Log in

No account? Create an account
LiveJournal Client Discussions [entries|archive|friends|userinfo]
LiveJournal Client Discussions

[ userinfo | livejournal userinfo ]
[ archive | journal archive ]

[May. 31st, 2006|02:09 pm]
LiveJournal Client Discussions


I'm working on writing what is basically an RSS feed aggregator in PHP. What I am having trouble with, however, is user authentication (to view firends-only posts, etc).

I can see how to use the XML-RPC specs to generate server-challenge strings for authentication, etc. But what I don't know is how to use that (the user's username, passwd, or anyt authentication that can be gotten from XML-RPC) to actually have PHP authenticate the user (and grab their protected RSS feeds.)

Does anyone have any tips on how to do this (any aspects of libcurl that I'm missing?) I have tried http://username:password@exampleusername.livejournal.com/data/rss?auth=digest, and I have tried that using the md5 hash of my password - but clearly I'm missing something.

If you could point me in the right direction, that would be appreciated.

(edit: changed example URL for digest RSS feeds)

[User Picture]From: hythloday
2006-06-01 04:38 pm (UTC)
What prevents you from aggregating it yourself?
(Reply) (Parent) (Thread)
[User Picture]From: gargoylemusic
2006-06-01 07:59 pm (UTC)
Unfortunetly, using curl this way doesn't work. Without fully understanding what this means, I think LJ uses a challenge-response mechanism for authentication. And, I can use the XML-RPC specs to get the challenge string. And it seems like my response would be in the form:

md5_hex($chalenge_string . md5_hex($password))

The question is (pardon my ignorance), once I have the response, how would I "pass" it to LJ so that it will authenticate my feed?

If RSS feeds won't work, how would I grab friend page updates (bar scraping the page)?
(Reply) (Parent) (Thread)
From: snej
2006-06-04 06:41 am (UTC)
No, I think you're confusing HTTP digest auth with the cookie used for regular page access (which would require you to use the LJ API to get the right string.)

HTTP digest auth does use a challenge/response, but it's nothing specific to LJ, and it's supported by curl. Again, I haven't used the curl API, but if there's a command-line option for it (--digest) then the API must support it.
(Reply) (Parent) (Thread)
[User Picture]From: gargoylemusic
2006-06-04 09:13 pm (UTC)
When I try to use curl via the command line, my authentication fails (does it work for you?)

Might I also need to pass LJ's cookies when requesting the page?
(Reply) (Parent) (Thread)
From: snej
2006-06-04 06:38 am (UTC)
The overhead of hitting 50+ feeds every time.
(Reply) (Parent) (Thread)
[User Picture]From: gargoylemusic
2006-06-30 02:21 am (UTC)
I have actually figured this out - it turns out the server I was using was using a version of curl that was about 3 years old... and hence had 3 years worth of bugs. I updated, and things work solidly now. thank you for your help!
(Reply) (Parent) (Thread)