Hi folks,

Is it possible to use OAuth 2.0 client tokens for sourcehut services
(git.sr.ht, todo.sr.ht, lists.sr.ht, etc)?

Each of the example config files currently points to the legacy OAuth
dashboard; the OAuth2.0 one ends in /oauth2 but these are /oauth:

- https://git.sr.ht/~sircmpwn/git.sr.ht/tree/0.81.3/item/config.example.ini#L115
- https://git.sr.ht/~sircmpwn/todo.sr.ht/tree/0.74.1/item/config.example.ini#L97
- https://git.sr.ht/~sircmpwn/lists.sr.ht/tree/0.55.1/item/config.example.ini#L108

Provided that OAuth2.0 is supported, would a patch to update the
config.example.ini files be accepted?

Thanks,

-- 
David

On Sat, 11 Feb 2023 at 22:03, David Florness <david@florness.com> wrote:
> Is it possible to use OAuth 2.0 client tokens for sourcehut services
> (git.sr.ht, todo.sr.ht, lists.sr.ht, etc)?

For git.sr.ht it is definitely possible. And since the authentication
and verification of the tokens depends on the meta service, I don't
see why the other two services would be any different.

> Provided that OAuth2.0 is supported, would a patch to update the
> config.example.ini files be accepted?

While I have no authority to give a definite answer, I don't see any
reason why such a patch would not be accepted. But /oauth also links
to /oauth2 and apart from those links I don't see what you would want
to change.
The variable names remain correct.

-Max

> But /oauth also links to /oauth2 and apart from those links I don't
> see what you would want to change.

just that.  I think it's less confusing because while you can get to
/oauth2 from /oauth, landing on /oauth2 right away makes it obvious that
that's where you should be.

-- 
David

While there is a link to /oauth2 on the /oauth page, landing on /oauth2 right
away makes it obvious to server admins that /oauth2 is where they should be.

Discussion: <https://lists.sr.ht/~sircmpwn/sr.ht-discuss/%3C877cwnhpni.fsf%40florness.com%3E>
Signed-off-by: David Florness <david@florness.com>
---
 config.example.ini            | 2 +-
 gitsrht/default_query.graphql | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/config.example.ini b/config.example.ini
index 7c645e8..beface9 100644
--- a/config.example.ini
+++ b/config.example.ini
@@ -112,7 +112,7 @@ webhooks=redis://localhost:6379/1
 post-update-script=/usr/bin/gitsrht-update-hook
 #
 # git.sr.ht's OAuth client ID and secret for meta.sr.ht
-# Register your client at meta.example.org/oauth
+# Register your client at meta.example.org/oauth2
 oauth-client-id=CHANGEME
 oauth-client-secret=CHANGEME
 #
diff --git a/gitsrht/default_query.graphql b/gitsrht/default_query.graphql
index 0ddaa07..630fffb 100644
--- a/gitsrht/default_query.graphql
+++ b/gitsrht/default_query.graphql
@@ -30,7 +30,7 @@ query {
 
   # On this page, you have been automatically authorized to make API requests
   # with your sr.ht login cookie. If you wish to make GraphQL requests outside
-  # of the browser, create a personal access token at https://meta.sr.ht/oauth
+  # of the browser, create a personal access token at https://meta.sr.ht/oauth2
   #
   # curl \
   #     -H Authorization:"Bearer <your oauth token>" \
-- 
2.39.1

git.sr.ht/patches: FAILED in 5m23s

[OAuth 2.0 for SourceHut services?][0] from [David Florness][1]

[0]: https://lists.sr.ht/~sircmpwn/sr.ht-discuss/patches/38950
[1]: david@florness.com

✓ #939352 SUCCESS git.sr.ht/patches/alpine.yml    https://builds.sr.ht/~sircmpwn/job/939352
✓ #939354 SUCCESS git.sr.ht/patches/debian.yml    https://builds.sr.ht/~sircmpwn/job/939354
✗ #939353 FAILED  git.sr.ht/patches/archlinux.yml https://builds.sr.ht/~sircmpwn/job/939353

BTW, there are other repos that could also get a patch for this, but I
was gonna hold off on sending those until this one gets accepted (in
case folks disagree with the motivation).

-- 
David

I think we can skip this for config.example.ini; we mostly use internal
auth now and will be remove these config details in the foreseeable
future in any case.

default_query.graphql should be updated, though, and the update looks
good for all affected services if you'd like to prepare patches for
them.

While there is a link to /oauth2 on the /oauth page, landing on /oauth2 right
away makes it obvious to server admins that /oauth2 is where they should be.

Discussion: <https://lists.sr.ht/~sircmpwn/sr.ht-discuss/%3C877cwnhpni.fsf%40florness.com%3E>
Signed-off-by: David Florness <david@florness.com>
---
v1 -> v2:
  - ignore /oauth in config.example.ini: <https://lists.sr.ht/~sircmpwn/sr.ht-discuss/%3C877cwnhpni.fsf%40florness.com%3E#%3CCQI5AI6ADO6H.39CESCLMYYHS5@taiga%3E>

 gitsrht/default_query.graphql | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gitsrht/default_query.graphql b/gitsrht/default_query.graphql
index 0ddaa07..630fffb 100644
--- a/gitsrht/default_query.graphql
+++ b/gitsrht/default_query.graphql
@@ -30,7 +30,7 @@ query {
 
   # On this page, you have been automatically authorized to make API requests
   # with your sr.ht login cookie. If you wish to make GraphQL requests outside
-  # of the browser, create a personal access token at https://meta.sr.ht/oauth
+  # of the browser, create a personal access token at https://meta.sr.ht/oauth2
   #
   # curl \
   #     -H Authorization:"Bearer <your oauth token>" \
-- 
2.39.2

Thanks!

To git@git.sr.ht:~sircmpwn/git.sr.ht
   e74ae7a..1f83634  master -> master