How can an API user create posts as another user?

cappslock · 2016 年6 月 17 日 18:03

I’m using the API of Discourse with a custom UI. I’m attempting to integrate this behind an orchestration layer that already authenticates users. I’d like to be able to more or less bypass authentication on the Discourse side of things.

We use JWT tokens, and it seems that ideally I could just pass these along to Discourse and tell it to trust them. I see that there’s some JWT related projects in the discourse GitHub organization, but there’s no documentation or usage examples, Google hasn’t been helpful, I haven’t found any relevant threads in meta, and I don’t really speak Ruby

Is there a way I could leverage our existing authentication by just passing these tokens through to Discourse?

Failing that, as an API user, how can I create topics and posts on behalf of other, authenticated users?

cappslock · 2016 年6 月 17 日 18:51

One strategy I’m exploring is creating an API user for every user in my system. Any obvious downsides to this?

fefrei · 2016 年6 月 17 日 18:54

You could use a master API key, and specify the username of the user you are impersonating – the master API key should always work.

cappslock · 2016 年6 月 17 日 19:15

Okay, that’s interesting. How would you specify the user name? As the api_username parameter on the query string?

fefrei · 2016 年6 月 17 日 19:16

Yes, exactly. This is the name of the user performing the action, while the API key just proves you’re allowed to speak for that user.

cappslock · 2016 年6 月 17 日 19:17

Excellent, that sounds perfect. I’ll try it out.

JulesW · 2019 年5 月 24 日 01:20

I’m trying to do this, but I cannot specify an arbitrary username as api_username - if I specify any username other than my (admin) account, I get a 404 from the API.

Is this post out of date, or is there some other way to achieve creating topics as another user (other than creating an API key for every user)?

ad-si · 2019 年10 月 7 日 16:17

I think the API has changed since the post was originally created. Nowadays you have to specify the username via the HTTP header Api-Username:…

dariKG · 2020 年10 月 16 日 14:39

大家好，

我写这封信是因为我正尝试用来自另一个旧论坛的一组用户帖子来填充我的论坛。

在文档中，说明了如何通过 API 创建帖子，但我不确定如何使这些帖子显示为来自特定用户。上面提出的解决方案似乎已不再适用。

是否有某个字段可以输入用户名？我在文档中找不到相关说明。

感谢您的帮助！

justin · 2020 年10 月 16 日 15:38

您是否考虑过尝试迁移脚本？

这可能会简单得多。此外，根据旧论坛运行的平台，Meta 上还有许多分步教程可供参考。

blake · 2020 年10 月 16 日 18:10

如果您为“所有用户”创建 API 密钥：

然后，在发起 API 请求时，您可以通过 Api-Username 头指定要为其创建帖子的用户名。

dariKG · 2020 年10 月 16 日 19:53

谢谢 @blake，我想我会走这条路。
@justin 谢谢，目前我更倾向于使用 API，但未来会考虑导入器！

话题		回复	浏览量
Is there a way to post as an arbitrary user when creating a new post/topic using the Discourse API? Support	9	1147	2017 年5 月 11 日
Discourse API, is it possible to create a Post through a different username? Support	2	903	2022 年3 月 25 日
Creating a new topic on behalf of a user Support	3	1219	2023 年1 月 1 日
Can we modify Created by using REST API for multiple post Feature	1	443	2019 年2 月 1 日
Create apikey for user programmatically as admin Development rest-api	8	1948	2024 年2 月 26 日

How can an API user create posts as another user?

相关话题