Are the user API keys (https://meta.discourse.org/t/user-api-keys-specification/48536) turned on on this forum? And also configured with write tokens? Seems the only way for an app to write anything to the forum (or like, or edit etc) without pretending to be a browser and handling cookies, as the OAuth support is only for credentials validation and API from the get go only supports admin api-keys
Yes, they are enabled.
I’m getting this:
(this was with a test URL: https://forum.sailfishos.org/user-api-key/new?nonce=1111222&scopes=all&client_id=1234567890&application_name=sfos-forum-viewer&public_key=111&auth_redirect=http://www.google.com)
Trying more limited scopes (read, or ‘read,write’) gives this:
(also trying with a real public_key from phone gives same result so I don’t think it’s the dummy key)
Sorry, I’m really not an expert in how discourse user API keys are supposed to work. But that http://www.google.com looks suspicious to me. Only https://api.discourse.org/api/auth_redirect or discourse://auth_redirect are allowed.
auth_redirect is optional, added it as maybe the error msg is generic and still expects it, but getting the same error with:
https://forum.sailfishos.org/user-api-key/new?nonce=1111222&scopes=all&client_id=1234567890&application_name=sfos-forum-viewer&public_key=111 (those are supposedly minimum required and still claims it might be disabled by admin, also no difference with the allowed &auth_redirect=https://api.discourse.org/api/auth_redirect)
The discourse api documentation and the error messages aren’t exactly helpful. Luckily, we have the source code which helps a bit.
So, the first error you encountered is because of the scopes=all parameter. Use e.g. scopes=write instead. The second error is because your public key is not a public key, or at least it’s not in the expected format. It should be an RSA public key in PEM format and naturally URI encoded.