Skip to content

API V2 Auth Supported Methods Incorrectly Labeled in Docs? #92

New issue
New issue
Open
Open
API V2 Auth Supported Methods Incorrectly Labeled in Docs?#92
@Wonder0xWeird

Description

@Wonder0xWeird
Wonder0xWeird
opened on Jul 19, 2024

GET /2/tweets/:id/liking_users endpoint docs appears to indicate App Only (Bearer Token) auth level is acceptable for that endpoint, but using the app's bearer token returns the following error:

data: {
      title: 'Unsupported Authentication',
      detail: 'Authenticating with OAuth 2.0 Application-Only is forbidden for this endpoint.  Supported authentication types are [OAuth 1.0a User Context, OAuth 2.0 User Context].',      
      type: 'https://api.twitter.com/2/problems/unsupported-authentication',
      status: 403
    }

Expected behavior

Based on the documentation, I expect

GET /2/tweets/:id/liking_users

to function similarly to

GET /2/tweets/:id/retweeted_by

for example:

// GET /2/tweets/:id/retweeted_by

  const response = await axios.get(`https://api.twitter.com/2/tweets/${TWEET_ID}/retweeted_by`,
    { headers: { "Authorization": `Bearer ${process.env.X_V2_API_BEARER_TOKEN!}` } }
  ).catch((e) => {
    console.error(e.response.data);
    throw e;
  });
  console.log("response", JSON.stringify(response.data, null, 2));
  
  // response: {
  "data": [
    {
      "id": "123",
      "name": "Example",
      "username": "example"
    },
  ],
  "meta": {
    "result_count": 1,
    "next_token": "xyz"
  }
}
image image

Actual behavior

GET /2/tweets/:id/liking_users endpoint yields a 403 error indicating the auth level is not sufficient and that this endpoint requires a User Context:

// GET /2/tweets/:id/liking_users

  const response = await axios.get(`https://api.twitter.com/2/tweets/${TWEET_ID}/liking_users`,
    { headers: { "Authorization": `Bearer ${process.env.X_V2_API_BEARER_TOKEN!}` } }
  ).catch((e) => {
    console.error(e.response.data);
    throw e;
  });
  console.log("response", JSON.stringify(response.data, null, 2));
  
  // error.response.data: {
         title: 'Unsupported Authentication',
         detail: 'Authenticating with OAuth 2.0 Application-Only is forbidden for this endpoint.  Supported authentication types are [OAuth 1.0a User Context, OAuth 2.0 User Context].',    
         type: 'https://api.twitter.com/2/problems/unsupported-authentication',
         status: 403
     }

Steps to reproduce the behavior

  1. Create Twitter V2 API developer account
  2. Subscribe to Basic tier to access expanded suite of endpoints
  3. Create project and app, retrieve bearer token, client id, etc.
  4. Use app bearer token to execute code snippets above re: documentation
  5. Observe response discrepancy

Question

Are the docs mislabeled and the disparate behavior is the correct behavior of these endpoints such that OAuth 2.0 User Context with PKCE is actually required for /liking_users?

Or is there a bug somewhere in /liking_users in that it should return a similar list to /retweeted_by when queried with the app's bearer token?

Or other?

Activity

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions