Incorrect auth documentation for Liking users

sdand · 2022-11-01T08:26:41.083Z

In the id/liking_users documentation(GET /2/tweets/:id/liking_users | Docs | Twitter Developer Platform) It says here you can authenticate id/liking_users via OAuth 2.0 Authorization Code with PKCE however thats not the case, both because I have tried and gotten a 403 Forbidden code when using access tokens and also here: Likes introduction | Docs | Twitter Developer Platform where it says it can only be authenticated with OAuth2.0 Bearer Token (not auth code with pkce)

IgorBrigadir · 2022-11-01T11:52:58.613Z

What code / library are you using?

sdand · 2022-11-02T01:45:37.434Z

I use the provided Typescript API but just to verify I started a fresh Postman account, inputted an oauth user access token and the user’s id and got a 403 Forbidden response with no explanation. I used the same access token and was able to fetch a reverse cron timeline to verify there was no issue with the token itself

The only way /liking_users worked was with an App-only Bearer Token

IgorBrigadir · 2022-11-02T05:00:19.164Z

Do you have the exact parameters you specified?

I ran it with twurl for this tweet: https://twitter.com/TwitterDev/status/1587066866824085505

twurl "/2/tweets/1587066866824085505/liking_users"

(with oAuth1.0a)

and

twurl --bearer "/2/tweets/1587066866824085505/liking_users"

oAuth2.0 Application Only, both gave me the exact same thing.

sdand:

inputted an oauth user access token and the user’s id and got a 403 Forbidden response with no explanation.

Just in case there’s confusion between the two endpoints: /2/tweets/.../liking_users takes a Tweet ID, not a user ID as a path parameter, and returns the users that liked the specified tweet.

/2/users/.../liked_tweets takes a user ID as a path parameter and returns tweets the user liked. The user must be public for this to work, but this worked for me too:

twurl "/2/users/2244994945/liked_tweets"

and

twurl --bearer "/2/users/2244994945/liked_tweets"

But i did not try oAuth2.0 PKCE.

sdand · 2022-11-02T06:00:46.823Z

My mistake I meant liked_tweets doesn’t work with OAuth 2.0 pkce while it is listed in the docs as a supported authentication method: GET /2/users/:id/liked_tweets | Docs | Twitter Developer Platform.

kato_shinya · 2022-11-02T06:41:04.755Z

Hi @sdand ,

I have tried this endpoint with an access token issued by OAuth 2.0 PKCE and it’s successful with the following request.

/2/users/$userId/liked_tweets?max_results=5

Is the scope of the access token obtained correct?
You need following scopes when you authorize in OAuth 2.0 PKCE.

tweet.read
users.read
like.read

sdand · 2022-11-02T21:39:41.424Z

My mistake, I didn’t realize there was a like.read permission. Thanks for the help everyone!