Return token's primary key with POST /oauth/token

This commit is contained in:
Alex Gleason 2021-03-24 12:50:05 -05:00
parent caadde3b04
commit b6a69b5efd
No known key found for this signature in database
GPG Key ID: 7211D1F99744FBB7
3 changed files with 27 additions and 4 deletions

View File

@ -255,9 +255,29 @@ This information is returned in the `/api/v1/accounts/verify_credentials` endpoi
*Pleroma supports refreshing tokens.*
`POST /oauth/token`
### POST `/oauth/token`
Post here request with `grant_type=refresh_token` to obtain new access token. Returns an access token.
You can obtain access tokens for a user in a few additional ways.
#### Refreshing a token
To obtain a new access token from a refresh token, pass `grant_type=refresh_token` with the following extra parameters:
- `refresh_token`: The refresh token.
#### Getting a token with a password
To obtain a token from a user's password, pass `grant_type=password` with the following extra parameters:
- `username`: Username to authenticate.
- `password`: The user's password.
#### Response body
Additional fields are returned in the response:
- `id`: The primary key of this token in Pleroma's database.
- `me` (user tokens only): The ActivityPub ID of the user who owns the token.
## Account Registration

View File

@ -10,6 +10,7 @@ defmodule Pleroma.Web.OAuth.OAuthView do
def render("token.json", %{token: token} = opts) do
response = %{
id: token.id,
token_type: "Bearer",
access_token: token.token,
refresh_token: token.refresh_token,

View File

@ -805,10 +805,12 @@ test "issues a token for `password` grant_type with valid credentials, with full
"client_secret" => app.client_secret
})
assert %{"access_token" => token} = json_response(conn, 200)
assert %{"id" => id, "access_token" => access_token} = json_response(conn, 200)
token = Repo.get_by(Token, token: token)
token = Repo.get_by(Token, token: access_token)
assert token
assert token.id == id
assert token.token == access_token
assert token.scopes == app.scopes
end