Launchpad itself

GET api.launchpad.net/1.0/ doesn't check OAuth validity

Bug #877913 reported by Martin Pool on 2011-10-19

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Launchpad itself	Triaged	Low	Unassigned

Bug Description

If you request api.launchpad.net/1.0 (which implicitly happens when lplib creates a Launchpad object), using expired OAuth credentials, the request completes anyhow. However, if you request other public objects such as /1.0/debian with an expired token, the request fails. This seems inconsistent and makes coding a client that handles expiry cleanly very slightly harder.

I think Launchpad ought to either:
- refuse everything with invalid oauth or
- treat it as being unauthenticated

Tags:

Revision history for this message

William Grant (wgrant) wrote on 2011-10-19:

WADL is now served from Apache, so it's a little difficult to verify the token.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.