Support OAuth 2.0 User Context for bookmarks endpoint #4
Description
Problem Description
The x-cli me bookmarks command fails with a 403 error:
RuntimeError: API error (HTTP 403): {
"title": "Unsupported Authentication",
"detail": "Authenticating with OAuth 1.0a User Context is forbidden for this endpoint. Supported authentication types are [OAuth 2.0 User Context].",
"type": "https://api.twitter.com/2/problems/unsupported-authentication",
"status": 403
}
Expected Behavior
The x-cli me bookmarks command should successfully retrieve the authenticated user's bookmarks using X API v2.
Root Cause
The X API has changed their authentication requirements for the /2/users/{id}/bookmarks endpoint. According to the official X API documentation, this endpoint now requires OAuth 2.0 User Context authentication with the following scopes:
bookmark.readtweet.readusers.read
Currently, x-cli uses OAuth 1.0a User Context for authenticated read operations (like get_bookmarks, get_mentions). See api.py:L190.
Suggested Fix
Implement OAuth 2.0 User Context authentication in x-cli to support the bookmarks endpoint. This would require:
- Implementing OAuth 2.0 Authorization Code Flow with PKCE
- Storing user access tokens and refresh tokens
- Adding a new authentication method to
_oauth2_request()or similar - Updating
get_bookmarks()to use the OAuth 2.0 authentication method
Impact
This affects:
x-cli me bookmarksx-cli me bookmarkx-cli me unbookmark- Potentially other authenticated read endpoints if X updates them similarly
Notes
- Other authenticated read operations (like
get_mentions) may also be affected by this X API change - OAuth 2.0 User Context is different from both OAuth 1.0a and OAuth 2.0 Application-Only (Bearer token)