near/computersandblues.lodestone
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Remove ?code= parameter after fetching bearer token

Browse source 
This is to ensure that it's not stored in any bookmark. The parameter
only has a short validity, so it's mostly cosmetic, but the docs
[recommend treating it
securely](https://docs.joinmastodon.org/methods/oauth/#200-ok).

Unfortunately it will still show up in logs. We should consider
switching to `urn:ietf:wg:oauth:2.0:oob`.
This commit is contained in:
arne 2025-11-21 07:28:08 +01:00
commit aea0c8f1f1
1 changed files with 3 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/computersandblues/lodestone/app.cljs
View file

@ -134,7 +134,9 @@
:redirect_uri (:redirect_uri application)}))}) :redirect_uri (:redirect_uri application)}))})
(.then (fn [res] (.then (fn [res]
(let [bearer-token (-> res :body :access_token) (let [bearer-token (-> res :body :access_token)
application (assoc application :bearer_token bearer-token)] application (assoc application :bearer_token bearer-token)
path (-> js/location .-pathname)]
(.replaceState js/history nil "" path) ; remove ?code= param
(db/put! ::db/application application) (db/put! ::db/application application)
application))))) application)))))