misskey icon indicating copy to clipboard operation
misskey copied to clipboard
verified publisher icon misskey-dev

enhance(api): OAuth bearer token authentication

Open Johann150 opened this issue 3 years ago • 0 comments

What

  • Allow OAuth 2.0 Bearer Token Authentication according to RFC 6750 § 2.1 to be used alternatively to the body parameter i.
  • Adjust the client to use this new method, also for GET requests.
  • Handle authentication errors in the streaming API properly.
  • Adjust the generated OpenAPI specification to document GET requests and the new authentication method.
    • Also properly document that authentication is possible for all API endpoints, even if it is not required. Authenticating on such an endpoint may provide more data.

Why

Towards implementing OAuth 2.0 (https://github.com/misskey-dev/misskey/issues/8262), but does not solve the issue yet.

Additional info

Using both authentication methods at the same time is not allowed:

Clients MUST NOT use more than one method to transmit the token in each request. -- https://datatracker.ietf.org/doc/html/rfc6750#section-2

Johann150 avatar Jul 19 '22 07:07 Johann150