53ningen
commented
7 years ago Thank you for reporting issue :) I'll try to put a little sample project into solution. Give me a sec 🙏
Open chiyancheung opened 7 years ago
53ningen
commented
7 years ago Thank you for reporting issue :) I'll try to put a little sample project into solution. Give me a sec 🙏
chiyancheung
commented
7 years ago @53ningen: Thanks for the quick response! :1st_place_medal:
I'm new to Mastodon, so please bear with my newbie questions:
Registering an app to Mastodon instance: a. this one has to be done only once, right? b. do I need to authenticate before registering an app? Only registered users can register an app, right? c. "client_name" is this any made-up name I want, or where can I get this value?
"Authorization Code Grant flow" -- where can I find more info about this?
If I want to post a new "toot" with an image or video, what do I need to do?
Thanks again!
toryalsip
commented
7 years ago I can help answer your first question. So the basic oauth flow is that first the app needs to register with the server, which is typically on a per install basis. This gives the app a client_id and client_secret that needs to be stored for all future auth calls. Then when the user logs in with their user name and password that client_id and secret is sent with it to associate that app install with the user's account, which gives the app a token that can then be used for all authenticated calls. As I've been seeing in most implementations, including this one, is that the storage and reuse of these tokens is up to the consuming app. I think it is possible to make that more transparent, but it would be some work to do and storage mechanisms tend to be platform driven.
The sample code is a little disjointed. Can you please put the code together into a working complete sample sample project?
Thanks!