Unable to authorize app to post statuses, error 403
Diagnostic Information
- Installation type: OTP
- Pleroma version: 2.0.7-stable
- Elixir version: N/A
- Operating system: Debian GNU/Linux 10 Buster
- PostgreSQL version: psql (PostgreSQL) 11.7 (Debian 11.7-0+deb10u1)
What I Tried
I created the application with:
curl -s -S -i -X POST -F client_name="Blog Post Publishing Script" -F redirect_uris="urn:ietf:wg:oauth:2.0:oob" -F scopes="read write" https://pleroma.paritybit.ca/api/v1/apps
And got a valid response:
{
"client_id":"aG1u76o8QBdZqvFscHad4l-KmWcIQ9SkdcvuRgVTEiQ",
"client_secret":"<secret>",
"id":"26",
"name":"Blog Post Publishing Script",
"redirect_uri":"urn:ietf:wg:oauth:2.0:oob",
"website":null,
"vapid_key":"<key>"
}
I then went to the following URL to retrieve a code so that I could post statuses to my account:
https://pleroma.paritybit.ca/oauth/authorize?response_type=code&client_id=aG1u76o8QBdZqvFscHad4l-KmWcIQ9SkdcvuRgVTEiQ&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=write
I successfully authorized and got a code:
Then I got an OAuth token with:
curl -s -S -i -X POST -F client_id="aG1u76o8QBdZqvFscHad4l-KmWcIQ9SkdcvuRgVTEiQ" -F client_secret="<secret>" -F redirect_uri="urn:ietf:wg:oauth:2.0:oob" -F scope="write" -F grant_type="client_credentials" -F code="<code>" https://pleroma.paritybit.ca/oauth/token
And that successfully returned:
{
"access_token":"<token>",
"created_at":1595265931,
"expires_in":600,
"refresh_token":"<refresh_token>",
"scope":"read write",
"token_type":"Bearer"
}
I then tried to use this token to post a status:
curl -X POST -H "Authorization: Bearer <token>" -F status="Test post please ignore" https://pleroma.paritybit.ca/api/v1/statuses
But that failed with the following response:
HTTP/1.1 403 Forbidden
{"error":"Invalid credentials."}
I have checked and repeated this process to make sure that I am using the right tokens in the right places and that they are copy-pasted in properly. I noticed that, despite visiting /oauth/authorize, filling in the form, and getting a code, that the app does not appear in my OAuth tokens list at /user-settings under the Security tab.
I've tried looking through both the Mastodon API documentation and the Pleroma API documentation to see if I'm missing a key part of the process but I was unable to find anything other than what I tried so far. My theory is that something's going wrong with the user OAuth code, but I'm not sure what.
When I was using Mastodon, I just used the web UI at Preferences > Development to create my app and get a token so I haven't done this manually before.