Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Attaching Media on behalf of users authenticated via oAuth 2.0 PKCE doesn't work #108

Open
ivannovak opened this issue Sep 19, 2024 · 3 comments
Open

Attaching Media on behalf of users authenticated via oAuth 2.0 PKCE doesn't work #108

ivannovak opened this issue Sep 19, 2024 · 3 comments

Comments

@ivannovak
Copy link
Contributor

... and I think this is fine because the upload-media API requires oauth 1.1, but it opens up what seems to be an unaccounted for error condition. I think handling the error more elegantly would have saved me time and maybe it'd save some time for others as well.

For better context, I was using socialstream with the twitter oauth v2 provider. Users were able to login to the app and in connected accounts they would have a token and refresh_token set without a secret... by design.

When creating new posts from the app's account, there's no issue because the app has it's own provisioned access token and secret generated via the twitter app so it can seamlessly switch between 1.1 and 2.

Also, when creating new text based posts on behalf of other users it works just fine. Using the documentation for Twitter and the source for the twitter notification channel, the routeNotificationsForTwitter ended up looking like this:

public function routeNotificationForTwitter($notification)
{
    $connectedAccount = $this->connectedAccounts->where('provider', Providers::twitterOAuth2())->first();
    return [
        config('services.twitter.consumer_key'),
        config('services.twitter.consumer_secret'),
        null,
        $connectedAccount->token ?? null, // uses the token as the bearer per the oauth 2.0 pkce docs and \Abraham\TwitterOAuth source
    ];
}

However, where it breaks is when attempting to attach media when posting on behalf of the user and using the bearer token generated through oauth 2.0 pkce. Even if the scopes are setup appropriately with tweet.read, tweet.write, and users.read.

The TwitterChannel send method appropriately sets the api version to 1.1 prior to handling media, but breaks in an unhandled way if the credentials being used are not compliant with 1.1.

The errors look like this:

   WARNING  Undefined property: stdClass::$media_id_string in vendor/abraham/twitteroauth/src/TwitterOAuth.php on line 384.


   WARNING  Undefined property: stdClass::$media_id_string in vendor/abraham/twitteroauth/src/TwitterOAuth.php on line 384.


   WARNING  Undefined property: stdClass::$media_id_string in vendor/abraham/twitteroauth/src/TwitterOAuth.php on line 384.


   WARNING  Undefined property: stdClass::$media_id_string in vendor/abraham/twitteroauth/src/TwitterOAuth.php on line 384.


   WARNING  Undefined property: stdClass::$media_id_string in vendor/abraham/twitteroauth/src/TwitterOAuth.php on line 384.


   WARNING  Undefined property: stdClass::$media_id_string in vendor/abraham/twitteroauth/src/TwitterOAuth.php on line 401.


   WARNING  Undefined property: stdClass::$media_id_string in vendor/laravel-notification-channels/twitter/src/TwitterChannel.php on line 105.


   TYPE ERROR  Abraham\TwitterOAuth\TwitterOAuth::mediaStatus(): Argument #1 ($media_id) must be of type string, null given, called in vendor/laravel-notification-channels/twitter/src/TwitterChannel.php on line 105 in phar:///Applications/Tinkerwell.app/Contents/Resources/tinkerwell/tinker.phar/vendor/psy/psysh/src/Exception/TypeErrorException.php on line 20.


Abraham\TwitterOAuth\TwitterOAuth::mediaStatus(): Argument #1 ($media_id) must be of type string, null given, called in ..../vendor/laravel-notification-channels/twitter/src/TwitterChannel.php on line 105
/vendor/abraham/twitteroauth/src/TwitterOAuth.php:58
 	/vendor/laravel-notification-channels/twitter/src/TwitterChannel.php:105
 	 	 in Abraham\TwitterOAuth\TwitterOAuth::mediaStatus()

I'm pretty sure I exhausted all avenues of application tweaks and twitter/x app configuration here, but I'm all ears if you know of a pathway to use 1.1 media AND 2.0 auth on behalf of other users. I ended up switching back to the twitterOAuth1() provider which generates 1.1 compliant token and secret to post on behalf of users. Good enough workaround.

As for a proposed solution, I'm equally unsure. For my use case, I found that $init was coming back null in \Abraham\TwitterOAuth on line 367... outside the scope of the twitter notification channel package. Seems as though this might be out of scope OR maybe a new exception around the uses of $this->twitter->upload which gets thrown if the return is borked, but even that would still dump out bad references from Abraham's package. Tough one.

Happy to discuss and submit a PR if we find a decent solution.
@christophrumpel
Copy link
Collaborator

Thanks, @ivannovak, for all the details, and sorry for the issues you had. Honestly, I currently don't have time to look into this. If you got an idea for a PR I'm open for taking a look at that and help.

@ivannovak
Copy link
Contributor Author

No worries at all @christophrumpel! I'm sure you're plenty busy elsewhere. Figured, worst case this could help someone else along the way.

@christophrumpel
Copy link
Collaborator

Yeah right, thanks a lot fo sharing. I will keep the issue open so people can read it. And I hope there will be a point when we are past those issues 🙏 and when I find some time again.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ivannovak @christophrumpel