mirror of
https://github.com/farmOS/farmOS.git
synced 2024-02-23 11:37:38 +01:00
CSRF token is not necessary with OAuth2.
This commit is contained in:
parent
9c738ce191
commit
1124765fad
1 changed files with 2 additions and 11 deletions
|
@ -26,7 +26,7 @@ specific farmOS URL, username, and password.
|
|||
There are three ways to authenticate with a farmOS server:
|
||||
|
||||
1. OAuth2 Authorization Tokens (recommended)
|
||||
2. Session Cookie and Token
|
||||
2. Session Cookie and CSRF Token
|
||||
3. Basic Authentication
|
||||
|
||||
### 1. OAuth2 Authorization Tokens
|
||||
|
@ -48,18 +48,9 @@ Once you have an OAuth2 token, you can pass it to farmOS with an
|
|||
|
||||
-H "Authorization: Bearer [OAUTH-TOKEN]"
|
||||
|
||||
In order to perform `POST` or `PUT` requests, you also need to get an CSRF token
|
||||
from `/restws/session/token`:
|
||||
|
||||
TOKEN="$(curl -H "Authorization: Bearer [OAUTH-TOKEN]" [URL]/restws/session/token)"
|
||||
|
||||
Then both tokens can be included with subsequent `curl` via `-H` parameters:
|
||||
|
||||
-H "Authorization: Bearer [OAUTH-TOKEN]" -H "X-CSRF-Token: ${TOKEN}"
|
||||
|
||||
This should be used to replace `[AUTH]` in the `curl` examples that follow.
|
||||
|
||||
### 2. Session Cookie and Token
|
||||
### 2. Session Cookie and CSRF Token
|
||||
|
||||
The old approach (before OAuth2 was introduced in farmOS 7.x-1.4), was to
|
||||
authenticate via Drupal's `user_login` form and save the session cookie provided
|
||||
|
|
Loading…
Reference in a new issue