Authorization code flow not approve choice but signed in anyway


(Lumy ) #1

hello everyone,

I’m trying to connect with python (diaspy project https://github.com/marekjm/diaspy) to my pod, up-to-date by using the authorization code flow (https://github.com/diaspora/diaspora/issues/6182).

Arriving to step 4, when i post to the url users/sign_in, i’m excepting some HTML with a:
<form class=“approve”…>

I don’t receive this form, but i receive a message telling i’m logged in.

    Signed in successfully.

But whenever i try to post a status message i get a:

    [2017-04-29T23:52:05] INFO  PID-619 TID-69975697723660 Rails: Started POST "/status_messages" for 127.0.0.1 at 2017-04-29 23:52:05 +0000
    [2017-04-29T23:52:05] INFO  PID-619 TID-69975697723660 ActionController::Base: Processing by StatusMessagesController#create as */*
    [2017-04-29T23:52:05] INFO  PID-619 TID-69975697723660 ActionController::Base:   Parameters: {"{\"status_message\": {\"provider_display_name\": \"\", \"text\": \"Test Post Diaspy\"}, \"aspect_ids\": \"public\"}"=>"[FILTERED]"}                                                                                  
    [2017-04-29T23:52:05] INFO  PID-619 TID-69975697723660 ActionController::Base: Completed 401 Unauthorized in 9ms (ActiveRecord: 0.0ms)

I found in the thread a message saying:

c13a923 adds support for authorizations by default. When an authorization doesn’t already exists it is created by default on password flow.

So I’m just wondering if this is a normal process ? because i don’t see the app coming into my settings on my pod.

I’m using a fresh install of a pod and so no app has been approved yet. (Supposedly i guess)

Thanks.


(Dennis Schubert) #2

Just to record the thing I just said on IRC: While the authorization flow is implemented, you can only use the tokens inside API routes, which there are non of. You are not able (and you will not be able) to use the tokens for general authorization for accessing the “web interface”.