search

singingwolfboy / flask-dance

Doing the OAuth dance with style using Flask, requests, and oauthlib.
https://pypi.python.org/pypi/Flask-Dance/
MIT License
997 stars 156 forks source link

Twitter oauth works again? #423

Open kotyatokino opened 8 months ago

kotyatokino commented 8 months ago

Sorry for my empty post. I'm now installed dance 6.2.0 and set up twitter with free plan, then I get works fine with twitter oauth. I think merge back to removed twitter code to head repository.

Please confirm your side and consider to merge back please.

daenney commented 8 months ago

X hasn't announced any changes around this as far as I can tell. This might be accidental, they might change their minds about it tomorrow.

If there's some official release around this from X that makes it clear that this is an intentional change and we can expect it to continue to work in the future, then we can take action.

kotyatokino commented 8 months ago

See here https://twitter.com/XDevelopers/status/1641222782594990080 Officially announced that they are providing "Login with X " with free plan. at 2nd tweet .

daenney commented 8 months ago

That's March 2023, 8 months ago. Mid-April 2023, #415 was raised because it wasn't working, and we removed X support in May 2023 through #416.

It looks like the Free Tier still has Login With Twitter, so it should probably still work. Though the base_url needs to be set to the Twitter API 2.0 for anything else to work.

If someone can do the work to properly verify all this, then we can look at bringing it back.

kotyatokino commented 8 months ago

My old 5 years ago code is successfully login with 6.2.0 without base_url config. Anyway I will check the code of API 2.0 related part of dance. Also, Does anybody help who can test old twitter login code.

@daenney If you have a time, please let me know the point of verify. I'm just user of dance, so I will just try to start digging into dance from now.

kotyatokino commented 8 months ago

I just try to extend twitetr with oauth2 lib. But found this article.So I think the best way to stay oauth 1.0 . I think only revert back to old oauth 1.0 twitter . Is this my miss understanding??

https://developer.twitter.com/en/docs/authentication/oauth-2-0/application-only

Please note that only OAuth 1.0a or OAuth 2.0 Authorization Code Flow with PKCE is required to issues requests on behalf of users. The API reference page describes the authentication method required to use an API. You will need user-authentication, user-context, with an access token to perform the following:

===>Access Direct Messages or account credentials

kotyatokino commented 8 months ago

memos base_url="https://api.twitter.com/2/", authorization_url="https://twitter.com/i/oauth2/authorize", token_url="https://api.twitter.com/2/oauth2/token",

kotyatokino commented 8 months ago

oauth 2.0 patched 6.2.0 just works image

kotyatokino commented 8 months ago

Confirmed successfully login with oauth2.0 maybe. put this code to twitter.py then we can user oauth 1.0 =twitter class and then oauth2.0 =twitter2 class I cant understand this page's code block usage......

` def make_twitter2_blueprint( api_key=None, api_secret=None, *, scope=None, redirect_url=None, redirect_to=None, login_url=None, authorized_url=None, session_class=None, storage=None, rule_kwargs=None, ): from authlib.common.security import generate_token from authlib.oauth2.rfc7636 import create_s256_code_challenge strToken = generate_token(128) strChallenge = create_s256_code_challenge(strToken)

twitter2_bp = OAuth2ConsumerBlueprint(
    "twitter2",
    __name__,
    client_id=api_key,
    client_secret=api_secret,
    scope=scope,
    base_url="https://api.twitter.com/",
    authorization_url="https://twitter.com/i/oauth2/authorize",
    token_url="https://api.twitter.com/2/oauth2/token",
    token_url_params={"code_verifier":strToken},
    redirect_url=redirect_url,
    redirect_to=redirect_to,
    login_url=login_url,
    authorized_url=authorized_url,
    session_class=session_class,
    storage=storage,
    rule_kwargs=rule_kwargs,
    authorization_url_params={"code_challenge":strChallenge,
                              "code_challenge_method":"S256"},

)

twitter2_bp.from_config["client_id"] = "TWITTER2_OAUTH_CLIENT_ID"
twitter2_bp.from_config["client_secret"] = "TWITTER2_OAUTH_CLIENT_SECRET"

@twitter2_bp.before_app_request
def set_applocal_session():
    g.flask_dance_twitter2 = twitter2_bp.session

return twitter2_bp

twitter2 = LocalProxy(lambda: g.flask_dance_twitter2) `

and userland code

` bp = make_bp( api_key=mcfg.strTWappid, api_secret=mcfg.strTWappsec, scope="tweet.read users.read offline.access", redirect_url="/captiveportal/twitter2", authorized_url="/authorized" ) : : : me = None try: me = twitter2.get("2/users/me") except Exception as e: g.ilog("Twitter Logged in but something wrong(%s). Redirect to loginpage(%s,%\ s)" % (str(e),tupURL[1]["usermac"],tupURL[1]["magic"])) return redirect(url_for("%s.login" % strSNSname))

if(me.status_code < 200 or me.status_code >= 300):
    g.elog("Twitter auth failed redirect to login: %s ( %s )(%s,%s)" % (me.text,m\

e.status_code,tupURL[1]["usermac"],tupURL[1]["magic"])) return redirect(url_for("%s.login" % strSNSname))

j = me.json()

`

kotyatokino commented 8 months ago

made a pull request.