Fix Twitter API Oauth Error

[dblythy]

New Pull Request Checklist

• I am not disclosing a vulnerability.
• I am creating this PR in reference to an issue.

Issue Description

Fixes the failing test explained in #7369.

Approach

Changes the endpoint that the GET request makes from https://api.twitter.com/1.1/help/configuration.json to https://api.twitter.com/1.1/oauth/request_token.

[codecov]

Codecov Report

Merging #7370 (8ac31c4) into master (181fbf9) will decrease coverage by 0.00%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master    #7370      +/-   ##
==========================================
- Coverage   93.92%   93.92%   -0.01%     
==========================================
  Files         181      181              
  Lines       13195    13195              
==========================================
- Hits        12394    12393       -1     
- Misses        801      802       +1     

Impacted Files	Coverage Δ
src/batch.js	91.37% <0.00%> (-1.73%)	⬇️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 181fbf9...8ac31c4. Read the comment docs.

[mtrezza]

Thanks for opening this PR.

I think this PR is incorrect. I don't understand why you suggest to change the endpoint, unless the test used an incorrect endpoint to begin with.

• a) https://api.twitter.com/1.1/help/configuration.json
  According to the docs the existing endpoint is valid and should return a config JSON, but it currently does not return anything.

• b) https://api.twitter.com/oauth/request_token
  The docs for the endpoint suggested in this PR say it's actually a POST endpoint with a different purpose and returns a JSON with content that is unrelated to the previous endpoint.

The two endpoints seem to be for completely different purposes and the test in this PR may only pass because endpoint (b) returns a JSON (albeit with different content) which makes auth fail as the test expects.

My guess is that endpoint (a) is just temporarily down or has been throttled for us because:

It is recommended applications request this endpoint when they are loaded, but no more than once a day.

Conclusion:

• Investigate which endpoint the test requires
• If the test requires endpoint (a), investigate why the endpoint doesn't work instead of replacing it
• Make test more robust, because it seems to fail for whatever reason, as long as the API responds with a JSON

[dblythy]

Hey @mtrezza, thanks for your comments. You’re correct, as the current endpoint has worked for so long, perhaps it’s a Twitter issue. The change in this PR simply changes the endpoint without attempting to understand why the existing endpoint no longer works (I’m assuming it is depreciated). Perhaps the best approach is wait until the endpoint works again?

[mtrezza]

I'll continue in the issue thread.

[mtrezza]

After identifying the underlying issue, I suggest the following changes:

• Use a different endpoint
  The suggested endpoint /1.1/oauth/request_token is not a valid endpoint according to the docs. It returns the expected invalid auth response but so does /1.1/oauth/blabla. Also, it is documented as a POST endpoint, but the test is for a GET endpoint. It's surprising that the test passes, likely because the Twitter API is quite graceful. Also, the correct endpoint /oauth/request_token (without the 1.1) does not require auth, it is an endpoint to authenticate, not to request a resource that requires authentication, which is what the test is about.

• Use endpoint /1.1/account/settings.json
  It's the same endpoint the POST test uses below the GET test; the endpoint is actually a POST and GET endpoint, so we don't need to rely on two different dummy endpoints for two http methods.

• Add a comment to the 2 tests
  To avoid confusion in the future, we should add a line to both tests (POST and GET) that these endpoints are just picked as dummies to test auth failing, for example:

  This endpoint has been chosen to make a request to an endpoint that requires OAuth which fails due to missing authentication. Any other endpoint from the Twitter API that requires OAuth can be used instead in case the currently used endpoint deprecates.

• Clarify test purpose
  Should fail a GET request is too ambiguous. These two tests are designed to fail when trying to request a resource that requires oauth. I suggest to rename the 2 tests to:

  should fail making a GET request with invalid credentials for a resource that requires OAuth
  should fail making a POST request with invalid credentials for a resource that requires OAuth

  Also, we should change the consumer_key and consumer_secret from XXX to invalid, to make it clear that these are supposed to be invalid and therefore the tests should fail.

[dblythy]

Thanks for the suggestions! I'll add the changes.

[mtrezza]

Formally requesting the changes so we don't merge with invalid endpoint by mistake.

[mtrezza]

This looks good! Any thing you want to add before merging?

[dblythy]

Nope! I'm ready to merge 😊

[mtrezza]

LGTM Thanks for tackling this so quickly!

[parseplatformorg]

🎉 This change has been released in version 5.0.0-beta.1

[parseplatformorg]

🎉 This change has been released in version 5.0.0