Got a #Sharkey question:
Does its api have a /verify_credentials endpoint? It looks like someone is trying to log in to Pelago from a Sharkey instance, but the application is getting back a 403 Forbidden when trying to call it and verify the access token.
I'll dig in and see if I can find public api docs for it, but wanted to ask in case someone more generally had an idea.
Current login flow is to request profile oauth scope permissions, which grants minimal permissions but among permissions granted is supposed to be access to the verify_credentials endpoint to return details about the user.
https://docs.joinmastodon.org/methods/accounts/#verify_credentials
But maybe that's just not a thing on Sharkey or *key in general?
I've tested this flow in GoToSocial and Mastodon, but nothing else yet, so it's not too surprising if it's failing.
Hmm, wondering if Sharkey implements the 'profile' scope or not. I'll bet that's it. I'll bet for Sharkey I need read:accounts scope permission instead.
A space for Bonfire maintainers and contributors to communicate
