Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

API V2 Auth Supported Methods Incorrectly Labeled in Docs? #92

Open
Wonder0xWeird opened this issue Jul 19, 2024 · 0 comments
Open

API V2 Auth Supported Methods Incorrectly Labeled in Docs? #92

Wonder0xWeird opened this issue Jul 19, 2024 · 0 comments

Comments

@Wonder0xWeird
Copy link

GET /2/tweets/:id/liking_users endpoint docs appears to indicate App Only (Bearer Token) auth level is acceptable for that endpoint, but using the app's bearer token returns the following error:

data: {
      title: 'Unsupported Authentication',
      detail: 'Authenticating with OAuth 2.0 Application-Only is forbidden for this endpoint.  Supported authentication types are [OAuth 1.0a User Context, OAuth 2.0 User Context].',      
      type: 'https://api.twitter.com/2/problems/unsupported-authentication',
      status: 403
    }

Expected behavior

Based on the documentation, I expect

GET /2/tweets/:id/liking_users

to function similarly to

GET /2/tweets/:id/retweeted_by

for example:

// GET /2/tweets/:id/retweeted_by

  const response = await axios.get(`https://api.twitter.com/2/tweets/${TWEET_ID}/retweeted_by`,
    { headers: { "Authorization": `Bearer ${process.env.X_V2_API_BEARER_TOKEN!}` } }
  ).catch((e) => {
    console.error(e.response.data);
    throw e;
  });
  console.log("response", JSON.stringify(response.data, null, 2));
  
  // response: {
  "data": [
    {
      "id": "123",
      "name": "Example",
      "username": "example"
    },
  ],
  "meta": {
    "result_count": 1,
    "next_token": "xyz"
  }
}
image image

Actual behavior

GET /2/tweets/:id/liking_users endpoint yields a 403 error indicating the auth level is not sufficient and that this endpoint requires a User Context:

// GET /2/tweets/:id/liking_users

  const response = await axios.get(`https://api.twitter.com/2/tweets/${TWEET_ID}/liking_users`,
    { headers: { "Authorization": `Bearer ${process.env.X_V2_API_BEARER_TOKEN!}` } }
  ).catch((e) => {
    console.error(e.response.data);
    throw e;
  });
  console.log("response", JSON.stringify(response.data, null, 2));
  
  // error.response.data: {
         title: 'Unsupported Authentication',
         detail: 'Authenticating with OAuth 2.0 Application-Only is forbidden for this endpoint.  Supported authentication types are [OAuth 1.0a User Context, OAuth 2.0 User Context].',    
         type: 'https://api.twitter.com/2/problems/unsupported-authentication',
         status: 403
     }

Steps to reproduce the behavior

  1. Create Twitter V2 API developer account
  2. Subscribe to Basic tier to access expanded suite of endpoints
  3. Create project and app, retrieve bearer token, client id, etc.
  4. Use app bearer token to execute code snippets above re: documentation
  5. Observe response discrepancy

Question

Are the docs mislabeled and the disparate behavior is the correct behavior of these endpoints such that OAuth 2.0 User Context with PKCE is actually required for /liking_users?

Or is there a bug somewhere in /liking_users in that it should return a similar list to /retweeted_by when queried with the app's bearer token?

Or other?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Wonder0xWeird