mattn / go-mastodon

mastodon client for golang
MIT License
604 stars 88 forks source link

AuthenticateApp doesn't provide scopes but Authenticate does? #184

Closed jasondborneman closed 1 year ago

jasondborneman commented 1 year ago

I'm trying to use AuthenticateApp and it seems to be authenticating ok (at least, it doesn't err) but when I try to post a status I get the following error:

bad request: 403 Forbidden: This action is outside the authorized scopes

yet I have read/write all scopes selected on my app configuration within mastodon (created manually and just using teh client id/secret from that)

So I got to looking and noticed that the Authenticate func provides scopes:

// Authenticate gets access-token to the API.
func (c *Client) Authenticate(ctx context.Context, username, password string) error {
    params := url.Values{
        "client_id":     {c.Config.ClientID},
        "client_secret": {c.Config.ClientSecret},
        "grant_type":    {"password"},
        "username":      {username},
        "password":      {password},
        "scope":         {"read write follow"},
    }

    return c.authenticate(ctx, params)
}

Here's the action I'm trying to take:

theToot := mastodon.Toot{
        Status: message,
    }
_, err = client.PostStatus(context.Background(), &theToot)

Does AuthenticateApp need to do the same to work? Or am I doing something dumb? :)

Thanks!

jasondborneman commented 1 year ago

Follow up: From Mastodon API docs: https://docs.joinmastodon.org/methods/oauth/

scope String. List of requested OAuth scopes, separated by spaces (or by pluses, if using query parameters). Must be a subset of scopes declared during app registration. If not provided, defaults to read.

It looks liek only the Authenticate func is requesting scope(s). So the other Auth funcs liek AuthenticateApp can only read.

jasondborneman commented 1 year ago

I forked and fixed so I can get past Auth now https://github.com/jasondborneman/go-mastodon/blob/master/mastodon.go#L172

Unfortunately I've run into a different issue. I'm not sure if this is a side effect of how i'm using it or what. Here's where I'm using this masto client: https://github.com/jasondborneman/solar3/blob/main/Mastodon/Mastodon.go#L12

As you can see I'm NOT creating the application as part of the code. I created that manually and am using the client id/secret as env vars. I then create the new client and use AuthenticateApp. But once I try to do anything (I've tried uploading media and just making a plain toot) I get the following error: bad request: 422 Unprocessable Entity: This method requires an authenticated user

How do I add a specific user to my authentication when I want to do App Auth? The instance I'm on (botsin.space) looks like it doesn't support password grant type, and I'm running my code as a cloud function so I can't do the normal oauth flow with a redirect url.

Thoughts? Thanks!

jasondborneman commented 1 year ago

I have a hunch: https://github.com/mattn/go-mastodon/blob/master/apps.go#L85

The /oauth/authorize is being set up in App creation, I can't find where it's being called but if it's being done as part of App creation..... if you are using it like I am, from an already existing app, you never get the code to use so when /token is finally called it hasn't been authorized yet. This is just a wild guess as to what's going on.

jasondborneman commented 1 year ago

I think I've had a misunderstanding of OAuth unfortunately, even with the redirect uri being urn:ietf:wg:oauth:2.0:oob it goes to a mastodon login which won't work for a cloud function implementation of this.