||[May. 31st, 2006|02:09 pm]
LiveJournal Client Discussions
I'm working on writing what is basically an RSS feed aggregator in PHP. What I am having trouble with, however, is user authentication (to view firends-only posts, etc).|
I can see how to use the XML-RPC specs to generate server-challenge strings for authentication, etc. But what I don't know is how to use that (the user's username, passwd, or anyt authentication that can be gotten from XML-RPC) to actually have PHP authenticate the user (and grab their protected RSS feeds.)
Does anyone have any tips on how to do this (any aspects of libcurl that I'm missing?) I have tried http://username:email@example.com/data/rss?auth=digest, and I have tried that using the md5 hash of my password - but clearly I'm missing something.
If you could point me in the right direction, that would be appreciated.
(edit: changed example URL for digest RSS feeds)
Unfortunetly, using curl this way doesn't work. Without fully understanding what this means, I think LJ uses a challenge-response mechanism for authentication. And, I can use the XML-RPC specs to get the challenge string. And it seems like my response would be in the form:
md5_hex($chalenge_string . md5_hex($password))
The question is (pardon my ignorance), once I have the response, how would I "pass" it to LJ so that it will authenticate my feed?
If RSS feeds won't work, how would I grab friend page updates (bar scraping the page)?
2006-06-04 06:41 am (UTC)
No, I think you're confusing HTTP digest auth with the cookie used for regular page access (which would require you to use the LJ API to get the right string.)
HTTP digest auth does use a challenge/response, but it's nothing specific to LJ, and it's supported by curl. Again, I haven't used the curl API, but if there's a command-line option for it (--digest) then the API must support it.
When I try to use curl via the command line, my authentication fails (does it work for you?)
Might I also need to pass LJ's cookies when requesting the page?