FoundKeyGang/FoundKey
FoundKeyGang/FoundKey
7
19
Fork 22
Code Issues 37 Pull requests 4 Releases Activity

implement bearer token authentication #15

Manually merged
Johann150 merged 5 commits from bearer-authentication into main 2022-07-20 13:11:43 +00:00
Conversation 5 Commits 5 Files changed 8 +84 -32
Johann150 commented 2022-07-18 21:33:11 +00:00
Owner
Copy link

Bearer token authentication is implemented on the back end. This should eventually help with problems brought up in #14 (but the client also needs to be adjusted).

Since we already basically used bearer tokens this is not really tricky, it just has to be put into/taken from the right fields & formats for OAuth 2.0.

Bearer token authentication is implemented on the back end. This should eventually help with problems brought up in #14 (but the client also needs to be adjusted). Since we already basically used bearer tokens this is not really tricky, it just has to be put into/taken from the right fields & formats for OAuth 2.0.
Johann150 added 4 commits 2022-07-18 21:33:12 +00:00
Johann150 added this to the (deleted) project 2022-07-18 21:33:24 +00:00
Johann150 added a new dependency 2022-07-18 21:34:41 +00:00
#14 hide metadata of private notes
Johann150 added 1 commit 2022-07-18 22:50:01 +00:00
ente commented 2022-07-19 05:28:49 +00:00
First-time contributor
Copy link

Does this break compatibility with the Misskey API?

As far as I understand it, this is just a different keyword in the JSON to mark the token, so I can just pass it in two different flavours to be compatible with Misskey and Foundkey?

{
"i": "token",
"Bearer": "token"
}
Does this break compatibility with the Misskey API? As far as I understand it, this is just a different keyword in the JSON to mark the token, so I can just pass it in two different flavours to be compatible with Misskey and Foundkey? ``` { "i": "token", "Bearer": "token" } ```
Johann150 commented 2022-07-19 06:06:57 +00:00
Author
Owner
Copy link

This is not a breaking change. (yet?)

You are not quite right, the alternative way to pass in the token is via the HTTP Header Authorization in the format Bearer <token> (where <token> is what you put in i). This is a standardized mechanism from OAuth 2.0 called Bearer Token Authentication.

Note that passing in the token both ways is forbidden by the OAuth specification and will cause an error.

This is not a breaking change. (yet?) You are not quite right, the alternative way to pass in the token is via the HTTP Header `Authorization` in the format `Bearer <token>` (where `<token>` is what you put in `i`). This is a standardized mechanism from OAuth 2.0 called Bearer Token Authentication. Note that passing in the token both ways is forbidden by the OAuth specification and will cause an error.
Johann150 commented 2022-07-19 07:47:48 +00:00
Author
Owner
Copy link

Also made a pull request to add this to Misskey: https://github.com/misskey-dev/misskey/pull/9021

Also made a pull request to add this to Misskey: https://github.com/misskey-dev/misskey/pull/9021
toast approved these changes 2022-07-20 11:09:50 +00:00
toast commented 2022-07-20 11:10:33 +00:00
Owner
Copy link

LGTM - has this been tested? If so the merge button should be pressed imo ^^

LGTM - has this been tested? If so the merge button should be pressed imo ^^
Johann150 referenced this pull request from a commit 2022-07-20 13:11:42 +00:00
Merge bearer-authentication
Johann150 manually merged commit f3e196528f into main 2022-07-20 13:11:43 +00:00
Johann150 commented 2022-07-20 13:11:49 +00:00
Author
Owner
Copy link

Is running on my instance and didn't notice issues.

Is running on my instance and didn't notice issues.
Johann150 deleted branch bearer-authentication 2022-07-20 13:12:16 +00:00
norm referenced this pull request from a commit 2022-08-28 14:46:46 +00:00
update endpoints (#15)
Johann150 added the
fix
 label 2022-12-23 10:20:17 +00:00
Johann150 removed this from the (deleted) project 2022-12-23 10:20:20 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
toast
Labels
Clear labels   
feature

task that proposes new feature(s)

  
fix

task to fix behavioral problems in the FoundKey codebase

  
upkeep

task that should make FoundKey smaller and more maintainable

No labels
feature
fix
upkeep
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
3 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Blocks
#14 hide metadata of private notes}
FoundKeyGang/FoundKey
Reference: FoundKeyGang/FoundKey#15
No description provided.
Delete branch "bearer-authentication"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?