NewCaw icon indicating copy to clipboard operation
NewCaw copied to clipboard

Published 20 hours ago verified publisher icon CodedOre

Add sign out to `Account`

Open CodedOre opened this issue 3 years ago • 2 comments

At some point we need to add a method to sign an Account out and revoke the access token connected.

Since Twitter's OAuth endpoints aren't clearly documented and it's not the highest priority now, I noting it as a to-do for later.

CodedOre avatar Mar 09 '22 16:03 CodedOre

So, technically this is now implemented with Account.revoke_access.

However, the current implementation does not work with Twitter. The revoke method ^1 requires the parameters such as client_id and the token to be passed on as x-www-form-urlencoded. And it seems for me like librest is encoding it as such ^2 (or I missed something). Still, the servers return only a Forbidden, without any note of what I'm doing wrong.

So, since it's technically implemented by partially broken, I keep this open for now.

CodedOre avatar Sep 13 '22 13:09 CodedOre

I guess you need to intercept the traffic to see what's actually being transmitted. It's possible to get Wireshark to decrypt HTTPS (I've done it with Firefox when checking some website stuff) but it looks like it's much harder to get the initial encryption key with OpenSSL.

IBBoard avatar Sep 14 '22 19:09 IBBoard