacking on the Discourse support, but it doesn't work yet.
As a first step, I was trying to retrieve the API URL using your code snippet, but I get a 500: Internal Server Error.

The URL that is generated looks like this:

https://users.rust-lang.org/user-api-key/new?scopes=read%2Cwrite&client_id=b5b348a5bbc88ec83887f42e193483b7&nonce=7b53102ea5a3af47&auth_redirect=discourse%3A%2F%2Fauth_redirect&application_name=Discourse+TUI&public_key=-----BEGIN+PUBLIC+KEY-----%0AMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArpA4ucx4mhZKihrPIeS7%0Advt9fuOt5VdYhyjGaZ4IZSCgBegu%2B3sNs4OoDil%2BHEvn1xQ9gt6muD3lgofue1fu%0AxTcnniz0zYqy3eNu8JTN%2FqwVPz5zf5qdQHg%2BqeC45LLxT%2FnVTgM8Pzc9sLhLtCgM%0A0mvRscFrAjHeBn3g%2FovTbYXj2%2BHguJDWjsF%2F1UJwNnmuxElVqxPO%2B44DL1kuP8V3%0AoSQ3HlMiC3DDJNDIbu%2F5zfWqB5o9tkhtLdwzJ1vdmgmcMIm7AsnwvYa%2Fj3p9hF57%0Aqf0hPhE5i%2B07XQZVo2gJgkZgxmYUWLofe%2Bt6rGoQf67rL2bhQDHn4GAUpP91ISZR%0ASQIDAQAB%0A-----END+PUBLIC+KEY-----%0A

Can you check if I made an obvious mistake?
Code is in this branch: https://github.com/hello-rust/hello/compare/discourse

[sajattack]

I think you have to strip the %0A's

[sajattack]

Actually, I just clicked the URL and it loaded up for me. Maybe it was a temporary outage or you need to be logged in in the browser?

[mre]

It's strange. The above link works for me now as well and it takes me to the login screen.
Recreated a new link and it doesn't work anymore (Error 500):

https://users.rust-lang.org/user-api-key/new?scopes=read,write&client_id=1ce9289742e7983713e558ac2c263ee4&nonce=714d3c3281d0595a&auth_redirect=discourse://auth_redirect&application_name=Discourse+TUI&public_key=-----BEGIN+PUBLIC+KEY-----MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAznh7RrdsmFtTc/0TvdmC7gyl32aP36H932I0Lt1hOo5sMNyVv8Tr1Q0sgCircIoNhBy+D1OabWoWQHc7xWZ29ih+V2gfl3WNyfRasktZPFjMKpqSeq7Q7Tfben7WEq1vmq1EdQ80bv3vN/fHdGcbeI2aPtBhuyjyAw8ok3chVXcrp5zsnseGpaQeBIrrh2A49oU1dUmMB8BTbtQ/eJkKJJoMsI+XkbfJmgU7mmd3048Tu/y+MupzSdo5IJ4RvRpI/q+vTwD8CDJ/yHjwXZ0remxdF0XFw/OD4Cnz1Qx+D/K8hKlaFldHLZY5tIn7a9cfyrdQahd8D9BDHLWixDj8xQIDAQAB-----END+PUBLIC+KEY-----

Maybe this link will also begin to work after a while? Maybe it's a backend job that needs to get triggered or something? No clue. 🤔

[mre]

16 hours in, second link still dead... 😕

[mre]

@sajattack, does the second link that I posted work for you? On my machine it doesn't while the first one works now.

[sajattack]

No it doesn't. I didn't mean that you should remove all the URL encoding.

[mre]

Oh. You're right. Funnily I was just rerunning the tool and then pasting the result here.
I could swear that I copied the link over verbatim but yeah, it works now. 😄

[mre]

Thanks so far. 👍
I guess the next step would be to register the app as a URI handler for discourse://auth_redirect as you did here.
Would like to do that cross-platform (Mac/Linux). Would be cool to have a separate crate for that, but I guess that's out of the scope for now.
Will do that when I find some time (or you'd like to do it, which would also be awesome, of course).

[mre]

Whelp, turns out there's https://github.com/maidsafe/system_uri, which we could use. 🎉

[sajattack]

Nifty.

[mre]

One question: does the authentication redirect really need to point to a discourse:// URL?
Was searching for this information but couldn't find it.

I'm asking because the system uri handler is quite tricky to get right - especially across platforms. https://github.com/maidsafe/system_uri helps, but one would still have to wrap hello into an app on Mac for example.
If we could use a simple http:// URL as an authentication redirect, things might become a little easier. In this case we could just spawn a little local webserver, open the generated auth link in a normal webbrowser and wait until the user signs in. Then the browser would get redirected to our little webserver which prints the auth token.
Semi-automatic, but easier to set up and doesn't modify the system's uri handlers.

What do you think?

@M3t0r and me were experimenting with this, but we didn't get it to work. See #7 for the current status.

[sajattack]

The discourse:// URI is allowed by default. Other redirects have to be enabled by server admins.

"there is a site setting that lists where the redirect is allowed to go."
https://meta.discourse.org/t/generating-user-api-keys-with-rest-api/61916/19

[mre]

Ah okay. That's unfortunate. Then I guess we'll have to go the hard way...
Thanks for the info! 🤓