Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

allow api endpoint '/api/v1/auth/tokens/register' to answer json requests with json response #5040

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

allow api endpoint '/api/v1/auth/tokens/register' to answer json requests with json response #5040

wants to merge 1 commit into from

Conversation

lekma
Copy link

@lekma lekma commented Oct 30, 2024

currently '/api/v1/auth/tokens/register' returns html even if the request is a json one when you register your first token (meaning there is no authorization header yet)

@lekma lekma requested a review from a team as a code owner October 30, 2024 06:24
@lekma lekma requested review from SamantazFox and removed request for a team October 30, 2024 06:24
@lekma lekma mentioned this pull request Oct 30, 2024
Open
@lekma lekma force-pushed the master branch 2 times, most recently from 119abbf to 75b49d4 Compare October 30, 2024 11:49
@lekma
Copy link
Author

lekma commented Oct 30, 2024

sorry for the squash spam, but i realized after the fact that my assumptions were wrong, i think that should be enough

@lekma
Copy link
Author

lekma commented Oct 30, 2024

and now i'm wondering if that is, in fact, worse...

@unixfox
Copy link
Member

unixfox commented Oct 30, 2024

Hello, if your PR is not finished yet you can convert it to a draft.

@lekma
Copy link
Author

lekma commented Oct 30, 2024

Hi,
no i think i got it right now, i'm just unsure of the 403 response code, is it enough?

@SamantazFox
Copy link
Member

currently '/api/v1/auth/tokens/register' returns html even if the request is a json one when you register your first token (meaning there is no authorization header yet)

If you look at the code, it returns HTML because you have a session ID present in the current environment (env.get? "sid" returns a non-nil value), meaning that your API client is passing the SID cookie.

Are you trying to access that API endpoint from a browser where you're already logged in?

@lekma
Copy link
Author

lekma commented Oct 30, 2024

no, that's the point, i'm trying to acces the api from a python script but i don't have a token yet, so i log in by posting a username/password (i couldn't find any documentation on how to login differently) then try to generate the token i would like to use for the rest of the session (mainly retrieving user feed).

the whole thing look like (pseudo-code):

# this is where i get the SID cookie it's a form-urlencoded request
login = session.post("instance.uri/login", data={"email": email, "password": password, "action": "signin"})
if login:
  # that request is a json one
  token =  session.post("instance.uri/api/v1/auth/tokens/register", json={"scopes": [":*"]})

and given that my second request is a json one i would expect the json api to return the same.
i thought it kinda odd to be given an html result...

@lekma
Copy link
Author

lekma commented Oct 30, 2024

correct me if i'm wrong, but, I do need to be logged in to use all the 'api/v1/auth' endoints, right?

@lekma
Copy link
Author

lekma commented Oct 30, 2024

also i forgot to mention but the idea is to store only the tokens (per instance) not the user/pass...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SamantazFox SamantazFox Awaiting requested review from SamantazFox SamantazFox is a code owner automatically assigned from iv-org/developers

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@lekma @unixfox @SamantazFox