-
Notifications
You must be signed in to change notification settings - Fork 154
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Seemingly grant_type=password no longer supported for ver 4.4.0 #387
Comments
Looks like v4.4.0 no longer supports the basic authentication and posting order flow. One needs to create an application in the Web UI (Preferences/Development). The resulting Application will have the access token that one can use for Then toot away! |
This is correct, we are moving away from allowing apps to provide a username and password on API calls in v4.4 and beyond. This is not as secure as the OAuth tokens. |
You can also discover if this grant type is supported via the It's been removed because it's been regarded as highly insecure for a long time and is actually completely removed in the upcoming OAuth 2.1 internet draft. Whilst you could use |
I believe we already fully support the OAuth flow as it is (with infinitely persistable token / no refresh). Not sure there is any need to try to support the client credential to client-only access token flow, but probably not - actions can already be performed on behalf of a client by just passing client_id and client_secret directly, and the entire "managing client IDs" part is kind of vestigial (since fully automated by necessity) for fedi servers anyways, what matters is getting the user access token. TODOs here I think are adjusting docs to note deprecation of the u/pw flow, adjusting sample code where needed, and apologizing to downstream users for the breaking change. |
There are some use-cases in the future that may exist for actual We may also in the future support Device Code Authorization Grant Flow for devices with limited input (e.g., IOT / TVs / Retrocomputers), but that's still being figured out since we can't implement straight away. |
Needs to change to grant_type=client_credentials.
There might be more issues with the release compatibility...
The text was updated successfully, but these errors were encountered: