### Added
- MRF (`FollowBotPolicy`): New MRF Policy which makes a designated local Bot account attempt to follow all users in public Notes received by your instance. Users who require approving follower requests or have #nobot in their profile are excluded.
+- Return OAuth token `id` (primary key) in POST `/oauth/token`.
## Unreleased (Patch)
*Pleroma supports refreshing tokens.*
-`POST /oauth/token`
+### POST `/oauth/token`
-Post here request with `grant_type=refresh_token` to obtain new access token. Returns an access token.
+You can obtain access tokens for a user in a few additional ways.
+
+#### Refreshing a token
+
+To obtain a new access token from a refresh token, pass `grant_type=refresh_token` with the following extra parameters:
+
+- `refresh_token`: The refresh token.
+
+#### Getting a token with a password
+
+To obtain a token from a user's password, pass `grant_type=password` with the following extra parameters:
+
+- `username`: Username to authenticate.
+- `password`: The user's password.
+
+#### Response body
+
+Additional fields are returned in the response:
+
+- `id`: The primary key of this token in Pleroma's database.
+- `me` (user tokens only): The ActivityPub ID of the user who owns the token.
## Account Registration
def render("token.json", %{token: token} = opts) do
response = %{
+ id: token.id,
token_type: "Bearer",
access_token: token.token,
refresh_token: token.refresh_token,
"client_secret" => app.client_secret
})
- assert %{"access_token" => token} = json_response(conn, 200)
+ assert %{"id" => id, "access_token" => access_token} = json_response(conn, 200)
- token = Repo.get_by(Token, token: token)
+ token = Repo.get_by(Token, token: access_token)
assert token
+ assert token.id == id
+ assert token.token == access_token
assert token.scopes == app.scopes
end
projects / akkoma / commitdiff