OAuth application tokens support
Pleroma allows to obtain application-bound (user-unbound) OAuth tokens (via POST /oauth/token?grant_type=client_credentials
, by providing client_id
and client_secret
obtained during app creation via POST /api/v1/apps
).
However, these tokens currently do not allow to access even GET /api/v1/apps/verify_credentials
.
Need to refactor the auth pipeline and add app-bound tokens support to Pleroma.Web.MastodonAPI.AppController
.