Log in

No account? Create an account
LiveJournal Client Discussions [entries|archive|friends|userinfo]
LiveJournal Client Discussions

[ userinfo | livejournal userinfo ]
[ archive | journal archive ]

[May. 31st, 2006|02:09 pm]
LiveJournal Client Discussions


I'm working on writing what is basically an RSS feed aggregator in PHP. What I am having trouble with, however, is user authentication (to view firends-only posts, etc).

I can see how to use the XML-RPC specs to generate server-challenge strings for authentication, etc. But what I don't know is how to use that (the user's username, passwd, or anyt authentication that can be gotten from XML-RPC) to actually have PHP authenticate the user (and grab their protected RSS feeds.)

Does anyone have any tips on how to do this (any aspects of libcurl that I'm missing?) I have tried http://username:password@exampleusername.livejournal.com/data/rss?auth=digest, and I have tried that using the md5 hash of my password - but clearly I'm missing something.

If you could point me in the right direction, that would be appreciated.

(edit: changed example URL for digest RSS feeds)

From: snej
2006-06-01 02:41 pm (UTC)
As far as I know, the RSS/Atom feeds don't include non-public posts at all. (But if I'm wrong I'd love to be corrected.)

The only way to do this would be to create a custom journal style whose output is RSS or Atom, then append the force-style query parameter (whose exact syntax I forget) to the journal URL to get it in that style. You'd also have to send the LJ login cookie with the request.
(Reply) (Thread)
[User Picture]From: gargoylemusic
2006-06-01 03:39 pm (UTC)
This URL:

Gives the user a prompt to type in their username/password to see non-public posts. (From http://www.livejournal.com/bots)
(Reply) (Parent) (Thread)
From: snej
2006-06-01 04:24 pm (UTC)
Ah, cool. (Now if only they'd provide an RSS feed of your friends page, like I've been asking them to for about four years...)

I've never done curl stuff from PHP, but you don't need to change the URL; all you need to do is tell it to use digest authentication and provide your username and password. From a shell command line it would be:

curl --digest --user username 'http://exampleusername.livejournal.com/data/atom?auth=digest'

(and curl will prompt for your password. Or you can use the --pass flag.)
(Reply) (Parent) (Thread)
[User Picture]From: hythloday
2006-06-01 04:38 pm (UTC)
What prevents you from aggregating it yourself?
(Reply) (Parent) (Thread)
[User Picture]From: gargoylemusic
2006-06-01 07:59 pm (UTC)
Unfortunetly, using curl this way doesn't work. Without fully understanding what this means, I think LJ uses a challenge-response mechanism for authentication. And, I can use the XML-RPC specs to get the challenge string. And it seems like my response would be in the form:

md5_hex($chalenge_string . md5_hex($password))

The question is (pardon my ignorance), once I have the response, how would I "pass" it to LJ so that it will authenticate my feed?

If RSS feeds won't work, how would I grab friend page updates (bar scraping the page)?
(Reply) (Parent) (Thread)
From: snej
2006-06-04 06:41 am (UTC)
No, I think you're confusing HTTP digest auth with the cookie used for regular page access (which would require you to use the LJ API to get the right string.)

HTTP digest auth does use a challenge/response, but it's nothing specific to LJ, and it's supported by curl. Again, I haven't used the curl API, but if there's a command-line option for it (--digest) then the API must support it.
(Reply) (Parent) (Thread)
[User Picture]From: gargoylemusic
2006-06-04 09:13 pm (UTC)
When I try to use curl via the command line, my authentication fails (does it work for you?)

Might I also need to pass LJ's cookies when requesting the page?
(Reply) (Parent) (Thread)
From: snej
2006-06-04 06:38 am (UTC)
The overhead of hitting 50+ feeds every time.
(Reply) (Parent) (Thread)
[User Picture]From: gargoylemusic
2006-06-30 02:21 am (UTC)
I have actually figured this out - it turns out the server I was using was using a version of curl that was about 3 years old... and hence had 3 years worth of bugs. I updated, and things work solidly now. thank you for your help!
(Reply) (Parent) (Thread)