Zach Copley
|
b82e55356d
|
Return an http auth error, when a client sends in an invalid auth user, even when http auth is not required.
|
2010-03-26 19:58:15 +00:00 |
|
Brion Vibber
|
1c942afa60
|
Workaround for HTTP authentication in the API when running PHP as CGI/FastCGI. Example rewrite lines added as comments in htaccess.sample, API tweaked to accept alternate environment var form.
|
2010-03-17 10:52:11 -07:00 |
|
Zach Copley
|
7f2253759c
|
A blank username should never be allowed.
|
2010-03-10 03:39:05 +00:00 |
|
Evan Prodromou
|
5f7aa6f2e3
|
make API realm configurable
|
2010-03-08 12:36:03 -05:00 |
|
Zach Copley
|
e650794300
|
Remove unnecessary requires
|
2010-02-25 22:06:31 -08:00 |
|
Zach Copley
|
2085b506d4
|
Always check for an OAuth request. This allows OAuth clients to set an
auth user, similar to how they can set one via http basic auth,
even if one is not required. I think I finally got this right.
|
2010-02-02 23:17:28 +00:00 |
|
Zach Copley
|
48a1a5a2dc
|
Adjust API authentication to also check for OAuth protocol params in the
HTTP Authorization header, as defined in OAuth HTTP Authorization Scheme.
|
2010-01-29 01:49:38 +00:00 |
|
Zach Copley
|
f296f04abd
|
Remove debugging statement
|
2010-01-28 01:24:40 +00:00 |
|
Zach Copley
|
324590c46e
|
Some adjustments to the way API auth works after merging testing and 0.9.x
|
2010-01-28 00:45:06 +00:00 |
|
Michele
|
b0a325f7d0
|
HTTP auth provided is evaluated even if it's not required
|
2010-01-27 14:06:27 -08:00 |
|
Zach Copley
|
923b7de3c6
|
- Check for read-only vs. read-write access to protected API resources (OAuth)
- Some cleanup
|
2010-01-27 08:41:26 +00:00 |
|
Zach Copley
|
4daf76212a
|
- Had to remove checking read vs. read-write in OAuth authenticated methods
- Will now pick up source attr from OAuth app
|
2010-01-25 00:51:56 +00:00 |
|
Zach Copley
|
8b24b5ac7b
|
Add Start/EndSetApiUser events when setting API user via OAuth
|
2010-01-24 16:46:37 -08:00 |
|
Zach Copley
|
1f8ddf716d
|
Check for read vs. read-write access on OAuth authenticated API mehtods.
|
2010-01-24 16:36:06 -08:00 |
|
Zach Copley
|
8da5e98cba
|
OAuth 1.0 working now
|
2010-01-24 16:36:04 -08:00 |
|
Zach Copley
|
8e91e05392
|
Make API auth handle OAuth requests w/access tokens
|
2010-01-24 16:36:03 -08:00 |
|
Zach Copley
|
a199bd808a
|
Fix issue with favorited/following always being set to false
|
2009-12-14 18:16:45 +00:00 |
|
Craig Andrews
|
d07df8a796
|
Added Authorization plugin
Added LDAPAuthorization plugin
|
2009-11-18 14:19:43 -05:00 |
|
Brion Vibber
|
088081675f
|
Revert "Remove more contractions"
This reverts commit 5ab709b739 .
Missed this one yesterday...
|
2009-11-09 20:01:46 +01:00 |
|
Siebrand Mazeland
|
5ab709b739
|
Remove more contractions
* doesn't
* won't
* isn't
* don't
|
2009-11-08 23:32:15 +01:00 |
|
Zach Copley
|
870b091693
|
Added in credits.
|
2009-10-12 16:36:00 -07:00 |
|
Zach Copley
|
4efbe32f6a
|
Use site's name for basic auth realm
|
2009-10-12 15:12:20 -07:00 |
|
Zach Copley
|
559918826a
|
Remove more redundant $formats
|
2009-10-09 17:11:40 -07:00 |
|
Zach Copley
|
743c844084
|
Move all basic auth output and processing to base classes
|
2009-10-09 16:57:22 -07:00 |
|
Zach Copley
|
bb08611def
|
Delete action/api.php and rename lib/twitterapi.php to lib/api.php
|
2009-10-09 14:22:18 -07:00 |
|
Zach Copley
|
e307adfbfc
|
New actions for /statuses/friends and /statuses/followers + social graph methods
|
2009-09-30 10:22:26 -07:00 |
|
Zach Copley
|
37bdc060c5
|
phpcs on apifriendstimeline.php, apiauth.php and apibareauth.php
|
2009-09-27 15:33:46 -07:00 |
|
Zach Copley
|
de5ff19713
|
Moved basic auth stuff into its own classes
|
2009-09-25 16:58:35 -07:00 |
|