Script for generating an user API key for discourse.

generate_api_key.py

"""
Script for generating an user API key for discourse.

Requirements:
pip install pycryptodomex

Usage:
python generate_api_key.py --help
python generate_api_key.py https://meta.discourse.org
"""
import argparse
from base64 import b64decode
import json
from secrets import token_urlsafe
from urllib.parse import urlencode

from Cryptodome.Cipher import PKCS1_v1_5
from Cryptodome.PublicKey import RSA
from Cryptodome.Random import get_random_bytes


def generate_api_key(host):
    # generate RSA key
    key = RSA.generate(2048)

    # assemble the url
    path = "/user-api-key/new"
    query_dict = {
        "application_name": "python",
        "client_id": token_urlsafe(),
        "scopes": "read",
        "public_key": key.publickey().export_key().decode(),
        "nonce": 1,
    }
    query = urlencode(query_dict)
    url = f"{host}{path}?{query}"
    print(f"Navigate to {url} and copy the generated ciphertext in here:\n")
    ciphertext = input()

    # process the ciphertext from discourse
    sentinel = get_random_bytes(16)
    cipher_rsa = PKCS1_v1_5.new(key)
    plaintext = cipher_rsa.decrypt(b64decode(ciphertext), sentinel)
    plaintext = json.loads(plaintext.decode())
    return plaintext["key"]


def main():
    parser = argparse.ArgumentParser()
    parser.add_argument("host", type=str, help="Hostname of the discourse server.")
    args = parser.parse_args()

    api_key = generate_api_key(args.host)
    print("\nUser API key:", api_key)


if __name__ == "__main__":
    main()

I tried this (public key shortened) ...

https://community.openstreetmap.org/user-api-key/new?application_name=python&client_id=my_pc&scopes=read&public_key=-----BEGIN+PUBLIC+KEY-----MissingData-----END+PUBLIC+KEY-----&nonce=1

... and got that:

Question: How to find out what's going on?

PS: Same result for "meta.discourse.org".

I just tried to reproduce, but it works for me (Ubuntu 22.04 + Firefox). I can't see the issue in your description, though. The link seems to work and you are logged in. Else you wouldn't get to the "Genehmigen" button.

The second screenshot suggests that it is an internal error. Could you try again after some time? (The fact that the error is happening on two distinct discourse servers does still look like another problem to me.)

I tried it from macOS with fresh installed python and pycryptodomex:

macOS: 12.6.1
python: 3.10.8
pycryptodomex: 3.15.0

An alternative tests via this site "https://observablehq.com/@beanow/generate-user-api-key-for-discourse" worked for me without any problems.

BTW: I want to write my own Discourse-User-API-Key client with Go. For this purposes this script seems to be a good blueprint.

It might be something handled differently on mac (maybe the key is somehow not correct at the URL). I'm using python 3.10.6 and pycryptodomex 3.15.0. The versions seem to be no issue. Since I don't have a mac, it will be difficult to debug for me.

Note: The python script is also only a migration of this (ruby?) script.

same problem here.
the problem is the client_id. This is how to fix it:

Thanks for investigating and providing the fix @call-me-matt! I updated the script.