Favorites: logged in requires auth, logged out doesn't
18 views
Skip to first unread message
Remy Sharp
Jan 31, 2009, 7:31:05 PM1/31/09
to Twitter Development Talk
Hi,
I can't make out whether I've misunderstood the documentation, or if
this is just wrong - but:
When I am logged out, the following url works fine with no
authentication request:
http://twitter.com/favorites/rem.json
However, when I'm logged *in* - the same request asked for my
credentials.
Is that correct? That seems like a bug to me - I thought you could
get anyone's favorites via the URL (as above).
Cheers,
Remy.
I can't make out whether I've misunderstood the documentation, or if
this is just wrong - but:
When I am logged out, the following url works fine with no
authentication request:
http://twitter.com/favorites/rem.json
However, when I'm logged *in* - the same request asked for my
credentials.
Is that correct? That seems like a bug to me - I thought you could
get anyone's favorites via the URL (as above).
Cheers,
Remy.
Alex Payne
Feb 1, 2009, 8:40:06 PM2/1/09
to twitter-deve...@googlegroups.com
The API has no concept of "logged in" or "logged out". There are no
sessions, just authenticated and unauthenticated requests.
sessions, just authenticated and unauthenticated requests.
--
Alex Payne - API Lead, Twitter, Inc.
http://twitter.com/al3x
Remy Sharp
Feb 2, 2009, 9:59:52 AM2/2/09
to Twitter Development Talk
That may be so, but the API is *definitely* giving me a different
response when I'm logged in.
I've just tried the url on curl and this *works* - i.e. full response:
curl http://twitter.com/favorites/rem.json
When I take an authenticated session cookie and pass it in, it
*doesn't* work:
curl -b "_twitter_sess=XXXX; " http://twitter.com/favorites/rem.json
(Obviously I've swapped XXXX for my real cookie).
Why would they give different responses, or is this a bug?
response when I'm logged in.
I've just tried the url on curl and this *works* - i.e. full response:
curl http://twitter.com/favorites/rem.json
When I take an authenticated session cookie and pass it in, it
*doesn't* work:
curl -b "_twitter_sess=XXXX; " http://twitter.com/favorites/rem.json
(Obviously I've swapped XXXX for my real cookie).
Why would they give different responses, or is this a bug?
Alex Payne
Feb 2, 2009, 2:17:45 PM2/2/09
to twitter-deve...@googlegroups.com
We don't support session cookies as an authentication mechanism.
Remy Sharp
Feb 2, 2009, 6:52:00 PM2/2/09
to Twitter Development Talk
Alex, sorry, I must be missing something pretty fundamental here, and
I don't mean to go in circles at all, but there's something I don't
understand and I'm hoping you can clarify:
I don't expect the API to support cookie auth - which is fine and what
you've said. However, I also don't expect the API to react
differently when the user is logged in or not - and you've said
yourself that the API doesn't "no concept of "logged in" or "logged
out" - but my test absolutely contradict that (see the curl examples
provided).
I appreciate you're a busy chap who probably gets inundated with
random questions, but if I want to pull this API call via a JSONP
request, it reacts differently depending whether the visitor (and
therefore the requestee) is logged in or not.
I understand that you're saying the request doesn't support cookies
for auth, and I understand that you're saying that the API *should*
know nothing about any authorised sessions. However, it the visitor
is doing a JSONP call to your API, whilst logged in - it's ask for
auth details. If they're not logged in, and perform a JSONP call, it
*doesn't* ask for details.
Can you clarify.
Many thanks - and thanks again for the great work.
--
Remy.
On Feb 2, 7:17 pm, Alex Payne <a...@twitter.com> wrote:
> We don't support session cookies as an authentication mechanism.
>
>
>
> On Mon, Feb 2, 2009 at 06:59, Remy Sharp <r...@leftlogic.com> wrote:
>
> > That may be so, but the API is *definitely* giving me a different
> > response when I'm logged in.
>
> > I've just tried the url on curl and this *works* - i.e. full response:
>
> > curlhttp://twitter.com/favorites/rem.json
I don't mean to go in circles at all, but there's something I don't
understand and I'm hoping you can clarify:
I don't expect the API to support cookie auth - which is fine and what
you've said. However, I also don't expect the API to react
differently when the user is logged in or not - and you've said
yourself that the API doesn't "no concept of "logged in" or "logged
out" - but my test absolutely contradict that (see the curl examples
provided).
I appreciate you're a busy chap who probably gets inundated with
random questions, but if I want to pull this API call via a JSONP
request, it reacts differently depending whether the visitor (and
therefore the requestee) is logged in or not.
I understand that you're saying the request doesn't support cookies
for auth, and I understand that you're saying that the API *should*
know nothing about any authorised sessions. However, it the visitor
is doing a JSONP call to your API, whilst logged in - it's ask for
auth details. If they're not logged in, and perform a JSONP call, it
*doesn't* ask for details.
Can you clarify.
Many thanks - and thanks again for the great work.
--
Remy.
On Feb 2, 7:17 pm, Alex Payne <a...@twitter.com> wrote:
> We don't support session cookies as an authentication mechanism.
>
>
>
> On Mon, Feb 2, 2009 at 06:59, Remy Sharp <r...@leftlogic.com> wrote:
>
> > That may be so, but the API is *definitely* giving me a different
> > response when I'm logged in.
>
> > I've just tried the url on curl and this *works* - i.e. full response:
>
Alex Payne
Feb 2, 2009, 7:17:00 PM2/2/09
to twitter-deve...@googlegroups.com
If you browser is maintaining a basic auth session to twitter.com then
yes, we won't prompt for auth.
yes, we won't prompt for auth.
Remy Sharp
Feb 2, 2009, 7:21:14 PM2/2/09
to Twitter Development Talk
But *that's* the problem - it's prompting for auth in the browser when
you're logged in - and not prompting when you're logged out.
Why is it different - or is this just a bug that needs to be fixed
(i.e. shouldn't prompt at all)?
you're logged in - and not prompting when you're logged out.
Why is it different - or is this just a bug that needs to be fixed
(i.e. shouldn't prompt at all)?
Alex Payne
Feb 2, 2009, 7:26:49 PM2/2/09
to twitter-deve...@googlegroups.com
Sounds like a bug, then. Please file an issue on this:
http://code.google.com/p/twitter-api/issues/entry. Thanks!
http://code.google.com/p/twitter-api/issues/entry. Thanks!
--
Reply all
Reply to author
Forward
0 new messages