March 21st, 2006


Auth for bots

I am thinking about writing small script which allows you to subscribe to all new comments in your journal using RSS. It would be service, similar to Friends RSS Tracking. The problem is, that in order to use Comments Export API I need to authenticate as given user. I do not really want to ask user for his password.

I was thinking that it would be nice to have authentication scheme, where I can issue a challenge, send user along with challenge (along with expiration date) to LiveJournal web site where he would type his password and response is returned to me. Similar to how it is done in Flat Protocol Challenge/Response auth. Of course, even with this approach user still gives me access to his journal which implies certain level of trust, but at least I do not have responsibility of dealing with his password.

If there is any way for me to do something like this right now?

P.S. Flickr auth API takes this approach even further, with permissons and other bells and whistles.