Continuando la discusión desde [GUIDE] Kodular + Discourse Community Implementation:
I have created this topic to complement the good work of @Gordon_Lu in documenting how to use parts of the Discourse API from Kodular
Hello everyone ! I think it’s been a while since I’ve been in the community.
Today I have seen this topic, which I would like to complement by sharing some things that I have managed to implement using Kodular
Unlike other methods that use Custom WebView + Cookies, this guide will focus on Discourse’s User API keys specification , the same used by applications such as DiscourseHub (the mobile application of
Discourse), to perform API actions in an authenticated way (for example, access secret places, give likes, etc.)
This implementation is quite complex to do directly from Kodular , since it is possible that there is an error in the Cryptography component or at the time of URI encoding, so I have decided to create a small API called Discourse Flow, which will handle all these steps of a much simpler way
1. Calling Discourse Flow
Endpoint: https://api.yanquisalexander.me/discourse/flow
Method: GET
Query Parameters (Optional):
-
discourse_url
- Discourse site url, default is
meta.discourse.org
- Discourse site url, default is
-
application_name
- App name, this will be displayed on the consent screen and in the login history, default to
Discourse App
- App name, this will be displayed on the consent screen and in the login history, default to
-
clientId
- Client identifier, this must be unique, by default
discourse-mobile-
followed by a randomString
- Client identifier, this must be unique, by default
-
redirect_uri
- Url to which the payload will be sent once the authentication flow is complete, must be inside the SiteSetting
allowed user api auth redirects
, default ishttps://api.discourse.org/api/auth_redirect
, since all Discourse sites include it by default, including Kodular Community
- Url to which the payload will be sent once the authentication flow is complete, must be inside the SiteSetting
-
scopes
- Scopes that the generated User API Key will use (separated by comma), default to
read,write,notifications,session_info
- Allowed scopes:
read
write
message_bus
push
one_time_password
notifications
session_info
bookmarks_calendar
user_status
- Scopes that the generated User API Key will use (separated by comma), default to
After getting the data, which is returned in JSON format, I recommend saving it (perhaps passing it to Dictionary or something) in a TinyDB, perhaps with a namespace “@discourse/flowData” or whatever you want to call it.
2. Obtaining the Token
Endpoint: https://api.yanquisalexander.me/discourse/token
Method: POST
Query Params:
- discourse_url
Body params (required):
-
payload
- Gets after Discourse redirects to
redirect_uri
- Gets after Discourse redirects to
-
private_key
- Obtained in the previous step
Returns: Token and currentUser
How to get token using Blocks
The Flow call returns a json that contains some metadata, including the redirect_to value, this URL should be used by, for example, a WebView.
In my case, I added a Page Loaded, to find out if the Current URL contains https://api.discourse.org
, since it is the redirect_uri
that I chose, and thus get the payload
After making the POST request, it returns a json with two values, token
and currentUser
, “token
” contains the decryption of the payload, and currentUser has the information of the current user
To use the token and make an authenticated request, the User-Api-Key
header must be used, with the obtained token (which is inside token.session.key
)
Soon, I will be improving this guide and posting an AIA and a demo APK, I will also make this topic a Wiki in case anyone wants to contribute