Document new OAuth changes for 4.3.0 #1445
Conversation
|
I have noticed that there is some churn here due to my editor using Prettier for markdown documents. We may want to consider adopting prettier for this repository. |
|
|
||
| {{< hint style="warning" >}} | ||
| Treat the `code` query parameter as if it were a password, you should ensure that it is not logged in request logs. | ||
| {{< /hint >}} |
There was a problem hiding this comment.
This displays as follows: 
|
|
||
| - See [/api/v1/endorsements]({{< relref "methods/endorsements" >}}) for managing a user profile's featured accounts. | ||
| - See [/api/v1/featured_tags]({{< relref "methods/featured_tags" >}}) for managing a user profile's featured hashtags. | ||
| - See [/api/v1/preferences]({{< relref "methods/preferences" >}}) for reading user preferences. |
There was a problem hiding this comment.
This is all accidental churn due to prettier.
There was a problem hiding this comment.
It would potentially be useful here to run prettier in separate branch/PR, get that merged first, rebase this, etc.
ThisIsMissEm
force-pushed
the
chore/document-oauth-changes
branch
from
92be172
to
9e25eff
Compare
| Treat the `access_token` as if it were a password. We recommend you encrypt this value when storing in your cache, to prevent accidental credential exposure. | ||
| {{< /hint >}} | ||
|
|
||
| To use it in requests, add the HTTP header `Authorization: Bearer <access_token>` to any API call that requires OAuth (i.e., one that is not publicly accessible). |
There was a problem hiding this comment.
Maybe slightly out of scope of this PR, but may be useful to a do a once-over for consistent usage of this placeholder value. You are using <access_token> here (which makes complete sense to me). In an example below there's a place that uses "our_access_token_here" for example. Maybe there are more differences elsewhere. Would be nice for consistency to align them.
There was a problem hiding this comment.
Yeah, I think out of scope for now
Co-authored-by: Matt Jankowski <matt@jankowski.online>
Co-authored-by: Matt Jankowski <matt@jankowski.online>
Co-authored-by: Matt Jankowski <matt@jankowski.online>
Co-authored-by: Matt Jankowski <matt@jankowski.online>
/.well-known/oauth-authorization-serverdocumentationredirect_urionApplicationand addition ofredirect_urisclient_id,client_secret,access_tokenandcodevalues that they should be treated as if they are password, and stored securely.readscope forGET /api/v1/apps/verify_credentials(this now just requires a valid access token)client_secret_expires_atonApplication, per Add client_secret_expires_at to OAuth Applications mastodon#30317ApplicationvsCredentialApplicationsplit, per Support multiple redirect_uris when creating OAuth 2.0 Applications mastodon#29192This branch is based on #1444