-
-
Notifications
You must be signed in to change notification settings - Fork 968
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Document new OAuth changes for 4.3.0 #1445
base: main
Are you sure you want to change the base?
Document new OAuth changes for 4.3.0 #1445
Conversation
I have noticed that there is some churn here due to my editor using Prettier for markdown documents. We may want to consider adopting prettier for this repository. |
|
||
{{< hint style="warning" >}} | ||
Treat the `code` query parameter as if it were a password, you should ensure that it is not logged in request logs. | ||
{{< /hint >}} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
|
||
- See [/api/v1/endorsements]({{< relref "methods/endorsements" >}}) for managing a user profile's featured accounts. | ||
- See [/api/v1/featured_tags]({{< relref "methods/featured_tags" >}}) for managing a user profile's featured hashtags. | ||
- See [/api/v1/preferences]({{< relref "methods/preferences" >}}) for reading user preferences. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is all accidental churn due to prettier.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It would potentially be useful here to run prettier in separate branch/PR, get that merged first, rebase this, etc.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it's "fine" for now? But do a follow up to run prettier; I'd rather not be rebasing this branch since there's now quite a lot of commits and rebasing would take quite a long time.
92be172
to
9e25eff
Compare
It is recommended that you make use of granular scopes, unless you really need full access to everything by using a `scope` of `read write follow push`. | ||
|
||
| Scope | Granular Scopes | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i think this information is more accessible in list form as above instead of as a table. tables don't flow well on mobile either.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The reason for changing it to an actual table was because everything referred to the "table of granular scopes", which didn't actually exist.
@@ -45,14 +45,15 @@ Add a Web Push API subscription to receive notifications. Each access token can | |||
3.3.0 - added `data[alerts][status]`\ | |||
3.4.0 - added `data[policy]`\ | |||
3.5.0 - added `data[alerts][update]` and `data[alerts][admin.sign_up]`\ | |||
4.0.0 - added `data[alerts][admin.report]` | |||
4.0.0 - added `data[alerts][admin.report]`\ | |||
4.3.0 - added stricter request parameter validation, invalid endpoint URLs and subscription keys will now result in an error, previously these would be accepted, but silently fail. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
run-on sentence
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What would be your suggested fix? This to me looks fine when I only really have a single sentence to use?
@@ -668,7 +675,7 @@ An example filter change by the user: | |||
``` | |||
|
|||
{{< hint style="warning" >}} | |||
Note that the `payload` property is not present for `filters_changed` events. | |||
Note that the `payload` property is not present for `filters_changed` events. And for `delete` and `announcements.delete` the payload is a string, not an object. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
redundant addition here
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Was deliberate, since it's easily missed and one of the bugs to fix in v2 of streaming.
@@ -641,7 +648,7 @@ An example update to the public timeline: | |||
``` | |||
|
|||
{{< hint style="warning" >}} | |||
Note that while the event is JSON-encoded, the `payload` is string-encoded and escaped, so it must be parsed and loaded as JSON from that string. | |||
Note that while the event is JSON-encoded, the `payload` is string-encoded and escaped, so it must be parsed and loaded as JSON from that string. However, for `delete` and `announcements.delete` events the payload is a string representing an identifier, not a JSON value. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Make this addition into a completely separate hint after line 665 or so (Below "An example delete event from the public timeline:")
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm fine with this I think.
This pull request has merge conflicts that must be resolved before it can be merged. |
…cated on Application entity
Co-authored-by: Matt Jankowski <[email protected]>
Co-authored-by: Matt Jankowski <[email protected]>
Co-authored-by: Matt Jankowski <[email protected]>
Co-authored-by: Matt Jankowski <[email protected]>
…ation used to create them
7623240
to
83aaf51
Compare
Have address majority of the code review comments and left replies where I disagree with said comments or need more information. |
This pull request has resolved merge conflicts and is ready for review. |
/.well-known/oauth-authorization-server
documentationredirect_uri
onApplication
and addition ofredirect_uris
client_id
,client_secret
,access_token
andcode
values that they should be treated as if they are password, and stored securely.read
scope forGET /api/v1/apps/verify_credentials
(this now just requires a valid access token)client_secret_expires_at
onApplication
, per Add client_secret_expires_at to OAuth Applications mastodon#30317Application
vsCredentialApplication
split, per Support multiple redirect_uris when creating OAuth 2.0 Applications mastodon#29192This branch is based on #1444