search

tumblr / docs

Tumblr's public platform documentation.
Apache License 2.0
109 stars 27 forks source link

Pytumblr and returned Authorize URL...? #34

Closed KCPKCP closed 4 years ago

KCPKCP commented 4 years ago

Hello,

I've been working on an app that will read my blog page. The app is registered and its being developed in Python and the Kivy UI.

When testing, I'm logging in multiple times. This issue that I've encountered is that after so many logins, the returned authorized URL has changed.

I'm using Pytumblr to login and typically, the returned authorize URL is similar to: 1.) http://www.tumblr.com/oauth/authorize?oauth_token=blahblahblahblahblah

The last few days, the URL returned is now: 2.) https://api.tumblr.com/console#_=_

then looks like: 3.) https://www.tumblr.com/login?redirect_to=%2Foauth%2Fauthorize%3Foauth_token%3DblahblahblahblahblahPair%26source%3Dconsole&source=console

The 2nd and 3rd URLs are only being returned when I test with the KIVY interface.... I've also noticed that the "source=console" parameter was added.

When I test via cmd-line script, the returned URL is similar to#1.

Do you have any suggestions as to why this has suddenly occurred?

cyle commented 4 years ago

It is possibly a bug on our end, we'll take a look. Thanks for the detailed info!

KCPKCP commented 4 years ago

Let me know if there is anything else that I need to provide.

Not sure if it matters, but I'm working in a Windows environment.

Thanks,

KP

sndsgd commented 4 years ago

@KCPKCP I'm able to confirm that the following work as expected:

  1. Using the interactive_console.py script to create an oauth1 access token/secret from the command line
  2. Using the API console to create oauth1 access token/secret using a web browser

That said, we did recently ship a change to mitigate a security exploit on the api console, so if you are using something that interacts with the api console that might explain the issue you're seeing. If that is the case, please add a referer: https://api.tumblr.com/console header to your requests.

If that is not the case, can you please provide some code that we can use to reproduce? Please be sure to omit your credentials so they remain secret.

Thanks for the report!

KCPKCP commented 4 years ago

Hi Russell,

Adding the referer:https//api.tumblr.com/console to the header was able to resolve the issue.

THANK YOU !!!

I do believe that you can mark this issue as "resolved".

Regards,

KP