用户身份验证和仅应用身份验证之间的区别? [英] Difference between user and app-only auth?
问题描述
我已经阅读了 Twitter 文档,但肯定遗漏了一些东西.
I've been read the Twitter docs but must be missing something.
用户身份验证和仅应用身份验证具有不同的速率限制和功能,但我正在努力处理每个用例.
User auth and app-only auth have different rate limits and capabilities, but I'm struggling to get a handle on use cases for each.
用户身份验证是否仅适用于使用 Twitter 登录"风格的应用程序,因此因为您代表用户行事,您可以做更多事情?
Is user auth just for "Sign in with Twitter" style apps, and so because you're acting on behalf of the user you can do more?
什么是仅应用身份验证?我已经为我拥有的帐户手动生成了一个密钥 - 因为我在没有用户的情况下手动创建了这个应用程序吗?
What is app only auth? I have generated a key manually for an account I have - because I created this manually without a user is that app only?
很困惑!任何帮助表示赞赏.
Very confused! Any help appreciated.
推荐答案
UPDATE 2020 年 12 月: Twitter 最近推出了 API v2,twitter 官方文档.
UPDATE Dec, 2020: Twitter recently launched API v2 and rate limits related to user or app auth are better described in twitter official docs.
这意味着您可以使用应用身份验证或用户身份验证令牌访问此 API 函数.在某些请求中,您只能使用用户身份验证 令牌进行访问.
This means you can access this API function with an app auth or a user auth tokens. In some requests you only can access with user auth token.
应用身份验证编号:是您的应用在 15 分钟内可以使用应用身份验证"令牌执行的最大请求数.
App Auth number: Is the highest number of requests your app can do in a 15min window, with 'app auth' token.
用户身份验证编号:是您的应用在 15 分钟内可以使用用户身份验证"令牌执行的最大请求数.
User Auth number: Is the highest number of requests your app can do in a 15min window, with 'user auth' token.
您需要知道您的库/模块是如何获得认证的.来源
You need to know how your library/module is getting auth. Source
应用身份验证和用户身份验证是 API twitter 管理 OAuth 的两种方式.您可以使用 Twython 模块来处理这个 python 示例:
App Auth and User Auth are the two ways API twitter can manage OAuth. You can do with this python example using Twython module:
from twython import Twython
# App Auth
tw_auth = Twython(APP_KEY, APP_SECRET, oauth_version=2)
token = tw_auth.obtain_access_token()
twitter = Twython(APP_KEY, access_token=token)
另外,如果您想使用用户令牌进行身份验证:
By other way, if you want to authenticate with User Tokens:
from twython import Twython
# User Auth
tw_auth = Twython(APP_KEY, APP_SECRET)
token = tw_auth.get_authentication_tokens()
twitter = Twython(APP_KEY, APP_SECRET, auth['oauth_token'],
auth['oauth_token_secret'])
(...这最后一个方法 有点长,因为使用身份验证令牌,您需要.get_authorized_tokens(prompted_pin) 进行新的 Twython 方法调用.这只是一个示例,说明您需要 4 个密钥/令牌相反 2)
(...this last method is a bit longer, because with the authentication tokens you need to .get_authorized_tokens(prompted_pin) to make a new Twython method call. This is only an example to show you need 4 keys/tokens instead 2)
现在,如果您提出请求,则 15 分钟窗口的计数器取决于您的身份验证方式:
Now, if you make a request, the counter for your 15min window depends on how you are authenticated:
# Now you are authenticated with *App Auth* or *User Auth*
# Limits will be 450 for AppAuth and 180 for UserAuth in 15min window
results = twitter.search(q='StackOverflow',result_type='recent', count='10')
之所以存在这些差异,是因为并非所有 API 方法都支持仅限应用程序的身份验证.某些方法需要用户上下文.
These differences exists because not all API methods support application-only authentication. Some methods require a user context.
我可以处理现实世界的场景,你会使用一个而不是另一个?
I could do with real world scenarios where you would use one over the other?
当然!看看这个 关于 Twitter 速率限制的图表并进行比较.有时您无法仅使用 appAuth 发出请求,例如与用户相关的操作.如果您想要 GET statuses/user_timeline,每个身份验证的限制是不同的也许你更喜欢 AppAuth,但如果你想要 GET 列表/成员 也许您更喜欢 UserAuth,因为它在速率限制方面有一些优势.
Of course! look this chart about Twitter rate limits and compare. Sometimes you can't make requests with appAuth-only, for example user related actions. Limits are different for each auth, if you want GET statuses/user_timeline maybe you prefer AppAuth, but if you want GET lists/members maybe you would prefer UserAuth, because it has some advantage with rate limits.
这篇关于用户身份验证和仅应用身份验证之间的区别?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
