I’m following the guidance for getting per user api keys: User API keys specification.
I’ve gone through the steps: client generates a public/private key pair and return url, goes to a discourse route, user gives approval to discourse to use the app, and discourse generates an api key.
But when discourse sends back the API key as a “payload” in the return url, that key doesn’t work. I try to decrypt it, but I can’t.
Any ideas for how to address?
This is a crucial piece of functionality, so any help is really appreciated.
Do I need to change the key provided in the payload in some way? Is it possible that the payload provided key doesn’t work?
A little more detail:
I think my overall method is right, because discourse provides another method of getting a per user key, and I’m able to decrypt that key:
If I leave out the redirect url in the request to discourse, discourse doesn’t do a redirect. Instead, it prints a key on the screen for the user to copy.
But asking the user to copy and paste an API key is confusing to users–the proper flow is getting the key from the payload. How do I get that payload key to work?