[openstreetmap/openstreetmap-website] oauth_filter intercepts OAuth2.0 endpoints meant for Doorkeeper (#3245)
Tom Hughes
notifications at github.com
Fri Jul 2 16:25:23 UTC 2021
Right, so the problem I was having is that you can't introspect a token using bearer authorization with the same token - it's not allowed.
I think you can use bearer auth with a different token though I haven't proven that yet.
What definitely works is client authentication as you did before, for example:
```
curl -X POST -d "client_id=dlpQ_u2s49xM0anHw6C7CwiB8m7WLIoaH4cUdOIqBPo&client_secret=fBG3ZtN18eetoSm2qs-6788gvybBJxoC8oDRbXwc3vQ&token=05sMxyhosM-gISCObOgdfSq7urPxGMlaGqS3VoeYse8" https://dev.osm.compton.nu/oauth2/introspect
{"active":true,"scope":"read_prefs","client_id":"dlpQ_u2s49xM0anHw6C7CwiB8m7WLIoaH4cUdOIqBPo","token_type":"Bearer","exp":0,"iat":1625235997}
```
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/3245#issuecomment-873116710
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20210702/b739d620/attachment.htm>
More information about the rails-dev
mailing list