So am I understanding this correctly that this means TwitPic won't have to
ask for the user's Twitter username and Password any more and will instead
be able to use OAuth and still provide an API to their users? I'm trying to
figure out if this is encouraging the use of the username and password o
Really very cool.
http://engineering.twitter.com/
Sorry. False alarm. I screwed something up in my Twitter library.
On Feb 10, 1:20 am, Dewald Pretorius wrote:
> Is anyone else also experiencing tons of connection refuses on
> statuses/update?
The term most frequently used for "delegator" is "relying party." What you
call the service provider is most frequently called the "identity provider."
What you call the consumer is usually called the "subject." See OpenID,
InfoCard, and other similar specifications for example usage of these terms
hi all.
thanks so much for the conversation so far! its been great. i've taken a
bunch of the comments and incorporated them into a newer version
http://mehack.com/a-proposal-for-delegation-in-oauth-identity-v-0
let's continue to tear this apart.
On Tue, Feb 9, 2010 at 8:43 PM, Harshad RJ wr
Is anyone else also experiencing tons of connection refuses on
statuses/update?
On Wed, Feb 10, 2010 at 8:17 AM, Abraham Williams <4bra...@gmail.com> wrote:
>
>
> On Tue, Feb 9, 2010 at 05:28, Dewald Pretorius wrote:
>
>> Two additions to OAuth that will be very helpful:
>>
>> 1) When a user removes the application from their connections, Twitter
>> should make a callback to
Raffi,
I see your and Abraham's point. From that perspective I agree
regarding 2.
On Feb 9, 11:09 pm, Raffi Krikorian wrote:
> > 2) There should be a call my system can make to remove the app from
> >> the user's connections, typically in the case where the user deletes
> >> his account from my
I posted a response on the blog which I am copy-pasting here:
If the intention is to just delegate identity, this can be achieved more
easily with what is available today:
The Consumer, prepares a verify-credentials HTTP request, signed with its
OAuth token, and passes this URL to the delegator,
>
> 2) There should be a call my system can make to remove the app from
>> the user's connections, typically in the case where the user deletes
>> his account from my system.
>>
>
> I am strongly against this. I don't like the idea that an application can
> act on my behalf then "disappear". Any a
On Tue, Feb 9, 2010 at 05:28, Dewald Pretorius wrote:
> Two additions to OAuth that will be very helpful:
>
> 1) When a user removes the application from their connections, Twitter
> should make a callback to my system so that I can delete the account
> from my DB.
>
Your application should alre
In the example, would the user have to grant TwitPic access to his account?
I would like to be able to assure TwitPic about the user's identity without
the user having to grant TwitPic any read or read/write access to his
account.
Why does the delegator need to send the service provider x_reque
On Tue, Feb 9, 2010 at 8:39 PM, Mark McBride wrote:
> We pushed fixes to the mobile OAuth page last night that should have fixed
> the page on BlackBerry devices. Please let us know if you still see issues.
Mark,
Can I suggest to make the allow/deny button a bit larger?
Looks small on my iPhon
>
> Very pleased that this went out... I've been pushing for this on this list
> for quite a while now...
>
> Let us know if you need any help in any way...
>
i think the biggest thing is just to comment on it, or let me know that it
makes sense. this is relatively easy for us to implement, but w
Hi Raffi,
Very pleased that this went out... I've been pushing for this on this list
for quite a while now...
Let us know if you need any help in any way...
As a side note - TweetPhoto has claimed on this list that they have some
sort of oAuth delegation live?? I haven't played with it yet, but
If one already knows the screen_name of the account for which you're
requesting authorization, it will be really great if:
1) One can send the screen_name along with the redirect.
2) Then Twitter can automatically log the person out if he is not
logged into the target account, and he's then presen
hi all.
i apologise that i'm running behind on getting these out, but i've put out
the first in a series of blog posts regarding what twitter is doing with
oauth moving forward -- this one, specifically, is a RFC around "delegation
in OAuth identity verification". a total mouthful, i know, so it
I don't see how Allow being the default can be a security issue. The
user is specifically sent to that page for the purpose of granting
access. Only a minuscule number of users will need to click the Deny
button.
But, I think you're right that the real issue is that the Deny button
is the first su
Yes.
-Doug
On Feb 9, 3:27 pm, eco_bach wrote:
> Hi
> I'm confused about the differences in query string parameters if you
> use the advanced search page
>
> vs referencing the Twitter search operators
> pagehttp://search.twitter.com/operators
>
> Are both of the following equivalent?
>
> http:/
Hi
I'm confused about the differences in query string parameters if you
use the advanced search page
vs referencing the Twitter search operators page
http://search.twitter.com/operators
Are both of the following equivalent?
http://search.twitter.com/search?q=&ands=&phrase=near+city
http://sea
Making "Allow" a default on a security authorization page seems to be
asking for trouble later. At present the "Deny" button is of type
"submit". They can't use "reset" as that won't send anything back to
twitter (unless you add some sort of event via Jquery). "Deny"
doesn’t appear to be the def
hi - i'm still a bit behind, but i've posted a sample workflow of how
identity delegation may work in oauth - this is definitely a RFC, so
please feel free to comment.
http://mehack.com/a-proposal-for-delegation-in-oauth-identity-v
On Feb 4, 6:33 pm, Raffi Krikorian wrote:
> i'll be posting our
The API is already kicking back a 401 when you try to use tokens that
have been revoked. But despite that, I'd prefer not to have to make
unnecessary API calls, and hope for the best that the 401 actually
means revoked tokens as opposed to the Twitter system stepping on its
own shoelaces, or my OAu
Could #1 be satisfied by an appropriate error message from the API
when you try to do something with an oAuth’d account?
Dewald, exactly, although I don't think it exists.
On Tue, Feb 9, 2010 at 1:39 PM, Dewald Pretorius wrote:
> So, Jesse, what you're looking for is the equivalent of
> http://twitter.com/username/status/nn, except a DM must be
> displayed, and it must only shown if the DM belongs to the logge
I think you are right about these issues. The third one you mentioned
I think should be fixed in the API:
- uploading a new background image via the API does not cause the
image to be displayed
I just filed this ticket:
http://code.google.com/p/twitter-api/issues/detail?id=1443
--
Kyle Mulka
Foun
How is it an invasion of privacy? Are you concerned that an app
developer will experience bouts of deep depression every time someone
removes his/her app, and fire up his chainsaw?
On Feb 9, 5:28 pm, John Meyer wrote:
> Is this really necessary? Unless you're web site does some sort of
> automat
1) On https://twitter.com/oauth/authorize, can you make it more clear
and evident what is the account you're logged into if you're already
logged in. At present it is hidden in the text. Will be better if it
is in a heading and you show the user's avatar as well. I know already
how many people are
Does the search functionality exist in REST API, which have on account based
rate limit? Or will I have see similar limitation if I use Rest api instead
search api?
App Engine has different datastore system and some other differences so it
is not so easy to migrate the app.
And also app engine is
Is this really necessary? Unless you're web site does some sort of
automated action when the user is there I would think this is a little
unnecessary (and somewhat an invasion of privacy).
On 2/9/2010 1:52 PM, Dewald Pretorius wrote:
Ryan,
Re 1)
It will probably work best if one can enter a
On Tue, Feb 9, 2010 at 3:31 PM, eco_bach wrote:
> Is Twitter Search API limited to past 7 days only?
>
Yes, search results are limited to seven days. See
http://apiwiki.twitter.com/Twitter-Search-API-Method%3A-search
--
-ed costello
Ryan,
Re 1)
It will probably work best if one can enter a separate URL where the
revoked callbacks must be sent. This will also require some type of
call authentication method, so that some joker can't figure out one's
callback URL and send you a bunch of fake revokes and cause you to
incorrectly
just FYI on Design
-- Forwarded message --
From:
>
Date: Tue, Feb 9, 2010 at 2:37 PM
Subject: [twitter-dev] Digest for
twitter-development-t...@googlegroups.com- 25 Messages in 8 Topics
To: Digest Recipients
>
Today's Topic Summary
Group: http://groups.google.com/group/twit
So, Jesse, what you're looking for is the equivalent of
http://twitter.com/username/status/nn, except a DM must be
displayed, and it must only shown if the DM belongs to the logged in
user (is in the user's inbox or sent items)?
On Feb 9, 12:11 am, Jesse Stay wrote:
> Michael, if I want to sh
Is anyone else also getting intermittent 404 errors on
https://twitter.com/oauth/authorize?
Hi
This is related to a previous post but since I haven't received any
response wanted to make a new post.
Is Twitter Search API limited to past 7 days only?
Or does it vary according to the actual hashtags, search terms used?
Chances are your signing if incorrect. You might want to check out this
existing OAuth library [1] for python.
Even if you don't use it, check out the source to see how it goes about
signing. I have used this library
with success. If you have any questions about it, I can probably help there.
Josh
We pushed fixes to the mobile OAuth page last night that should have fixed
the page on BlackBerry devices. Please let us know if you still see issues.
---Mark
http://twitter.com/mccv
On Sat, Feb 6, 2010 at 7:14 PM, Fabien Penso wrote:
> On Fri, Jan 29, 2010 at 4:20 PM, Ryan Sarver wrote:
Twitter no longer allows you to set the "source" attribute of updates any
more via basic authentication.
You must use OAuth authentication.
Josh
On Tue, Feb 9, 2010 at 9:29 AM, Sagar Tambe wrote:
> Can i use X-Twitter-Client header for adding status updates? I have
> tried a lot but its not wor
On the TODO list:
http://groups.google.com/group/twitter-development-talk/browse_thread/thread/515733c625904ed8/
Another reason to to screen scrape is that building an entire HTML page uses
a lot more resources then just returning XML/json.
On Tue, Feb 9, 2010 at 10:19, Orian Marx (@orian) wrote:
Pedro, where did I say it wasn't private?
Jesse
On Mon, Feb 8, 2010 at 7:11 PM, Pedro Junior wrote:
> *No way. DM is private.
> *
> -
> Pedro Junior
>
>
> 2010/2/8 Jesse Stay
>
> On Mon, Feb 8, 2010 at 6:09 PM, John Meyer wrote:
>>
>>> On 2/8/2010 5:26 PM, Jesse Stay wrote:
>>>
I'm tryin
Agree that scrapping is a bad idea. The question is, why has this
particular piece of data (list counts) been available on twitter.com
since the lists rollout but exists nowhere in the API. It seems like
an oversight, which is why developers are trying to be helpful by
logging issues in the issue t
Why can't you just use
http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-GET-list-memberships
to get the lists the user is listed on...and just do a counter as you
go through them? It might require a few extra service calls, but at
the moment that seems like the most 'appropriate' way to deter
> Why would my IP get banned - the API allows developers to retrieve
> almost every piece of data from user's twitter profiles so developers
> don't need to scrape. I think if it's a closed site and they want to
> protect content, then I can understand IP banning but if it's an open
> system like T
Why would my IP get banned - the API allows developers to retrieve
almost every piece of data from user's twitter profiles so developers
don't need to scrape. I think if it's a closed site and they want to
protect content, then I can understand IP banning but if it's an open
system like Twitter, I
> Why don't you just simply retrieve the HTML for the user's twitter
> profile page and look for id="lists_count" and just grab the number
> in this tag. That's what I'm doing now. Of course, Twitter could
> change the HTML on this page but they probably won't do it often.
Screen scraping is an e
Why don't you just simply retrieve the HTML for the user's twitter
profile page and look for id="lists_count" and just grab the number
in this tag. That's what I'm doing now. Of course, Twitter could
change the HTML on this page but they probably won't do it often.
Quy
On Feb 9, 9:20 am, "Orian
I check this topic about 10 times a day hoping for an update. To say I'm
excited about this, doesn't really come close. I have my code prepped and
ready for whenever this lands.
But I think we can all wait Raffi to get better. Health trumps all things.
And rightly so.
@raffi Take it easy.
> Raffi, has walking pneumonia so we're giving him a few days slack time and
> we're afraid of what he would write while on meds :)
D'oh. Raffi, get well soon!
--
personal: http://www.cameronkaiser.com/ --
Cameron Kaiser * Floodgap Systems * www.floodgap.co
Raffi, has walking pneumonia so we're giving him a few days slack time and
we're afraid of what he would write while on meds :)
On Tue, Feb 9, 2010 at 8:48 AM, Raffi Krikorian wrote:
> in progress :P
>
>
> On Tue, Feb 9, 2010 at 12:18 AM, mynetx wrote:
>
>> And where’s the announced post by Raf
Dewald,
1) good idea
2) also a good idea
3) tons :)
On Tue, Feb 9, 2010 at 5:28 AM, Dewald Pretorius wrote:
> Two additions to OAuth that will be very helpful:
>
> 1) When a user removes the application from their connections, Twitter
> should make a callback to my system so that I can delete t
All traffic coming from Google App engine appears as the same IP address. We
cannot whitelist this IP, as we'd be instantly flooded with abuse from GAE.
Shared infrastructure hosting is often inappropriate for interacting with
non-authenticated web services due to this intractable abuse conundrum.
On 2/9/2010 10:03 AM, ryan alford wrote:
So you are saying that the user of a third party application must
register a completely new consumer key and consumer secret?
Again, you have your terminology wrong. They get a completely new set
of oAuth tokens. Same as the fact that every user of tw
This issue was first brought up Nov 10 on the issue tracker but of
course no response from the Twitter team.
http://code.google.com/p/twitter-api/issues/detail?id=1186
On Feb 8, 6:26 pm, waukesha_area wrote:
> Is it possible to get a count of how many lists a user belongs to?
> I am able to get
Thought I'd chime in here and add my support for Phrirehose - Fenn,
nice work!
We just did our first test-run with Phirehose on Sunday to track all
of the traffic related to Super Bowl ads. At peak, it was pulling a
consistent 120 tweets/sec with ease. We were only limited by our
account's rate-l
So you are saying that the user of a third party application must register a
completely new consumer key and consumer secret?
So when TweetDeck goes to OAuth, every user will create their own consumer
key and consumer secret, therefore, having 10s of thousands of "TweetDeck"
applications registere
in fact, it shouldn't be that much more effort - just use an appropriate
library for your platform.
On Tue, Feb 9, 2010 at 8:53 AM, John Meyer wrote:
> On 2/9/2010 8:09 AM, _Bensn wrote:
>
>> @ John Meyer - thanks for editing my post with the url.
>> Is it right, every user who wants to use our
On 2/9/2010 8:09 AM, _Bensn wrote:
@ John Meyer - thanks for editing my post with the url.
Is it right, every user who wants to use our application must at first
register the application?
Yeah. It might be construed as more effort than a basic authentication,
but I don't believe it is that o
in progress :P
On Tue, Feb 9, 2010 at 12:18 AM, mynetx wrote:
> And where’s the announced post by Raffi?
>
>
> http://groups.google.com/group/twitter-development-talk/msg/56cd59f6d5a57db9
>
> On Feb 8, 6:39 pm, Dewald Pretorius wrote:
> > The info you're looking for is in this thread:
> >
> > h
@ John Meyer - thanks for editing my post with the url.
Is it right, every user who wants to use our application must at first
register the application?
On 9 Feb., 11:24, _Bensn wrote:
> Where can they create there own keys? here -https://twitter.com/apps/new
> ?
>
> On 8 Feb., 18:55, John Meyer
Can i use X-Twitter-Client header for adding status updates? I have
tried a lot but its not working. I have sent a source parameter in
post body as well as array('X-Twitter-Client'=>'Justmeans','X-Twitter-
Client-Version'=>'1.1','X-Twitter-Client-URL'=>'http://
www.justmeans.com').
Is there any mi
Yes it does seem backwards. I made my statement because the link he gave
was for application consumer keys, not the OAuth tokens.
Ryan
Sent from my DROID
On Feb 9, 2010 11:27 AM, "John Meyer" wrote:
On 2/9/2010 9:20 AM, ryan alford wrote:
> >
> > Your users should not be required to get thei
On 2/9/2010 9:20 AM, ryan alford wrote:
Your users should not be required to get their own consumer key and
consumer secret.
Ryan
Sent from my DROID
On Feb 9, 2010 10:04 AM, "_Bensn" mailto:benjaminroh...@t-online.de>> wrote:
Where can they create there own keys? here - https://twitter.com/a
Your users should not be required to get their own consumer key and consumer
secret.
Ryan
Sent from my DROID
On Feb 9, 2010 10:04 AM, "_Bensn" wrote:
Where can they create there own keys? here - https://twitter.com/apps/new
?
On 8 Feb., 18:55, John Meyer wrote:
> On 2/8/2010 7:25 AM, _Bens
On Tue, Feb 9, 2010 at 10:26 AM, John Meyer wrote:
> On 2/9/2010 3:57 AM, Thomas wrote:
>>
>> Hello,
>>
>> still no OAuth solution for softwares (not web apps) ?
>>
>
>
> There is oAuth for desktop and mobile software.
>
> http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-oauth-authorize
>
> Y
On 2/9/2010 3:57 AM, Thomas wrote:
Hello,
still no OAuth solution for softwares (not web apps) ?
There is oAuth for desktop and mobile software.
http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-oauth-authorize
You may not like the fact that you have to integrate a web page, but it
is
When I try to use OAuth to authorization, I receive a response "401
Unauthorized".
Here is source code.
http://bokenasu.dyndns.org/repos/ktoa.py
(I using RequestToken and TokenStorage class.)
What's the problem? Please show me why authorization fails.
Hi;
I have just launched a web site that uses twitter search api.
I deployed it to Google app engine
But there is a problem.
I take "You have been rate limited. Enhance your calm." in some of my
requests.
It is impossible to exceed rate limits because I have just launched the app,
so there is no t
Hello,
still no OAuth solution for softwares (not web apps) ?
Where can they create there own keys? here - https://twitter.com/apps/new
?
On 8 Feb., 18:55, John Meyer wrote:
> On 2/8/2010 7:25 AM, _Bensn wrote:
>
> > Hi there,
>
> > is it possible to develope a twitter application which uses oauth and
> > it can be used by more different users without that
Hm... that's bad, very bad! why is it not possible, the users download
our application, login with there twitter account, and it works?
(with.. from my app parameter).
is it possible, to get a explicit source parameter?
On 8 Feb., 18:55, John Meyer wrote:
> On 2/8/2010 7:25 AM, _Bensn wrote:
>
>
And where’s the announced post by Raffi?
http://groups.google.com/group/twitter-development-talk/msg/56cd59f6d5a57db9
On Feb 8, 6:39 pm, Dewald Pretorius wrote:
> The info you're looking for is in this thread:
>
> http://groups.google.com/group/twitter-development-talk/browse_thread...
>
> On Fe
*No way. DM is private.
*
-
Pedro Junior
2010/2/8 Jesse Stay
> On Mon, Feb 8, 2010 at 6:09 PM, John Meyer wrote:
>
>> On 2/8/2010 5:26 PM, Jesse Stay wrote:
>>
>>> I'm trying to find a format that allows me to link directly to
>>> individual DMs on Twitter - is this possible? Googling isn't f
Okay, thanks anyway!
On Feb 8, 9:52 pm, Abraham Williams <4bra...@gmail.com> wrote:
> http://twitter.com/?status=test&source=tweetie
>
> It only works for old source parameters though. New ones from OAuth
> applications will not work.
>
> Abraham
>
> On Mon, Feb 8, 2010 at 10:42, Jamie McElwain wr
Hi
What is the earliest search date?
If I use this date, do I need to remove any date limited search
parameters from my query string, such as filter and lang to avoid
getting an error?
Two additions to OAuth that will be very helpful:
1) When a user removes the application from their connections, Twitter
should make a callback to my system so that I can delete the account
from my DB.
2) There should be a call my system can make to remove the app from
the user's connections, ty
76 matches
Mail list logo