July 25th, 2004


Authentication Style Question (And Request)

Hi, I am working on a Java Package to offer all the functionality of a Live Journal Client in a nice and easy way. Anyhow, I have been looking at the protocol documentation and was basically just wondering on opinions of other developers and what they would consider good and bad style. If this sort of post is 'wrong' here, please inform me - I'm kinda new to LJ, especially Communities, and don't know the etiquette yet.

Authentication - Am I correct in believing that, unless you use the 'cookie' method of auth, then you are expected to send the auth details with each LJ request? Unfortunately, the Apache Xml-Rpc library for Java doesn't support cookies, and I don't feel like hacking the code unless I have to - so that means 2 requests per 'LJ Request' as it were (challenge/response) - is this considered OK?

Are there any plans to add the option to send session cookie with the RPC call instead of as a POST header? Since you can send any other authentication method with the call, it seems a shame that you cannot send the session cookie in the same manner. And of course, it means that xml-rpc wrappers that hide the POST request from you cannot use the cookie method. Is there another LJ that I should request this update in, or can I go through a CVS and put forth a suggested update myself? I guess it shouldn't be that hard - I would imagine all these vars are handled around the same place.

Many thanks, and apologies again if ant of this is 'bad etiquette'. Consider it also a kind of introduction too!

John Wordsworth
Working hard on WingedMonkey - A LJ Client Java Package
  • Current Music
    U2 - Alex Decends into Hell for a Bottle of Milk