diff --git a/doc/API-Mastodon.md b/doc/API-Mastodon.md index 18af62be6..09cf169e2 100644 --- a/doc/API-Mastodon.md +++ b/doc/API-Mastodon.md @@ -16,12 +16,13 @@ Supported mobile apps: - Tusky - Husky - twitlatte +- AndStatus +- Twidere Unsupported mobile apps: - [Subway Tooter](https://github.com/tateisu/SubwayTooter) Uses the wrong grant_type when requesting a token, possibly a problem in the server type detection of the app. See issue https://github.com/tateisu/SubwayTooter/issues/156 - [Mammut](https://github.com/jamiesanson/Mammut) States that the instance doesn't exist. Most likely an issue in the vitality check of the app, see issue https://github.com/jamiesanson/Mammut/issues/19 -- [AndStatus](https://github.com/andstatus/andstatus) Doesn't provide all data at token request, see issue https://github.com/andstatus/andstatus/issues/537 - [Fedilab](https://framagit.org/tom79/fedilab) Automatically uses the legacy API, see issue: https://framagit.org/tom79/fedilab/-/issues/520 ## Entities diff --git a/src/Module/OAuth/Token.php b/src/Module/OAuth/Token.php index c3aaac6d1..0a1a32b74 100644 --- a/src/Module/OAuth/Token.php +++ b/src/Module/OAuth/Token.php @@ -41,6 +41,15 @@ class Token extends BaseApi $client_id = $_REQUEST['client_id'] ?? ''; $client_secret = $_REQUEST['client_secret'] ?? ''; + // AndStatus transmits the client data in the AUTHORIZATION header field, see https://github.com/andstatus/andstatus/issues/530 + if (empty($client_id) && !empty($_SERVER['HTTP_AUTHORIZATION']) && (substr($_SERVER['HTTP_AUTHORIZATION'], 0, 6) == 'Basic ')) { + $datapair = explode(':', base64_decode(trim(substr($_SERVER['HTTP_AUTHORIZATION'], 6)))); + if (count($datapair) == 2) { + $client_id = $datapair[0]; + $client_secret = $datapair[1]; + } + } + if ($grant_type != 'authorization_code') { Logger::warning('Unsupported or missing grant type', ['request' => $_REQUEST]); DI::mstdnError()->UnprocessableEntity(DI::l10n()->t('Unsupported or missing grant type'));