Skip to content
This repository has been archived by the owner on Nov 10, 2024. It is now read-only.

Confusion about bearer tokens #387

Closed
alexpghayes opened this issue Jan 26, 2020 · 2 comments · Fixed by #542
Closed

Confusion about bearer tokens #387

alexpghayes opened this issue Jan 26, 2020 · 2 comments · Fixed by #542
Labels
authentication bug

Comments

@alexpghayes
Copy link
Contributor

I'm trying to understand bearer tokens better by using two tokens that I have for different applications.

I have two tokens, token1 and token2, that are clearly different:

> identical(token1, token2)
[1] FALSE

However, the corresponding bearer tokens are identical. When and why is this the case?

> bearer1 <- bearer_token(token1)
> bearer2 <- bearer_token(token2)
> 
> 
> identical(bearer1, bearer2)
[1] TRUE
@colts183281
Copy link

Yea I'm working through the same issue. One thing I know is that if you open different projects you create different bearer_tokens but it would be useful to use different bearer tokens in the same project. I'm trying to work through the code and see if I can figure out what's going on.

@llrs llrs mentioned this issue Feb 15, 2021
Closed
@llrs
Copy link
Collaborator

llrs commented Feb 16, 2021
edited
Loading

The problem might come from how the bearer are stored. They are added to the rtweet:::.state enviroment, so the second bearer token overwrites the first bearer token (if the second gets created at all!) See the internal get_bearer function.

hadley added a commit that referenced this issue Mar 5, 2021
@hadley
Start simplifying bearer token interface
21a253d 
The bearer token is no longer cached; it's not an expensive operation to retrieve it, it's app specific, and the user should be storing in a variable anyway. A bearer token is (nearly) equivalent to having the client app and secret, so I've made it harder to expose by accident with a new print method, and made it more difficult to use rtweets default app.

The tests currently fail because invalidate_bearer() doesn't work, probably because I don't understand the asymmetry between getting an access token and invalidating an access token.

Fixes #387
@hadley hadley mentioned this issue Mar 5, 2021
Closed
@hadley hadley mentioned this issue Mar 25, 2021
Merged
hadley added a commit that referenced this issue Mar 30, 2021
@hadley
Overhaul auth mechanism to support multiple tokens/auth mechanisms (#542
270733c 
)

* New `rtweet_app()`/`rtweet_bot()`/`rtweet_user()` to define authentication mechansim
* `auth_as()` to set default for current session
* `auth_save()` to save for future session
* `auth_setup_default()` to set up default auth

Fixes #469. Fixes #387.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
authentication bug
Projects
None yet
Milestone
No milestone
3 participants
@llrs @alexpghayes @colts183281