eightequal/AstralRinth
1
0
Fork 0
forked from didirus/AstralRinth
Code Pull Requests Activity

Document usage of OAuth (#3342)

Browse Source 
* docs: hitchhiker's guide to OAuth

* docs: remove old OAuth guide from OpenApi spec

* fixup! docs: remove old OAuth guide from OpenApi spec

* docs: mention /user endpoint in oauth

* docs: oauth flow overview

* docs: mention PAT

* docs: fix reviews

* docs: support portal over github issue

Signed-off-by: Erb3 <49862976+Erb3@users.noreply.github.com>

---------

Signed-off-by: Erb3 <49862976+Erb3@users.noreply.github.com>
This commit is contained in:
Erb3
2025-04-19 15:51:01 +02:00
committed by GitHub
parent 42731521f1
commit daf6999111
3 changed files with 100 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
apps/docs/public/openapi.yaml
View File

@@ -51,35 +51,7 @@ info:
Please note that certain scopes and requests cannot be completed with a personal access token or using OAuth.
For example, deleting a user account can only be done through Modrinth's frontend.
### OAuth2
Applications interacting with an authenticated API should create an OAuth2 application.
You can do this in [the developer settings](https://modrinth.com/settings/applications).
Make sure to save your application secret, as you will not be able to access it after you leave the page.
Once you have created a client, use the following URL to have a user authorize your client:
```
https://modrinth.com/auth/authorize?client_id=<CLIENT_ID>&redirect_uri=<CALLBACK_URL>&scope=<SCOPE_ONE>+<SCOPE_TWO>+<SCOPE_THREE>
```
> You can get a list of all scope names [here](https://github.com/modrinth/code/tree/main/apps/labrinth/src/models/v3/pats.rs).
Then, send a `POST` request to the following URL to get the token:
```
https://api.modrinth.com/_internal/oauth/token
```
> Note that you will need to provide your application's secret under the Authorization header.
In the body of your request, make sure to include the following:
- `code`: The code generated when authorizing your client
- `client_id`: Your client ID (found in developer settings)
- `redirect_uri`: A valid redirect URI provided in your application's settings
- `grant_type`: This will need to be `authorization_code`.
If your token request fails for any reason, you will need to get another code from the authorization process.
This route will be changed in the future to move the `_internal` part to `v3`.
A detailed guide on OAuth has been published in [Modrinth's technical documentation](https://docs.modrinth.com/guide/oauth).
### Personal access tokens
Personal access tokens (PATs) can be generated in from [the user settings](https://modrinth.com/settings/account).