This is an article about getting the access token required to use the mastodon API.
There are various ways to get an access token with oauth2 depending on grant_type, but I often see articles. Is an example in Python to get with grant_type =" authorization_code "
because there were many things with grant_type =" password "
.
$ python mastodon_auth_example.py
client id: XXXXXXXXXX...
client secret: YYYYYYYYYY...
open browser https://mstdn.jp/oauth/authorize?scope=read+write+follow&client_id=XXXXXXXXXXXXXXXXX&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&response_type=code
input code > ZZZZZZZZZ....
access token : ****************************************************************
Get a client ID to register as an authenticated app. On Twitter, operations like those registered with MyApps on dev.twitter.com. Since mastodon does not have a web interface, it is acquired by REST API.
You will get the client_id and client_secret.
res = requests.post('https://mstdn.jp/api/v1/apps',
dict(client_name=CLIENT_NAME,
redirect_uris="urn:ietf:wg:oauth:2.0:oob",
scopes="read write follow")).json()
return res["client_id"], res["client_secret"]
redirect_uris should actually use this uri to display on the console without redirecting. scope is the permission that this app requires from the user. You should request only the permissions that your app requires.
Since the client ID is issued for each application, in the example, it is saved in a file and reused.
Generate a URL for authorization approval using the client ID. The user opens it in a browser, confirms and approves the permissions required by the app (after logging in if necessary).
After approval, it is a flow to redirect to the URL requested by the application and receive the authentication code on the application side, but in order to accept the redirect ** It must be accessible via https with the server program ** (Web service is like that) Should be made to Here, the authentication code is displayed on the browser and the user can copy and paste it. Desktop clients that are not browsers take this format.
An authentication code can be obtained by the user approving it on the browser.
params = urlencode(dict(
client_id=client_id,
response_type="code",
redirect_uri="urn:ietf:wg:oauth:2.0:oob", #Code display on the browser
scope=SCOPE
))
return 'https://mstdn.jp/oauth/authorize?'+params
Issue an access token using the authentication code, client_id, and client_secret.
res = requests.post('https://mstdn.jp/oauth/token', dict(
grant_type="authorization_code",
redirect_uri="urn:ietf:wg:oauth:2.0:oob",
client_id=client_id,
client_secret=client_secret,
code=code
)).json()
return res["access_token"]
Since the access token is obtained, use it in the Authorization header of the API.
https://github.com/civic/mastodon-auth-example