Skip to content

allow api endpoint '/api/v1/auth/tokens/register' to answer json requests with json response#5040

Closed
lekma wants to merge 3 commits intoiv-org:masterfrom
lekma:master
Closed

allow api endpoint '/api/v1/auth/tokens/register' to answer json requests with json response#5040
lekma wants to merge 3 commits intoiv-org:masterfrom
lekma:master

Conversation

@lekma
Copy link
Copy Markdown

@lekma lekma commented Oct 30, 2024

currently '/api/v1/auth/tokens/register' returns html even if the request is a json one when you register your first token (meaning there is no authorization header yet)

@lekma lekma requested a review from a team as a code owner October 30, 2024 06:24
@lekma lekma requested review from SamantazFox and removed request for a team October 30, 2024 06:24
@lekma lekma mentioned this pull request Oct 30, 2024
Open
@lekma
Copy link
Copy Markdown
Author

lekma commented Oct 30, 2024

sorry for the squash spam, but i realized after the fact that my assumptions were wrong, i think that should be enough

@lekma
Copy link
Copy Markdown
Author

lekma commented Oct 30, 2024

and now i'm wondering if that is, in fact, worse...

@unixfox
Copy link
Copy Markdown
Member

unixfox commented Oct 30, 2024

Hello, if your PR is not finished yet you can convert it to a draft.

@lekma
Copy link
Copy Markdown
Author

lekma commented Oct 30, 2024

Hi,
no i think i got it right now, i'm just unsure of the 403 response code, is it enough?

@SamantazFox
Copy link
Copy Markdown
Member

SamantazFox commented Oct 30, 2024

currently '/api/v1/auth/tokens/register' returns html even if the request is a json one when you register your first token (meaning there is no authorization header yet)

If you look at the code, it returns HTML because you have a session ID present in the current environment (env.get? "sid" returns a non-nil value), meaning that your API client is passing the SID cookie.

Are you trying to access that API endpoint from a browser where you're already logged in?

@lekma
Copy link
Copy Markdown
Author

lekma commented Oct 30, 2024

no, that's the point, i'm trying to acces the api from a python script but i don't have a token yet, so i log in by posting a username/password (i couldn't find any documentation on how to login differently) then try to generate the token i would like to use for the rest of the session (mainly retrieving user feed).

the whole thing look like (pseudo-code):

# this is where i get the SID cookie it's a form-urlencoded request
login = session.post("instance.uri/login", data={"email": email, "password": password, "action": "signin"})
if login:
  # that request is a json one
  token =  session.post("instance.uri/api/v1/auth/tokens/register", json={"scopes": [":*"]})

and given that my second request is a json one i would expect the json api to return the same.
i thought it kinda odd to be given an html result...

@lekma
Copy link
Copy Markdown
Author

lekma commented Oct 30, 2024

correct me if i'm wrong, but, I do need to be logged in to use all the 'api/v1/auth' endoints, right?

@lekma
Copy link
Copy Markdown
Author

lekma commented Oct 30, 2024

also i forgot to mention but the idea is to store only the tokens (per instance) not the user/pass...

@lekma lekma closed this by deleting the head repository Nov 2, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@SamantazFox SamantazFox Awaiting requested review from SamantazFox SamantazFox was automatically assigned from iv-org/developers

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@lekma @unixfox @SamantazFox