XF 2.3 OAuth Token use with the API

Joshb_

Joshb_

Member
The oauth token endpoint returns the user_id with an access_token thrown at the API. But can we get more information out of this response or will I have to hit the API with an API-Key to get the rest of the user's information? I've tried 7 ways to Sunday to hit the API with the access_token but clearly, I can't do that as defined in the REST API docs?

What I'm lost in, you can specify scopes in the application settings. But all that does is add the scopes to the token response. Which is useless if you can't hit the API with the access_token?
 
You can use bearer authentication (via a Authorization: Bearer <token> header).
 
Last edited:
Jeremy P said:
You can use bearer authentication (via a Authentication: Bearer <token> header).
Click to expand...
svUcWOt.png


Tried this with a few different endpoints.
 
Generally this has been an issue with the web server not passing the value through to PHP:

K

XF 2.3 Post in thread 'Using XF 2.3 OAuth Provider'

Did you check your webserver config?

The Authorization header might not be passed to PHP.

If you use Apache you could try to add SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 to .htaccess
  • Like
 
Jeremy P said:
Generally this has been an issue with the web server not passing the value through to PHP:

K

XF 2.3 Post in thread 'Using XF 2.3 OAuth Provider'

Did you check your webserver config?

The Authorization header might not be passed to PHP.

If you use Apache you could try to add SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 to .htaccess
  • Like
Click to expand...
Yep. That was it. Didn't work at first but realized I had your Authentication header still in there. Authorization*

Great stuff you guys are doing. As always. Thanks a bunch.
 
Does this mean you can hit the API endpoints as a specific user without having to create individual keys and scope set for each person?
 
Thanks, it's something I've been wondering about but wasn't sure how the pieces connect. I had previously assumed each user would require their own API key specific to them and it's up to a dev to automate those.

I'm aware of the 2.2 API docs, but is Oauth+API integration covered somewhere too?
 
TrevC2 said:
Thanks, it's something I've been wondering about but wasn't sure how the pieces connect. I had previously assumed each user would require their own API key specific to them and it's up to a dev to automate those.

I'm aware of the 2.2 API docs, but is Oauth+API integration covered somewhere too?
Click to expand...
Chris D

XF 2.3 Thread 'Single sign on and more with OAuth2 in XenForo 2.3'

hys_8_cover.png
We're approaching the conclusion of the 'Have you seen...?' series for XenForo 2.3. While it may seem like a bittersweet moment, we've intentionally saved one of the most exciting revelations until last. In the upcoming weeks, we might delve into a few more miscellaneous changes and improvements and provide a more developer-centric round up. However, our primary goal is to have XenForo 2.3 up and running on XenForo.com by the end of November. Beyond that milestone, we're excited to share a couple more surprises with you, which will include an overview of the latest enhancements...
  • Like
  • Love

It's very vague since it operates as an ordinary Oauth application. It has the token itself and a refresh token you can hit the authorize endpoint to refresh your auth token.
 
Joshb_ said:
Chris D

XF 2.3 Thread 'Single sign on and more with OAuth2 in XenForo 2.3'

hys_8_cover.png
We're approaching the conclusion of the 'Have you seen...?' series for XenForo 2.3. While it may seem like a bittersweet moment, we've intentionally saved one of the most exciting revelations until last. In the upcoming weeks, we might delve into a few more miscellaneous changes and improvements and provide a more developer-centric round up. However, our primary goal is to have XenForo 2.3 up and running on XenForo.com by the end of November. Beyond that milestone, we're excited to share a couple more surprises with you, which will include an overview of the latest enhancements...
  • Like
  • Love

It's very vague since it operates as an ordinary Oauth application. It has the token itself and a refresh token you can hit the authorize endpoint to refresh your auth token.
Click to expand...
Appreciate it, hadn't seen this "Have you seen" entry at all. I wish there was more comprehensive Oauth + API docs with examples provided together.

It's a solid selling point for Xenforo and I'd bet many people have hardly heard about it, especially the Oauth integration.
 
You must log in or register to reply here.

Similar threads

K
OAuth Token with private Forum
Replies
0
Views
42
Klaus54
K
P
XF 2.2 Can I Search By Email To Get The user_id With The API?
Replies
1
Views
31
Jeremy P
Jeremy P
M
XF 2.2 Retrieve Microsoft OAuth Authorisation Token
Replies
0
Views
453
MagicA550
M
J
Not a bug Bug with the API
Replies
1
Views
641
Chris D
Chris D
J
XF 2.2 Issue with the API endpoints
Replies
12
Views
2K
Jackie13
J
Back
Top Bottom