Re: [twitter-dev] Re: one application authentication
On Mon, Apr 26, 2010 at 1:50 PM, Ken k...@cimas.ch wrote: For security reasons this service should be left to Twitter, but a third party could deliver the same tokens if provided with the app's Consumer key and secret. A bit messy though - need to change the requesting app's callback URL - but it's doable. Is someone already doing this? Would that violate ToS? Just FYI, I am working on a similar concept. Waiting for clarifications from Twitter before releasing it publicly. -- Harshad RJ http://hrj.wikidot.com -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
[twitter-dev] xhr2 and cross domain Ajax requests
Is there any thoughts towards setting the following header on the Twitter API server: Access-Control-Allow-Origin: * For those of us developers working with web technology in closed environments (such as PhoneGap) we can use XHR controlled requests to Twitter - i.e. we can read headers (like the X-RateLimit-Remaining), abort requests, handler timeouts and handle the all important fail whale coming back instead of a JSON response saying it's failed. Such a small change would open up using the web to access the API. What do you think? - Remy. -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
[twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse
Raffi, One solution, which I know won't win the popularity prize, is for Twitter to relax its XAuth restrictions and allow web apps to use full OAuth and/or XAuth, depending on what works best for them. In my case, I will still use full OAuth because it's so much better than dealing with Twitter credential issues. But, I will add a small link below the Twitter authorize button on my site that says something like, Can't get to Twitter.com? which then leads to a username- password entry form, and then triggers an XAuth authorization. On Apr 26, 12:34 am, Raffi Krikorian ra...@twitter.com wrote: before this gets out of hand - i, personally, am very sensitive to these issues. i've been spending some brain power trying to come up with a solution. if people have suggestions, then please feel free to reach out to me personally and off list. On Sun, Apr 25, 2010 at 7:54 PM, Ron B rbther...@gmail.com wrote: China's policy didn't just recently change, Twitter's did. So it is Twitter telling us that we may not be able to support China and other firewall blocked countries any longer. It is, after all, within Twitter's power to continue to support Basic Auth. It is their conscious decision not to, despite the significant negative ramifications being brought to their attention. In an earlier comment from Twitter: twitter.com is trying to drive people to understand and discover what's going on in the world. No one in the world needs to understand and discover what's going on more than the people of these communist-block countries that otherwise see only what their governments allow them to see. It is unfortunate that Twitter plans to turn their back on them. Then again, what's a billion people here or there?... On Apr 25, 9:04 pm, Abraham Williams 4bra...@gmail.com wrote: It is not twitter telling you it is China. -- Little androids dreaming of Nexus Ones compiled this text. On Apr 25, 2010 6:53 PM, Dewald Pretorius dpr...@gmail.com wrote: Raffi, We really need a resolution for this issue before Basic Auth is deprecated. It sounds as if Twitter is telling developers of web apps that they cannot provide service to Chinese users, and other users behind firewalls that block access to twitter.com. But that can't be right, can it? On Apr 25, 4:49 am, jaronbarends jaronbare...@gmail.com wrote: I moved my web based app from ba... This issue has discussed in this group before here: https://groups.google.com/group/twitter-development-talk/browse_threa... Being a frontend developer, I may have misunderstood the outcome of that discussion (I certain... -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en -- Raffi Krikorian Twitter Platform Teamhttp://twitter.com/raffi
Re: [twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse
One solution, which I know won't win the popularity prize, is for Twitter to relax its XAuth restrictions and allow web apps to use full OAuth and/or XAuth, depending on what works best for them. In my case, I will still use full OAuth because it's so much better than dealing with Twitter credential issues. But, I will add a small link below the Twitter authorize button on my site that says something like, Can't get to Twitter.com? which then leads to a username- password entry form, and then triggers an XAuth authorization. unfortunately, this defeats the purpose of oauth :( http://mehack.com/xauth-and-perhaps-the-need-for-socializing-ap -- Raffi Krikorian Twitter Platform Team http://twitter.com/raffi -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
[twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse
In fact, you could set a threshold per consumer key that you can vary. In other words, you can then allow a higher percentage XAuth (even 100%) to an app that caters largely to a Chinese market. And 0% or 10% to an app that caters largely to the USA market. On Apr 26, 9:43 am, Dewald Pretorius dpr...@gmail.com wrote: I know it's a compromise. But, it does serve the needs of a very large number of users. Maybe you could monitor the authentication profile of a web app. If it uses more XAuth than OAuth, then you know you need to contact the owner. Or, you can set an automated percentage threshold, such as XAuth authentications from a particular consumer key cannot exceed 25% of all authentications from that key. On Apr 26, 9:36 am, Raffi Krikorian ra...@twitter.com wrote: One solution, which I know won't win the popularity prize, is for Twitter to relax its XAuth restrictions and allow web apps to use full OAuth and/or XAuth, depending on what works best for them. In my case, I will still use full OAuth because it's so much better than dealing with Twitter credential issues. But, I will add a small link below the Twitter authorize button on my site that says something like, Can't get to Twitter.com? which then leads to a username- password entry form, and then triggers an XAuth authorization. unfortunately, this defeats the purpose of oauth :( http://mehack.com/xauth-and-perhaps-the-need-for-socializing-ap -- Raffi Krikorian Twitter Platform Teamhttp://twitter.com/raffi -- Subscription settings:http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
RE: [twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse
One solution, which I know won't win the popularity prize, is for Twitter to relax its XAuth restrictions and allow web apps to use full OAuth and/or XAuth, depending on what works best for them. In my case, I will still use full OAuth because it's so much better than dealing with Twitter credential issues. But, I will add a small link below the Twitter authorize button on my site that says something like, Can't get to Twitter.com? which then leads to a username- password entry form, and then triggers an XAuth authorization. unfortunately, this defeats the purpose of oauth :( http://mehack.com/xauth-and-perhaps-the-need-for-socializing-ap -- Raffi Krikorian Twitter Platform Team http://twitter.com/raffi But for a desktop client it doesn't really matter now does it? I'm still not buying it that oauth is going add any value for desktop clients with regards to password security. Basically you are now storing token in the desktop client instead of password. Same difference if you are worried about the end users pc getting hacked. Cheers, Dean -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] Weird @Anywhere issue when logging into Twitter
We know of some issues right now with redirection and authorization. We're working on untangling the big bag of Christmas lights. Hope to have things ship-shape soon. Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Sat, Apr 24, 2010 at 5:17 PM, Abraham Williams 4bra...@gmail.com wrote: Sounds similar to an issue with normal OAuth. 1) Not signed into Twitter visit http://twitteroauth.labs.poseurtech.com/. 2) Click on Sign in with Twitter but don't click Sign in once you are on twitter.com. 3) Open a new tab to twitter.com and sign in. You will end up back at http://twitteroauth.labs.poseurtech.com/. Abraham On Sat, Apr 24, 2010 at 10:13, YCBM youcannotb...@gmail.com wrote: Hi, Just started noticing something really weird. I have registered an @anywhere app. Now whenever I log into Twitter.com, I'm redirected to the callback url in the app with the following appended to the url: #?oauth_error_reason=not_authed But just to clarify, I can almost 100% reproduce this. If I visit my web site which has an @anywhere module (don't need to do anything or interact with it) and then visit twitter.com and login as normal. I am usually redirected back to my web site with the above url param appended to it. I've tested this on Windows 7 (FF and IE) and Mac OS X (Safari and FF) and can almost reproduce it 100% even with all cookies deleted beforehand. Anyone ever see this happen before? -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en -- Abraham Williams | Developer for hire | http://abrah.am @abraham | http://projects.abrah.am | http://blog.abrah.am This email is: [ ] shareable [x] ask first [ ] private.
[twitter-dev] Can direct messages and status messages have the same id?
Are the direct message ids and status message ids unique as a group? Can a direct message and a status message have the same id? -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
[twitter-dev] Streaming API OAuth
Can I somehow use the OAuth implementation in my client to use Streaming API without prompting for user password too? -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
RE: [twitter-dev] Weird @Anywhere issue when logging into Twitter
From: twitter-development-talk@googlegroups.com [mailto:twitter-development-t...@googlegroups.com] On Behalf Of Taylor Singletary Sent: Monday, April 26, 2010 10:00 AM To: twitter-development-talk@googlegroups.com Subject: Re: [twitter-dev] Weird @Anywhere issue when logging into Twitter We know of some issues right now with redirection and authorization. We're working on untangling the big bag of Christmas lights. Hope to have things ship-shape soon. Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod Lol - nice metaphor. Thanks for the update. Cheers, Dean -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] Streaming API OAuth
Hi Jumpa, OAuth isn't supported for the Streaming API yet. We'll let everyone know the appropriate new access methods when they're fully baked. Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Mon, Apr 26, 2010 at 3:17 AM, Jumpa giampa.ma...@gmail.com wrote: Can I somehow use the OAuth implementation in my client to use Streaming API without prompting for user password too? -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] Re: one application authentication
Obtaining a single access token for your application without necessarily implementing the entire OAuth dance shouldn't be too difficult -- there are many OAuth libraries that include command-line tools to acquire access tokens in this way. You could also use Twurl ( http://github.com/marcel/twurl ). My OAuth Dancer ( http://bit.ly/oauth-dancer ) tool also lets you do this through a server interface your run on your own machine. I don't recommend sharing your consumer key or secret to any third-party website to acquire this information, but using a tool locally on your own machine is likely the best method. I'll see if there's anything we can do about offering a give me /my/ access token access token secret for my application feature on dev.twitter.comto help with this. It'd then be as simple as porting those two pieces of information into whatever database, configuration file, or otherwise you would use to store the access token and access token secret. As with any of these kind of keys though, it wouldn't be appropriate to distribute access tokens of any kind with your software -- whether on github, in a desktop application, or in plaintext in a Javascript file. Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Mon, Apr 26, 2010 at 5:29 AM, Ken k...@cimas.ch wrote: With OAuthcalypse looming, there is an urgent need for your service. I doubt that every API user with a Twitter-spitter even knows about the deadline. If you can convince them of your benign intent, great. If you have thought of a way to make it pay, even better! On Apr 26, 10:26 am, Harshad RJ harshad...@gmail.com wrote: On Mon, Apr 26, 2010 at 1:50 PM, Ken k...@cimas.ch wrote: For security reasons this service should be left to Twitter, but a third party could deliver the same tokens if provided with the app's Consumer key and secret. A bit messy though - need to change the requesting app's callback URL - but it's doable. Is someone already doing this? Would that violate ToS? Just FYI, I am working on a similar concept. Waiting for clarifications from Twitter before releasing it publicly. -- Harshad RJhttp://hrj.wikidot.com -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
[twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse
@raffi thanks for your replies. I didn't mean to start a discussion about Twitter's policy here (although I can imagine some people would like to discuss it elsewhere). I'm mostly interested in finding a solution. @dean: I'm not sure I understand your suggestion about using oAuth for both the desktop and the web app. Did you mean letting the users allow access through the desktop app, then storing the username/token combination in a central database and using that database for the web app too? That wouldn't work for me since I do not have a desktop app, end I do not store anything in a database... On Apr 26, 5:34 am, Raffi Krikorian ra...@twitter.com wrote: before this gets out of hand - i, personally, am very sensitive to these issues. i've been spending some brain power trying to come up with a solution. if people have suggestions, then please feel free to reach out to me personally and off list. On Sun, Apr 25, 2010 at 7:54 PM, Ron B rbther...@gmail.com wrote: China's policy didn't just recently change, Twitter's did. So it is Twitter telling us that we may not be able to support China and other firewall blocked countries any longer. It is, after all, within Twitter's power to continue to support Basic Auth. It is their conscious decision not to, despite the significant negative ramifications being brought to their attention. In an earlier comment from Twitter: twitter.com is trying to drive people to understand and discover what's going on in the world. No one in the world needs to understand and discover what's going on more than the people of these communist-block countries that otherwise see only what their governments allow them to see. It is unfortunate that Twitter plans to turn their back on them. Then again, what's a billion people here or there?... On Apr 25, 9:04 pm, Abraham Williams 4bra...@gmail.com wrote: It is not twitter telling you it is China. -- Little androids dreaming of Nexus Ones compiled this text. On Apr 25, 2010 6:53 PM, Dewald Pretorius dpr...@gmail.com wrote: Raffi, We really need a resolution for this issue before Basic Auth is deprecated. It sounds as if Twitter is telling developers of web apps that they cannot provide service to Chinese users, and other users behind firewalls that block access to twitter.com. But that can't be right, can it? On Apr 25, 4:49 am, jaronbarends jaronbare...@gmail.com wrote: I moved my web based app from ba... This issue has discussed in this group before here: https://groups.google.com/group/twitter-development-talk/browse_threa... Being a frontend developer, I may have misunderstood the outcome of that discussion (I certain... -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en -- Raffi Krikorian Twitter Platform Teamhttp://twitter.com/raffi
RE: [twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse
-Original Message- From: twitter-development-talk@googlegroups.com [mailto:twitter-development-t...@googlegroups.com] On Behalf Of John Meyer Sent: Monday, April 26, 2010 10:48 AM To: twitter-development-talk@googlegroups.com Subject: Re: [twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse On 4/26/2010 8:43 AM, jaronbarends wrote: @raffi thanks for your replies. I didn't mean to start a discussion about Twitter's policy here (although I can imagine some people would like to discuss it elsewhere). I'm mostly interested in finding a solution. @dean: I'm not sure I understand your suggestion about using oAuth for both the desktop and the web app. Did you mean letting the users allow access through the desktop app, then storing the username/token combination in a central database and using that database for the web app too? That wouldn't work for me since I do not have a desktop app, end I do not store anything in a database... no I think he meant that you can use the oAuth for EITHER the desktop or the web. You wouldn't even need to store the username; just the token and the token_secret. And the database can be anything from an actual RDBMS to a text file stored on the server (although with the fact that almost every web host that you pay for provides at least MySQL and the fact that text files are notoriously insecure you should be thinking about upgrading). Yeh but John, who is going to install MySQL for a desktop client? You're still thinking webapps instead of desktop (yes I realize I'm in the minority here). Cheers, Dean -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse
On 4/26/2010 9:09 AM, Dean Collins wrote: -Original Message- From: twitter-development-talk@googlegroups.com [mailto:twitter-development-t...@googlegroups.com] On Behalf Of John Meyer Sent: Monday, April 26, 2010 10:48 AM To: twitter-development-talk@googlegroups.com Subject: Re: [twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse On 4/26/2010 8:43 AM, jaronbarends wrote: @raffi thanks for your replies. I didn't mean to start a discussion about Twitter's policy here (although I can imagine some people would like to discuss it elsewhere). I'm mostly interested in finding a solution. @dean: I'm not sure I understand your suggestion about using oAuth for both the desktop and the web app. Did you mean letting the users allow access through the desktop app, then storing the username/token combination in a central database and using that database for the web app too? That wouldn't work for me since I do not have a desktop app, end I do not store anything in a database... no I think he meant that you can use the oAuth for EITHER the desktop or the web. You wouldn't even need to store the username; just the token and the token_secret. And the database can be anything from an actual RDBMS to a text file stored on the server (although with the fact that almost every web host that you pay for provides at least MySQL and the fact that text files are notoriously insecure you should be thinking about upgrading). Yeh but John, who is going to install MySQL for a desktop client? You're still thinking webapps instead of desktop (yes I realize I'm in the minority here). Um, not jaron since he said he didn't have a desktop app. -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
[twitter-dev] Avatar change - JSON issue
Hi, I've noticed that if you change the avatar on twitter.com, the API returns the new one on the XML output... but on the JSON output, the URL is still the old one. It changes eventually, but it takes a few hours (or even days sometimes). I've read some older messages and the problem is quite old, but it seems Twitter did not fix it. Any chance of someone (from Twitter) taking a look? Most (mobile) apps use JSON (for obvious reasons), so using XML is not a choice. Thanks. -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] Avatar change - JSON issue
It's in the bug tracker, and on my list of stuff to look at. Caching in general is a high priority issue at the moment. ---Mark http://twitter.com/mccv On Mon, Apr 26, 2010 at 9:19 AM, Edi edi@gmail.com wrote: Hi, I've noticed that if you change the avatar on twitter.com, the API returns the new one on the XML output... but on the JSON output, the URL is still the old one. It changes eventually, but it takes a few hours (or even days sometimes). I've read some older messages and the problem is quite old, but it seems Twitter did not fix it. Any chance of someone (from Twitter) taking a look? Most (mobile) apps use JSON (for obvious reasons), so using XML is not a choice. Thanks. -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
[twitter-dev] @Anywhere on a specific object?
Is there a way to have twitter @Anywhere on any HTML element like a div or an img tag? I want to specify my twitter username too :) Thanks in advanced! -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
[twitter-dev] Re: How to show top 20 twiits of the day
If you mean the 20 most recent tweets from all users there's statuses/ public_timeline: http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-statuses-public_timeline Best Regards, Chris White On Apr 26, 6:55 am, millu milindsav...@gmail.com wrote: Hello friends I have one big problem, I have to show the Top most 20 twitts on my site just like twitter home page (not a user home page). so question is it possible to shows the recent top most 20 result using php and Twitter API ? -- Subscription settings:http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
[twitter-dev] Re: Permission denied ... to get property Window.jQuery from https://api.twitter.com.
I'm seeing this error too. Help would be appreciated. Thanks. On Apr 15, 5:53 am, T.Kitajima kitajimatom...@gmail.com wrote: Permission denied ... to get property Window.jQuery from https:// api.twitter.com. My script throws XSS error. It's against same origin policy. Can someone explain to me what to do? script src=http://platform.twitter.com/anywhere.js? id=Xv=1 type=text/javascript/script script type=text/javascript function onAnywhereLoad(twitter) { twitter.hovercards(); }; twttr.anywhere(onAnywhereLoad); /script Getting Startedhttp://dev.twitter.com/anywhere/begin -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
[twitter-dev] Re: local trends api trends/available not working
Hey Raffi, I see the status update at http://status.twitter.com/post/516695583/local-trends-disabled that local trends are slowly being restored. I see it on the web, any indication when it will return to the API? Thx, @mhp On Apr 18, 8:49 am, Raffi Krikorian ra...@twitter.com wrote: the error that we are returning is unfortunate, but --http://status.twitter.com/post/516695583/local-trends-disabled-- local trends have been temporarily disabled. On Sat, Apr 17, 2010 at 10:52 PM, rakf1 kris...@gmail.com wrote: local trends api trends/available is no longer working, it was working fine until recently. I'm using this in my iPhone app iTrends. Below is the API call and the response I'm getting. http://api.twitter.com/1/trends/available.json {request:/1/trends/available.json,error:Sorry, you do not have access to this endpoint.} I looked at the API documentation, it has not changed, it does not require any authentication. Any help is appreciated. -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en -- Raffi Krikorian Twitter Platform Teamhttp://twitter.com/raffi
[twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse
Hi Raffi, Not sure if I am following this correctly or not, but basically I have been developing a plugin for Textpattern for a while that uses basic authorisation to update a Twitter feed based on the username/password set for the plugin. Does this change mean that the user would now be temporarily passed back to Twitter before they would be authorised? I am hoping this isn't the case as it would make the plugin somewhat useless to the people using it. On Apr 24, 4:40 pm, Raffi Krikorian ra...@twitter.com wrote: hi all. you're going to be hearing a lot from me over the next 9 weeks. our plan is to turn off basic authorization on the API by june 30, 2010 -- developers will have to switch over to OAuth by that time. between now and then, there will be a *lot* of information coming along with tips on how to use OAuth Echo, xAuth, etc. we really want to make this transition as easy as we can for everybody. as always, please feel free to reach out to this group, or to @twitterapi directly. if you need help remembering the date -http://bit.ly/twcountdown . -- Raffi Krikorian Twitter Platform Teamhttp://twitter.com/raffi -- Subscription settings:http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
FW: #959889 Twitter Support: update on FW: [twitter-dev] Re: My applications were Suspended
Hmmm really? Breaks the rules by encouraging people to have more than one account - Please explain how/why? How is my app any different from any other successful twitter app? Bulkunfollow? Really? You still have to select every user to undelete manually - it's not like they just disappear if they don't follow you after 5 days or similar. Did you guys actually review the app? And yes I would have posted it to the helpdesk BUT you already deleted my ticket before I was able to log in again. Here we have proof that twitter intends to muscle developers with one throat to snap once oauth is in place. Be warned sheep. Cheers, Dean From: truebe [mailto:notifications-supp...@twitter.zendesk.com] Sent: Monday, April 26, 2010 1:23 PM To: Dean Collins Subject: #959889 Twitter Support: update on FW: [twitter-dev] Re: My applications were Suspended ## Please do not write below this line ## Ticket #959889: FW: [twitter-dev] Re: My applications were Suspended http://help.twitter.com/tickets/959889 truebe, Apr 26 10:22 am (PDT): Hello, As it stands your application is in violation of our Automation Rules (http://help.twitter.com/forums/10711/entries/76915) in regards to auto-following by keyword and bulk unfollowing. Moreover, it promotes serial account creation (for the purposes of auto-following) which is in violation of The Twitter Rules (http://help.twitter.com/forums/26257/entries/18311). As such if you were to register it for OAuth we would unfortunately have to deactivate its API access. However as you have until June 30th before Basic Authentication is deprecated this allows plenty of time to work with us to develop an application that will not violate our rules. Hope this helps. Regards, Brian API Policy Dean Collins, Apr 23 12:57 pm (PDT): Brian, I wasn't going to bother but seeing you seem such a reasonable guy on the list I'll ask. Is www.MyPostButler.com going to get killed once I develop oauth authentication for it? At the moment using basic auth you can only turn off users who use it inappropriately, but I'm guessing (and have stated on the list) this is the beginning of the end for all Twitter apps that blur the lines - so basically I'm thinking of killing development and releasing the source code freely or if you are taking a reasonable approach that guns dont kill people-people kill people then I'll go to the effort of incorporating oauth into it. Balls in your court. Cheers, Dean Collins www.Cognation.net -Original Message- From: twitter-development-talk@googlegroups.com [mailto:twitter-development-t...@googlegroups.com] On Behalf Of Brian Truebe Sent: Friday, April 23, 2010 3:29 PM To: Twitter Development Talk Subject: [twitter-dev] Re: My applications were Suspended Yes, the email that is sent out after an application is suspended does explain possible rule violations. This email is sent to the account that registered the application, so if you've registered an app with an auxiliary account not tied to an email address you check regularly then an app suspension may come as a rather unfortunate surprise. While there is no sandbox, we're very open to discussing any concerns an app developer may have while they develop their app. The best course of action is to read the rules first while developing. If you're still worried a feature you're developing may result in your users being suspended our your entire app being suspended then you can always email us at a...@twitter.com and we'll be happy to work with you to ensure the longevity of your application. I hope this helps. -Brian On Apr 23, 11:37 am, John Meyer john.l.me...@gmail.com wrote: On 4/23/2010 10:58 AM, Brian Truebe wrote: My name is Brian Truebe and I am on the API Policy team, when apps are suspended they are sent a notice as to how to contest the suspension, however this may have gotten lost in the tubes. Please email a...@twitter.com and let us know the app name and we'll see if we can sort this out. Sorry for the inconvenience. Regards, Brian One question: does the e-mail have an explanation about why the application was suspended in the first place (you mention how to contest the suspension but nothing about what the suspension is about). And is there some way to create a sandbox for suspended apps where they can re-test to see if they are in compliance with the rules before going out into the real world Twitterverse? -- Subscription settings:http://groups.google.com/group/twitter-development-talk/subscri be?hl=en -- Review the status of your request and add additional comments here: help.twitter.com/tickets/959889 This email is a service from Twitter Support
Re: [twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse
i don't know very much about textpattern, however, might @anywhere be a solution for this? On Mon, Apr 26, 2010 at 11:08 AM, monkeyninja andy1...@gmail.com wrote: Hi Raffi, Not sure if I am following this correctly or not, but basically I have been developing a plugin for Textpattern for a while that uses basic authorisation to update a Twitter feed based on the username/password set for the plugin. Does this change mean that the user would now be temporarily passed back to Twitter before they would be authorised? I am hoping this isn't the case as it would make the plugin somewhat useless to the people using it. On Apr 24, 4:40 pm, Raffi Krikorian ra...@twitter.com wrote: hi all. you're going to be hearing a lot from me over the next 9 weeks. our plan is to turn off basic authorization on the API by june 30, 2010 -- developers will have to switch over to OAuth by that time. between now and then, there will be a *lot* of information coming along with tips on how to use OAuth Echo, xAuth, etc. we really want to make this transition as easy as we can for everybody. as always, please feel free to reach out to this group, or to @twitterapi directly. if you need help remembering the date - http://bit.ly/twcountdown . -- Raffi Krikorian Twitter Platform Teamhttp://twitter.com/raffi -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en -- Raffi Krikorian Twitter Platform Team http://twitter.com/raffi
Re: [twitter-dev] Re: local trends api trends/available not working
hi mark. i just called the trends api manually myself ( http://api.twitter.com/1/trends/available.xml and http://api.twitter.com/1/trends/2367105.xml) and both seemed to work. On Mon, Apr 26, 2010 at 11:04 AM, Mark Pavlidis mark.pavli...@gmail.comwrote: Hey Raffi, I see the status update at http://status.twitter.com/post/516695583/local-trends-disabled that local trends are slowly being restored. I see it on the web, any indication when it will return to the API? Thx, @mhp On Apr 18, 8:49 am, Raffi Krikorian ra...@twitter.com wrote: the error that we are returning is unfortunate, but -- http://status.twitter.com/post/516695583/local-trends-disabled-- local trends have been temporarily disabled. On Sat, Apr 17, 2010 at 10:52 PM, rakf1 kris...@gmail.com wrote: local trends api trends/available is no longer working, it was working fine until recently. I'm using this in my iPhone app iTrends. Below is the API call and the response I'm getting. http://api.twitter.com/1/trends/available.json {request:/1/trends/available.json,error:Sorry, you do not have access to this endpoint.} I looked at the API documentation, it has not changed, it does not require any authentication. Any help is appreciated. -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en -- Raffi Krikorian Twitter Platform Teamhttp://twitter.com/raffi -- Raffi Krikorian Twitter Platform Team http://twitter.com/raffi
Re: FW: #959889 Twitter Support: update on FW: [twitter-dev] Re: My applications were Suspended
On 4/26/2010 12:04 PM, Dean Collins wrote: Hmmm really? Breaks the rules by encouraging people to have more than one account - Please explain how/why? How is my app any different from any other successful twitter app? Oh you're right. An app touted on its ability to make multi-fold calls over regular apps and broadcasting direct messages to all of your followers (which by the way, is a paradox) yet at the same time warning that it could shut down an IP in recordtime _if not used correctly_ is okey dokey. Here's a tip: if you don't want to get your apps shut down maybe you should make sure the app takes, oh, say at least a minute and a half for the user account to get shut down if not used properly. Just a thought. -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
[twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse
It's not in this documentation, which is the first thing I found: http://dev.twitter.com/pages/auth -ch On Apr 25, 1:40 pm, Abraham Williams 4bra...@gmail.com wrote: It is specified on the XAuth documentation. On Sun, Apr 25, 2010 at 13:39, Craig Hockenberry craig.hockenbe...@gmail.com wrote: No, I didn't ask for access. I guess that's the bug: there's no place during the signup process that tells you that you need to go through a manual process to get xAuth access... -ch On Apr 25, 1:29 pm, Raffi Krikorian ra...@twitter.com wrote: hi craig. have you gotten access to xAuth? applications are not, by default, given access to xAuth - if you e-mail a...@twitter.com with - your client token; and - a description of your application then we can grant it access. On Sun, Apr 25, 2010 at 1:22 PM, Craig Hockenberry craig.hockenbe...@gmail.com wrote: Hi Raffi! Is there a delay/verification after a new app is created? I just created a new app and am seeing problems getting the OAuth token with a xAuth HTTP request that looks like this: xAuth consumer key = N3fq77IdBT4qfglbcb4njg, consumer secret = REDACTED xAuth URL =https://api.twitter.com/oauth/access_token xAuth HTTP method = POST, shouldHandleCookies = NO, cachePolicy = NSURLRequestReloadIgnoringCacheData xAuth HTTP headers = { Content-Length = 78; Content-Type = application/x-www-form-urlencoded; } xAuth HTTP body = x_auth_mode=client_authx_auth_username=REDACTEDx_auth_password=REDACTED I get back a status code of 0 and a response of Failed to validate oauth signature and token. For an older application with different consumer information (key = 5CAYV1DR5uwhVRJDBrepw) but the same username and password), I get back a code of 200 and an empty response. If there is indeed a delay for this information to propagate, you need to let people know... -ch On Apr 24, 8:40 am, Raffi Krikorian ra...@twitter.com wrote: hi all. you're going to be hearing a lot from me over the next 9 weeks. our plan is to turn off basic authorization on the API by june 30, 2010 -- developers will have to switch over to OAuth by that time. between now and then, there will be a *lot* of information coming along with tips on how to use OAuth Echo, xAuth, etc. we really want to make this transition as easy as we can for everybody. as always, please feel free to reach out to this group, or to @twitterapi directly. if you need help remembering the date - http://bit.ly/twcountdown . -- Raffi Krikorian Twitter Platform Teamhttp://twitter.com/raffi -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en -- Raffi Krikorian Twitter Platform Teamhttp://twitter.com/raffi -- Abraham Williams | Developer for hire |http://abrah.am @abraham |http://projects.abrah.am|http://blog.abrah.am This email is: [ ] shareable [x] ask first [ ] private.
[twitter-dev] xAuth Approval?
I recently submitted a request for xAuth approval for a mobile app. I was wondering if anyone knows roughly how long it takes for approval. Thanks! -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] RE: FW Twitter Support
On 4/26/10 2:51 PM, John Meyer wrote: On 4/26/2010 12:43 PM, Dean Collins wrote: [...] If Twitter decide that they will never allow the app to be approved for use under the current brand then I'll just opensource the app and make it free for anyone to use and download and everyone can get access to register for their own oauth application process. Basically twitter will have to sort through the 10,000 api applications to work out which ones are and aren't using my code. I don't know about raffi, but that sounds pretty much like a threat to me. It's the sound of yet another exasperated developer who is getting tired of trying to guess what Twitter is and isn't going to allow today ... or tomorrow ... or a week from now ... etc., ad nauseum. Rather than let useful software die, developers would rather give it away for free. That's not a threat - that's something Twitter is encouraging developers to do. Probably so that they don't have to pay to acquire software, but instead just take it from the open source community. Dean: If you do release code open source, perhaps you should use a non-Twitter OSI-style license that prohibits any current or former Twitter employee or Twitter itself from using the code, its runtime executables, etc. You could call it the No-Twitter Almost Open Source License ... -- Dossy Shiobara | do...@panoptic.com | http://dossy.org/ Panoptic Computer Network | http://panoptic.com/ He realized the fastest way to change is to laugh at your own folly -- then you can let go and quickly move on. (p. 70) -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] RE: FW Twitter Support
On 4/26/2010 1:18 PM, Andrew Badera wrote: Though I've disagreed with Dean's use and means of promoting of his app since Day One, I hardly think his message rises to the level of threat. I think there's enough misinformation, disinformation, irritation and anger floating around this list these days that the last thing anyone needs is gratuitous drama, particularly on behalf of someone NOT employed by Twitter and NOT directly addressed by Dean's communication and possible intent of said communication. Here's what I saw it boil down to: Dean saying that if Twitter doesn't like his application and won't approve it because they think that it's spamming or churning, he'll just open source it let others try to whitelist his app under their name. I doubt it will work (unless Dean thinks that they're going after him personally I don't see how others will get approved on the same app just because the name's changed), but it's almost like you'll whitelist this app one way or another. Your choice. -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] xAuth Approval?
it should be on the order of days (hopefully less - depends on our backlog and our queue). On Mon, Apr 26, 2010 at 11:52 AM, Tony tony.ar...@gmail.com wrote: I recently submitted a request for xAuth approval for a mobile app. I was wondering if anyone knows roughly how long it takes for approval. Thanks! -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en -- Raffi Krikorian Twitter Platform Team http://twitter.com/raffi
Re: [twitter-dev] xAuth Approval?
a bit unsure - we're still working out what the appropriate terms for xauth should be. we just wanted it out there ASAP because of basic auth removal. I recently submitted a request for xAuth approval for a mobile app. I was wondering if anyone knows roughly how long it takes for approval. Thanks! On a larger note, is xAuth always going to be something that requires pre-approval? -- Raffi Krikorian Twitter Platform Team http://twitter.com/raffi -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] Re: [twitter-api-announce] User Streams Preview Open To All Developers
On 04/25/2010 08:40 PM, John Kalucki wrote: The user endpoint is very similar to the filter endpoint. We're tuning the parameters, but, yes, you can track and loc, just as on filter, but you can't follow. Duplicated JSON isn't really a big concern, but I'll look into what we can trim. The markup is rendered once for all receivers. If the rules fire, you get the same event as everyone else who is party to the event. There are also use cases beyond user streams that require completeness. -John Kalucki http://twitter.com/jkalucki Infrastructure, Twitter Inc. One more question about user streams: when @bob sends a tweet to @carol, I only see that tweet in the web application if I am following *both* @bob and @carol. Is the same true for user streams, or will I see the tweet if I'm only following @bob? -- M. Edward (Ed) Borasky borasky-research.net/m-edward-ed-borasky A mathematician is a device for turning coffee into theorems. ~ Paul Erdős -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] Re: [twitter-api-announce] User Streams Preview Open To All Developers
Currently we deliver these to user streams. We'll probably conditional them, default off, before we go to beta. On Mon, Apr 26, 2010 at 12:32 PM, M. Edward (Ed) Borasky zn...@comcast.net wrote: On 04/25/2010 08:40 PM, John Kalucki wrote: The user endpoint is very similar to the filter endpoint. We're tuning the parameters, but, yes, you can track and loc, just as on filter, but you can't follow. Duplicated JSON isn't really a big concern, but I'll look into what we can trim. The markup is rendered once for all receivers. If the rules fire, you get the same event as everyone else who is party to the event. There are also use cases beyond user streams that require completeness. -John Kalucki http://twitter.com/jkalucki Infrastructure, Twitter Inc. One more question about user streams: when @bob sends a tweet to @carol, I only see that tweet in the web application if I am following *both* @bob and @carol. Is the same true for user streams, or will I see the tweet if I'm only following @bob? -- M. Edward (Ed) Borasky borasky-research.net/m-edward-ed-borasky A mathematician is a device for turning coffee into theorems. ~ Paul Erdős -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
RE: [twitter-dev] RE: FW Twitter Support
John, Nope, Dossy is pretty much on the money, I don't care about the money and I'd prefer to see people using it rather than let it die. Basically I'm a little over twitter and their amateur approaches to certain things. I'd be the first person lining up to pay my $20 a month or whatever for real commercial accounts with real support one on one support contacts 9eg something goes wrong you call the person you dealt with alst time so as not to explain everything again).. At the end of the day I think this oauth is a ballsup, why change now when 2.0 is around the corner. Why change now when you just found out everyone in china is going to be cut off. Basically I'm exiting the twitter dance, last one out turn off the lights. I'm off to Friendster :) Cheers, Dean -Original Message- From: twitter-development-talk@googlegroups.com [mailto:twitter-development-t...@googlegroups.com] On Behalf Of John Meyer Sent: Monday, April 26, 2010 3:26 PM To: twitter-development-talk@googlegroups.com Subject: Re: [twitter-dev] RE: FW Twitter Support On 4/26/2010 1:18 PM, Andrew Badera wrote: Though I've disagreed with Dean's use and means of promoting of his app since Day One, I hardly think his message rises to the level of threat. I think there's enough misinformation, disinformation, irritation and anger floating around this list these days that the last thing anyone needs is gratuitous drama, particularly on behalf of someone NOT employed by Twitter and NOT directly addressed by Dean's communication and possible intent of said communication. Here's what I saw it boil down to: Dean saying that if Twitter doesn't like his application and won't approve it because they think that it's spamming or churning, he'll just open source it let others try to whitelist his app under their name. I doubt it will work (unless Dean thinks that they're going after him personally I don't see how others will get approved on the same app just because the name's changed), but it's almost like you'll whitelist this app one way or another. Your choice. -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
[twitter-dev] Re: xAuth Approval?
Thanks for the info Raffi. I'll give it another day or two before following up on the status. On Apr 26, 3:29 pm, Raffi Krikorian ra...@twitter.com wrote: it should be on the order of days (hopefully less - depends on our backlog and our queue). On Mon, Apr 26, 2010 at 11:52 AM, Tony tony.ar...@gmail.com wrote: I recently submitted a request for xAuth approval for a mobile app. I was wondering if anyone knows roughly how long it takes for approval. Thanks! -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en -- Raffi Krikorian Twitter Platform Teamhttp://twitter.com/raffi
[twitter-dev] detecting hashtag spam
This is not necessarily a topic for dev group, but as a member, I am asking for help since this could spur the development of better algorithms for spam detection. Is there a faster way of reporting an automated hashtag spammer other than the report spam link on the users page? About 10 of us have reported an account and after weeks there is still no action from Twitter. You'll see what I mean .. http://search.twitter.com/search?q=#dottel this causes all the useful information related to a topic to disappear in the history. Mark -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] xAuth Approval?
just to be clear - what xAuth is used for is to do a username/password exchange for an oauth access token / secret (for a given application). from then on out, that access token and secret is used to sign all requests in an oauth manner. On Mon, Apr 26, 2010 at 12:48 PM, John Meyer john.l.me...@gmail.com wrote: On 4/26/2010 1:30 PM, Raffi Krikorian wrote: a bit unsure - we're still working out what the appropriate terms for xauth should be. we just wanted it out there ASAP because of basic auth removal. Is there anything that you can do with xAuth that you can't do with oAuth? If not I would think the only possible additions would be don't store the password. -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en -- Raffi Krikorian Twitter Platform Team http://twitter.com/raffi
Re: [twitter-dev] status sent with the text follow x returns latest tweet from usertimeline
this is a list of all the commands that are supported - http://help.twitter.com/forums/59008/entries/14020-the-official-twitter-text-commands. all sms commands are also available in status/update. On Mon, Apr 26, 2010 at 12:51 PM, srikanth reddy srikanth.yara...@gmail.com wrote: Hi One of the users of my app has asked for this. I have made a quick test here http://dev.twitter.com/console for POST /1 statuses/update with 'status' param value as follow betavine. The response iam getting is the latest entry from my usertimeline.(and i now follow betavine because of this command) My app just displays the response text in recent tab results if the response status is 200.The same way you do it from web interface.Problem is this is not a recent tweet (months old) but appears in recent tab. Should the app check for the commands like these before sending? Or shouldn't the response be different? (as we have a different endpoint for this 'follow' command). If app has to check such commands where do i get info about all the possible commands. iam using https://api.twitter.com/1/statuses/update.json. Any comments? Thanks Srikanth -- Raffi Krikorian Twitter Platform Team http://twitter.com/raffi -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] RE: FW Twitter Support
On 4/26/2010 1:37 PM, Dean Collins wrote: John, Nope, Dossy is pretty much on the money, I don't care about the money and I'd prefer to see people using it rather than let it die. Basically I'm a little over twitter and their amateur approaches to certain things. I'd be the first person lining up to pay my $20 a month or whatever for real commercial accounts with real support one on one support contacts 9eg something goes wrong you call the person you dealt with alst time so as not to explain everything again).. you'll get no arguments that the support needs to be improved just a little. The fact that I'm shocked that you even got an explanation shows me just how much work needs to be done. But let's look at the site promoting your program, which I think you're promoting through http://www.mypostbutler.com/ . According to what you posted, one of the reasons your app got denied because of bulk unfollowing. Well, on your site you use the words Bulk unfollow users. You may have explained it in your message, but you did not add an explanation to the fact that you have to manually check their names in order to undelete. And then there's your first paragraph: Do You understand the difference between a web based Twitter tool that can make 150 API calls an hour for a single Twitter account and a dedicated Twitter .Net application running directly on your computer that can make 20,000 API calls an hour across multiple accounts? Ignoring the fact that this paragraphs hits people over the head with the difference between 150 and 2 (aka a beigelist and a whitelist), it dosen't make sense. Why woulddn't a web site built upon twitter not whitelist their own ip address particularly if they have multiple twitter accounts? And you also mentioned MLM schemes closeby, if only in the negative. Who exactly is buying your product that you need to mention that? Maybe this will do nothing, but I'd frame that into a legal (according to twitter's rules) use. For instance, you might mention families who have multiple twitterers but only one IP address. Kinda frustrating to get on a computer after a sibling is hogging it only to realize that they have to wait an hour to tweet. -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
[twitter-dev] Re: detecting hashtag spam
Hello Raffi. The hashtag is #dottel and the culprit account is @teldomaintel (JLouisBiz ThetaBiz). He's been at it for a long time, stopped after we complained, then started up again in a different manner. We reported him for spam several times. The timeline for dottel is totally polluted with his self-serving crap. He runs some kind of automated feeder that is annoying the .tel community because no useless information can be found in dottel searches. Thx Mark -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
[twitter-dev] Re: detecting hashtag spam
correction to last post ... useless-useful .. He runs some kind of automated feeder that is annoying the .tel community because no useful information can be found in #dottel searches. -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] Twitter Background Image Update
this is in ruby, but it at least shows how to do this using oauth http://gist.github.com/279650 On Mon, Apr 26, 2010 at 2:25 PM, NASIR MANDAL nasir@gmail.com wrote: Hi , Any one know how to update twitter background image, Please write me with curl or autho by using php -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en -- Raffi Krikorian Twitter Platform Team http://twitter.com/raffi
Re: [twitter-dev] xAuth Approval?
On 4/26/2010 2:15 PM, Raffi Krikorian wrote: just to be clear - what xAuth is used for is to do a username/password exchange for an oauth access token / secret (for a given application). from then on out, that access token and secret is used to sign all requests in an oauth manner. So in other words if I'm reading this right, it allows the user program to exchange a username/password combo for the access token and secret rather than a pin or a redirect from a website in the case of desktop/mobile and website apps. Nothing else; you can't delete the account, change the password, etc without the username/pass. -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] xAuth Approval?
precisely. On Mon, Apr 26, 2010 at 2:41 PM, John Meyer john.l.me...@gmail.com wrote: On 4/26/2010 2:15 PM, Raffi Krikorian wrote: just to be clear - what xAuth is used for is to do a username/password exchange for an oauth access token / secret (for a given application). from then on out, that access token and secret is used to sign all requests in an oauth manner. So in other words if I'm reading this right, it allows the user program to exchange a username/password combo for the access token and secret rather than a pin or a redirect from a website in the case of desktop/mobile and website apps. Nothing else; you can't delete the account, change the password, etc without the username/pass. -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en -- Raffi Krikorian Twitter Platform Team http://twitter.com/raffi
[twitter-dev] Increasing 502/503 errors on Search API
I've charted the Search API over a few months... http://tweetprobe.tumblr.com/post/551639110 I'm concerned, Raffi :) -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] Increasing 502/503 errors on Search API
what are the units we're looking at? On Mon, Apr 26, 2010 at 2:52 PM, mikawhite mikawh...@me.com wrote: I've charted the Search API over a few months... http://tweetprobe.tumblr.com/post/551639110 I'm concerned, Raffi :) -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en -- Raffi Krikorian Twitter Platform Team http://twitter.com/raffi
Re: [twitter-dev] Re: detecting hashtag spam
On 4/26/2010 3:22 PM, kprobe wrote: Hello Raffi. The hashtag is #dottel and the culprit account is @teldomaintel (JLouisBiz ThetaBiz). He's been at it for a long time, stopped after we complained, then started up again in a different manner. We reported him for spam several times. The timeline for dottel is totally polluted with his self-serving crap. He runs some kind of automated feeder that is annoying the .tel community because no useless information can be found in dottel searches. Thx Mark Just one question, what's a different manner? Changing accounts, hashtags? -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
[twitter-dev] Re: Increasing 502/503 errors on Search API
Unit = an 'internal tweet' for each null/502/503 result from the Search API. -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
[twitter-dev] Re: detecting hashtag spam
Just one question, what's a different manner? Changing accounts, hashtags? Different account (might have been @Thetabiz), different style of content, same hashtag. But always automated and always repeating the same content after a while. -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] xAuth Approval?
honestly, i wouldn't plan on it. the spirit of oAuth is that the user's credentials never even pass through a web application. On Mon, Apr 26, 2010 at 3:02 PM, John Meyer john.l.me...@gmail.com wrote: On 4/26/2010 3:46 PM, Raffi Krikorian wrote: precisely. So is it a possibility that general xAuth will be available before Basic goes the way of the dodo? I'm not saying it's easier than oAuth but it would at least let developers use their interface and swap in the xAuth rather than having to plan for a web browser. -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en -- Raffi Krikorian Twitter Platform Team http://twitter.com/raffi
[twitter-dev] Re: detecting hashtag spam
To help the algorithms detect this type of hashtag spam, what he is doing is varying the content slightly, with different numbers of hashtags, and different goo.gl shortened links that loop back to twitter status messages and provide no content whatsoever. Appears to be an attempt to get lots of different links to his website via Google. -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] xAuth Approval?
On 4/26/2010 4:23 PM, Raffi Krikorian wrote: honestly, i wouldn't plan on it. the spirit of oAuth is that the user's credentials never even pass through a web application. Now I'm confused. Is xAuth going to be a method unto itself of authenticating for the long-term, or is this the way that you are trying to transition Basic users to oAuth through xAuth before Basic is shut down? If it's the latter, I don't know why you would even bother if oAuth is simpler than xAuth in the first place. -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] xAuth Approval?
let's step back. oAuth is the general framework that we want everybody to use. applications no longer have to store usernames and passwords, which is a good thing. normally, to get access tokens, applications send users through the oAuth workflow -- this means they bring up a webpage on twitter.com, enter username/password there, and then the oAuth tokens are handed back to the application. xAuth is a method for which to exchange usernames and passwords for those tokens, without send the user through the workflow. this is for two reasons: 1. mobile/desktop application authors have complained that it makes their UX fugly when they bring up a web browser (i'll hold my opinions on this); and 2. web applications that have been storing usernames and passwords need a method to bulk convert all their users over to oauth tokens. after that bulk conversion, web applications can send new users through the oAuth web workflow. does that clear things up? On Mon, Apr 26, 2010 at 3:46 PM, John Meyer john.l.me...@gmail.com wrote: On 4/26/2010 4:23 PM, Raffi Krikorian wrote: honestly, i wouldn't plan on it. the spirit of oAuth is that the user's credentials never even pass through a web application. Now I'm confused. Is xAuth going to be a method unto itself of authenticating for the long-term, or is this the way that you are trying to transition Basic users to oAuth through xAuth before Basic is shut down? If it's the latter, I don't know why you would even bother if oAuth is simpler than xAuth in the first place. -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en -- Raffi Krikorian Twitter Platform Team http://twitter.com/raffi
[twitter-dev] Re: xhr2 and cross domain Ajax requests
+1 On Apr 26, 5:01 am, Remy Sharp r...@leftlogic.com wrote: Is there any thoughts towards setting the following header on the Twitter API server: Access-Control-Allow-Origin: * For those of us developers working with web technology in closed environments (such as PhoneGap) we can use XHR controlled requests to Twitter - i.e. we can read headers (like the X-RateLimit-Remaining), abort requests, handler timeouts and handle the all important fail whale coming back instead of a JSON response saying it's failed. Such a small change would open up using the web to access the API. What do you think? - Remy. -- Subscription settings:http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] xAuth Approval?
On 4/26/2010 4:55 PM, Raffi Krikorian wrote: let's step back. oAuth is the general framework that we want everybody to use. applications no longer have to store usernames and passwords, which is a good thing. normally, to get access tokens, applications send users through the oAuth workflow -- this means they bring up a webpage on twitter.com http://twitter.com, enter username/password there, and then the oAuth tokens are handed back to the application. xAuth is a method for which to exchange usernames and passwords for those tokens, without send the user through the workflow. this is for two reasons: 1. mobile/desktop application authors have complained that it makes their UX fugly when they bring up a web browser (i'll hold my opinions on this); and 2. web applications that have been storing usernames and passwords need a method to bulk convert all their users over to oauth tokens. after that bulk conversion, web applications can send new users through the oAuth web workflow. does that clear things up? Ah, I get it. It's sort of like a batch converter. Still, requiring an oAuth signature _before_ you cocnvert seems a bit like putting the cart ahead of the horse. And first you mention mobile/desktop applications, then you say that after the bulk conversion, web applications can send new users. . ., What happened to the desktop/mobile apps? -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] Re: xhr2 and cross domain Ajax requests
As long as they keep this from affecting other non-API endpoints, +1 Other than that, it could be disastrous. -- André Luís On Tue, Apr 27, 2010 at 12:04 AM, rmanalan rich.manal...@gmail.com wrote: +1 On Apr 26, 5:01 am, Remy Sharp r...@leftlogic.com wrote: Is there any thoughts towards setting the following header on the Twitter API server: Access-Control-Allow-Origin: * For those of us developers working with web technology in closed environments (such as PhoneGap) we can use XHR controlled requests to Twitter - i.e. we can read headers (like the X-RateLimit-Remaining), abort requests, handler timeouts and handle the all important fail whale coming back instead of a JSON response saying it's failed. Such a small change would open up using the web to access the API. What do you think? - Remy. -- Subscription settings:http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
[twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse
I'm still not buying it that oauth is going add any value for desktop clients with regards to password security. Basically you are now storing token in the desktop client instead of password. The added security is that either your malicious app, or, say some trojan in the user's computer, cannot grab the token and get full user privileges. If you store password, they can log on, change the password and email on the account, and cause all other sorts of trouble. with oAuth, the damage is limited to one user/app combination, they cannot grab the token and change, say, the user's email address on file. (Looks like the user's email address is not exposed anywhere in the API, and that's a good thing.) The user can clearly see what apps have permission to act on their behalf, and can revoke access app-by-app, instead of having to change the password in all apps. A more practical example of improved security is that in the past, I have myself had instances where I have changed my twitter password, but forgot to change it in apps using basic auth. And apps are implemented crappily (OTHER people's apps, but never yours, right? ;) and do not check response when signing in and keep hammering the API with wrong password. End result - my account is locked out due to what looks like bruteforce hacking, and I need to go and reset it. Doable, but annoying. There are other benefits, but these two are very obvious and practical. Deprecating Basic Auth in favor of OAuth will be painful for both Twitter and lazy/bad developers (if you are a good developer, OAuth won't really bother you at all), but I commend Twitter for doing this. J -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] Re: [twitter-api-announce] User Streams Preview Open To All Developers
Thanks!! - Original Message - From: John Kalucki j...@twitter.com To: twitter-development-talk@googlegroups.com Sent: Monday, April 26, 2010 12:34:35 PM GMT -08:00 US/Canada Pacific Subject: Re: [twitter-dev] Re: [twitter-api-announce] User Streams Preview Open To All Developers Currently we deliver these to user streams. We'll probably conditional them, default off, before we go to beta. On Mon, Apr 26, 2010 at 12:32 PM, M. Edward (Ed) Borasky zn...@comcast.net wrote: On 04/25/2010 08:40 PM, John Kalucki wrote: The user endpoint is very similar to the filter endpoint. We're tuning the parameters, but, yes, you can track and loc, just as on filter, but you can't follow. Duplicated JSON isn't really a big concern, but I'll look into what we can trim. The markup is rendered once for all receivers. If the rules fire, you get the same event as everyone else who is party to the event. There are also use cases beyond user streams that require completeness. -John Kalucki http://twitter.com/jkalucki Infrastructure, Twitter Inc. One more question about user streams: when @bob sends a tweet to @carol, I only see that tweet in the web application if I am following *both* @bob and @carol. Is the same true for user streams, or will I see the tweet if I'm only following @bob? -- M. Edward (Ed) Borasky borasky-research.net/m-edward-ed-borasky A mathematician is a device for turning coffee into theorems. ~ Paul Erdős -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
[twitter-dev] Schedule for API call rate increases with oAuth?
What's the latest schedule for increasing the allowed API call rate for oAuth users? That seems to have been lost in the shuffle. Also, is there any advantage to xAuth over the desktop PIN oAuth scheme (for a desktop application)? I'm putting together a proposal and can't see any real advantage to it on the desktop, especially since I have the oAuth code done, thanks to Marc Mims' Net::Twitter. ;-) -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] Schedule for API call rate increases with oAuth?
What's the latest schedule for increasing the allowed API call rate for oAuth users? That seems to have been lost in the shuffle. unclear - we're actively working with our infrastructure and operations teams on capacity planning specifically so we can increase the rate limits. Also, is there any advantage to xAuth over the desktop PIN oAuth scheme (for a desktop application)? I'm putting together a proposal and can't see any real advantage to it on the desktop, especially since I have the oAuth code done, thanks to Marc Mims' Net::Twitter. ;-) personally, i would -love it-, if everybody just used the oauth web workflow so that none of you even see a user's username/password. that would make the web more secure. i'm even soliciting suggestions on what we could do to make the web workflow better. i understand, however, that the PIN workflow can be off putting for some users. so, implementing oAuth instead of xAuth would make me happy - but i doubt that's a motivation for most developers. -- Raffi Krikorian Twitter Platform Team http://twitter.com/raffi -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
[twitter-dev] .NET Code for the Streaming API
I've been working on a project that uses all .NET code to connect to the streaming api (HttpWebRequest native JSON parsing). Several people have already released code samples and many of the libraries have this functionality, but I needed to build my own app. There were enough issues along the way that I decided my code might help someone else to get started. If you have any comments or suggestions, please leave them on the blog post. http://www.voiceoftech.com/swhitley/?p=898 -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] Schedule for API call rate increases with oAuth?
Also, is there any advantage to xAuth over the desktop PIN oAuth scheme (for a desktop application)? There sure is for TTYtter. But that's not a typical desktop app. -- personal: http://www.cameronkaiser.com/ -- Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com -- 1-GHz Pentium-III + Java + XSLT == 1-MHz 6502. -- Craig Bruce -- -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] .NET Code for the Streaming API
Sweet Shannon, I have my own implementation, but I'd love to see someone else's. (TweetSharp didn't have one when I did mine.) I'll try to find time to take a look, thanks for publishing, I hadn't got around to publishing mine yet, too busy! ∞ Andy Badera ∞ +1 518-641-1280 Google Voice ∞ This email is: [ ] bloggable [x] ask first [ ] private ∞ Google me: http://www.google.com/search?q=andrew%20badera On Mon, Apr 26, 2010 at 8:10 PM, Shannon Whitley swhit...@whitleymedia.com wrote: I've been working on a project that uses all .NET code to connect to the streaming api (HttpWebRequest native JSON parsing). Several people have already released code samples and many of the libraries have this functionality, but I needed to build my own app. There were enough issues along the way that I decided my code might help someone else to get started. If you have any comments or suggestions, please leave them on the blog post. http://www.voiceoftech.com/swhitley/?p=898 -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] xAuth Approval?
xAuth is a method for which to exchange usernames and passwords for those tokens, without send the user through the workflow. this is for two reasons: 1. mobile/desktop application authors have complained that it makes their UX fugly when they bring up a web browser (i'll hold my opinions on this); and 2. web applications that have been storing usernames and passwords need a method to bulk convert all their users over to oauth tokens. and 3. Browserless environments. I'm pretty sure that was one of the initial motivators way back when the crud was flying. -- personal: http://www.cameronkaiser.com/ -- Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com -- If ignorance is bliss, shouldn't I be happier? - -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] Schedule for API call rate increases with oAuth?
What's the latest schedule for increasing the allowed API call rate for oAuth users? That seems to have been lost in the shuffle. unclear - we're actively working with our infrastructure and operations teams on capacity planning specifically so we can increase the rate limits. just to clarify, however - oauth calls on api.twitter.com get 350/hr, whereas basic auth calls get 150/hr. so, that's one increase already... -- Raffi Krikorian Twitter Platform Team http://twitter.com/raffi -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] Announcing Twurl: OAuth-enabled curl for the Twitter API
On Tue, Apr 20, 2010 at 3:13 PM, Marcel Molina mar...@twitter.com wrote: If you already have RubyGems (http://rubygems.org/), you can install it with the gem command: sudo gem i twurl --source http://rubygems.org After consulting with Raffi on another issue, I have registered an app and am trying to use Twurl to get the necessary keys/tokens/whatever. I've installed ruby, gems, etc, and install twurl via gem, but when I run it, I get the following: /usr/local/lib/ruby/gems/1.9.1/gems/twurl-0.6.1/lib/twurl/request_controller.rb:2:in `module:Twurl': uninitialized constant Twurl::AbstractCommandController (NameError) Am I missing another gem? Other ideas? Thank you, SwS -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
[twitter-dev] Re: Schedule for API call rate increases with oAuth?
Where end-user credentials are stored is entirely up to the end-user, as is who they choose to share the information with. OAuth does not and cannot address this, as it shouldn't - and neither should Twitter When a user types their username/password on the Twitter authorization screen, they are using someone's browser on someone's computer either of which could harbor malicious software that could capture what was typed, and are communicating these credentials over the open Internet using at best nothing more than the https basic auth uses. In addition, training users to become accustomed to providing their user credentials outside of their apps to requests made over the open Internet makes them a lot more susceptible to phishing attacks. How exactly is this then better security than basic auth? The only real advantage to using OAuth is more application access control and protected shared user access between application platforms. There are no real tangible advantages for the end-user. With basic auth, all an end-user had to do was tell the app their user credentials. With OAuth, they have to leave their app to tell Twitter, wait for Twitter to tell their app, and then return to their app to continue the process. At least with XAuth, the user can continue to tell their app their user credentials and have all this OAuth stuff handled behind the curtain for them. I understand the very compelling reasons why Twitter wants to convert to universal OAuth access. But let's quit spinning OAuth as this great new security enhancement technology that will benefit end- users It's not. It wasn't even meant to be. It was just meant to help the Twitters of the world communicate end-user information among each other without having to share their end-users' credentials. On Apr 26, 7:08 pm, Raffi Krikorian ra...@twitter.com wrote: What's the latest schedule for increasing the allowed API call rate for oAuth users? That seems to have been lost in the shuffle. unclear - we're actively working with our infrastructure and operations teams on capacity planning specifically so we can increase the rate limits. Also, is there any advantage to xAuth over the desktop PIN oAuth scheme (for a desktop application)? I'm putting together a proposal and can't see any real advantage to it on the desktop, especially since I have the oAuth code done, thanks to Marc Mims' Net::Twitter. ;-) personally, i would -love it-, if everybody just used the oauth web workflow so that none of you even see a user's username/password. that would make the web more secure. i'm even soliciting suggestions on what we could do to make the web workflow better. i understand, however, that the PIN workflow can be off putting for some users. so, implementing oAuth instead of xAuth would make me happy - but i doubt that's a motivation for most developers. -- Raffi Krikorian Twitter Platform Teamhttp://twitter.com/raffi -- Subscription settings:http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] Re: Schedule for API call rate increases with oAuth?
With a users twitter password, I can take over their account by changing email password. Can I do that with OAuth credentials? On Mon, Apr 26, 2010 at 7:43 PM, Ron B rbther...@gmail.com wrote: Where end-user credentials are stored is entirely up to the end-user, as is who they choose to share the information with. OAuth does not and cannot address this, as it shouldn't - and neither should Twitter When a user types their username/password on the Twitter authorization screen, they are using someone's browser on someone's computer either of which could harbor malicious software that could capture what was typed, and are communicating these credentials over the open Internet using at best nothing more than the https basic auth uses. In addition, training users to become accustomed to providing their user credentials outside of their apps to requests made over the open Internet makes them a lot more susceptible to phishing attacks. How exactly is this then better security than basic auth? The only real advantage to using OAuth is more application access control and protected shared user access between application platforms. There are no real tangible advantages for the end-user. With basic auth, all an end-user had to do was tell the app their user credentials. With OAuth, they have to leave their app to tell Twitter, wait for Twitter to tell their app, and then return to their app to continue the process. At least with XAuth, the user can continue to tell their app their user credentials and have all this OAuth stuff handled behind the curtain for them. I understand the very compelling reasons why Twitter wants to convert to universal OAuth access. But let's quit spinning OAuth as this great new security enhancement technology that will benefit end- users It's not. It wasn't even meant to be. It was just meant to help the Twitters of the world communicate end-user information among each other without having to share their end-users' credentials. On Apr 26, 7:08 pm, Raffi Krikorian ra...@twitter.com wrote: What's the latest schedule for increasing the allowed API call rate for oAuth users? That seems to have been lost in the shuffle. unclear - we're actively working with our infrastructure and operations teams on capacity planning specifically so we can increase the rate limits. Also, is there any advantage to xAuth over the desktop PIN oAuth scheme (for a desktop application)? I'm putting together a proposal and can't see any real advantage to it on the desktop, especially since I have the oAuth code done, thanks to Marc Mims' Net::Twitter. ;-) personally, i would -love it-, if everybody just used the oauth web workflow so that none of you even see a user's username/password. that would make the web more secure. i'm even soliciting suggestions on what we could do to make the web workflow better. i understand, however, that the PIN workflow can be off putting for some users. so, implementing oAuth instead of xAuth would make me happy - but i doubt that's a motivation for most developers. -- Raffi Krikorian Twitter Platform Teamhttp://twitter.com/raffi -- Subscription settings:http://groups.google.com/group/twitter-development-talk/subscribe?hl=en -- imby - in my back yard An Experiment in Local Professional Networking http://madison.imby.info/p/Philip.Crawford
Re: [twitter-dev] Re: Schedule for API call rate increases with oAuth?
You used to be able to change an accounts email address through the API but it looks like Twitter removed that feature so no. An OAuth application can not take over a users account. Abraham On Mon, Apr 26, 2010 at 17:49, philip crawford philipha...@gmail.comwrote: With a users twitter password, I can take over their account by changing email password. Can I do that with OAuth credentials? On Mon, Apr 26, 2010 at 7:43 PM, Ron B rbther...@gmail.com wrote: Where end-user credentials are stored is entirely up to the end-user, as is who they choose to share the information with. OAuth does not and cannot address this, as it shouldn't - and neither should Twitter When a user types their username/password on the Twitter authorization screen, they are using someone's browser on someone's computer either of which could harbor malicious software that could capture what was typed, and are communicating these credentials over the open Internet using at best nothing more than the https basic auth uses. In addition, training users to become accustomed to providing their user credentials outside of their apps to requests made over the open Internet makes them a lot more susceptible to phishing attacks. How exactly is this then better security than basic auth? The only real advantage to using OAuth is more application access control and protected shared user access between application platforms. There are no real tangible advantages for the end-user. With basic auth, all an end-user had to do was tell the app their user credentials. With OAuth, they have to leave their app to tell Twitter, wait for Twitter to tell their app, and then return to their app to continue the process. At least with XAuth, the user can continue to tell their app their user credentials and have all this OAuth stuff handled behind the curtain for them. I understand the very compelling reasons why Twitter wants to convert to universal OAuth access. But let's quit spinning OAuth as this great new security enhancement technology that will benefit end- users It's not. It wasn't even meant to be. It was just meant to help the Twitters of the world communicate end-user information among each other without having to share their end-users' credentials. On Apr 26, 7:08 pm, Raffi Krikorian ra...@twitter.com wrote: What's the latest schedule for increasing the allowed API call rate for oAuth users? That seems to have been lost in the shuffle. unclear - we're actively working with our infrastructure and operations teams on capacity planning specifically so we can increase the rate limits. Also, is there any advantage to xAuth over the desktop PIN oAuth scheme (for a desktop application)? I'm putting together a proposal and can't see any real advantage to it on the desktop, especially since I have the oAuth code done, thanks to Marc Mims' Net::Twitter. ;-) personally, i would -love it-, if everybody just used the oauth web workflow so that none of you even see a user's username/password. that would make the web more secure. i'm even soliciting suggestions on what we could do to make the web workflow better. i understand, however, that the PIN workflow can be off putting for some users. so, implementing oAuth instead of xAuth would make me happy - but i doubt that's a motivation for most developers. -- Raffi Krikorian Twitter Platform Teamhttp://twitter.com/raffi -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en -- imby - in my back yard An Experiment in Local Professional Networking http://madison.imby.info/p/Philip.Crawford -- Abraham Williams | Developer for hire | http://abrah.am @abraham | http://projects.abrah.am | http://blog.abrah.am This email is: [ ] shareable [x] ask first [ ] private.
[twitter-dev] Re: xauth error -1012
I have same error. Error: Error Domain=NSURLErrorDomain Code=-1012 UserInfo=0x42969d0 Operation could not be completed. (NSURLErrorDomain error -1012.) I will using XAuthTwitterEngineDemo I have approval But error may be source error.. Twitter Support Mail Thank you for your interest in xAuth. Your application now has the ability to use xAuth, and you can find out more about it here: http://dev.twitter.com/pages/auth . Are you Troubleshooting? -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] .NET Code for the Streaming API
Yes, I remember reading your post. I've seen a couple of other implementations, but they weren't quite what I needed. It'd be interesting to see your approach. On Mon, Apr 26, 2010 at 5:15 PM, Andrew Badera and...@badera.us wrote: Sweet Shannon, I have my own implementation, but I'd love to see someone else's. (TweetSharp didn't have one when I did mine.) I'll try to find time to take a look, thanks for publishing, I hadn't got around to publishing mine yet, too busy! ∞ Andy Badera ∞ +1 518-641-1280 Google Voice ∞ This email is: [ ] bloggable [x] ask first [ ] private ∞ Google me: http://www.google.com/search?q=andrew%20badera On Mon, Apr 26, 2010 at 8:10 PM, Shannon Whitley swhit...@whitleymedia.com wrote: I've been working on a project that uses all .NET code to connect to the streaming api (HttpWebRequest native JSON parsing). Several people have already released code samples and many of the libraries have this functionality, but I needed to build my own app. There were enough issues along the way that I decided my code might help someone else to get started. If you have any comments or suggestions, please leave them on the blog post. http://www.voiceoftech.com/swhitley/?p=898 -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] xAuth Approval?
On 04/26/2010 05:16 PM, Cameron Kaiser wrote: xAuth is a method for which to exchange usernames and passwords for those tokens, without send the user through the workflow. this is for two reasons: 1. mobile/desktop application authors have complained that it makes their UX fugly when they bring up a web browser (i'll hold my opinions on this); and 2. web applications that have been storing usernames and passwords need a method to bulk convert all their users over to oauth tokens. and 3. Browserless environments. I'm pretty sure that was one of the initial motivators way back when the crud was flying. Yeah ... but I *like* having the browser involved. -- M. Edward (Ed) Borasky borasky-research.net/m-edward-ed-borasky A mathematician is a device for turning coffee into theorems. ~ Paul Erdős -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] xAuth Approval?
xAuth is a method for which to exchange usernames and passwords for those tokens, without send the user through the workflow. this is for two reasons: 1. mobile/desktop application authors have complained that it makes their UX fugly when they bring up a web browser (i'll hold my opinions on this); and 2. web applications that have been storing usernames and passwords need a method to bulk convert all their users over to oauth tokens. and 3. Browserless environments. I'm pretty sure that was one of the initial motivators way back when the crud was flying. Yeah ... but I *like* having the browser involved. +1 ! -- Raffi Krikorian Twitter Platform Team http://twitter.com/raffi -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
[twitter-dev] Re: How to show top 20 twiits of the day
Hi, I'm using the Home and Public Timelines API in a web app. The Home Timeline permits to have a count of the tweets to retrieve and to paginate them, the Public not. So we have different list behaviours on the list based API. I think it could be a nice features for developers to have a similar behavior for pagination and count in all list-based api, instead of doing this client-side. Thanks, Loreto Parisi On 26 Apr, 19:17, Chris White chris.chriswh...@gmail.com wrote: If you mean the 20 most recent tweets from all users there's statuses/ public_timeline: http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-statuses-public... Best Regards, Chris White On Apr 26, 6:55 am, millu milindsav...@gmail.com wrote: Hello friends I have one big problem, I have to show the Top most 20 twitts on my site just like twitter home page (not a user home page). so question is it possible to shows the recent top most 20 result using php and Twitter API ? -- Subscription settings:http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] xAuth Approval?
and 3. Browserless environments. I'm pretty sure that was one of the initial motivators way back when the crud was flying. Yeah ... but I *like* having the browser involved. I'm so happy your world is so limited. -- personal: http://www.cameronkaiser.com/ -- Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com -- When people get acupuncture, do voodoo dolls die? -- -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
[twitter-dev] Re: Schedule for API call rate increases with oAuth?
So the more correct response would be that neither OAuth or Basic Auth can take over a user's account, since it is the API functionality that is the gating factor. So then you have to ask yourself, do you believe your user credentials are more secure when only you, your app, and Twitter will ever see them outside of a secure https connection, or do you believe they are more secure when you, your browser, the open Internet, and something that looks like a Twitter authorization page will see them - and a separate set of credentials (access token and token secret) will also allow access to the same account? On Apr 26, 8:30 pm, Abraham Williams 4bra...@gmail.com wrote: You used to be able to change an accounts email address through the API but it looks like Twitter removed that feature so no. An OAuth application can not take over a users account. Abraham On Mon, Apr 26, 2010 at 17:49, philip crawford philipha...@gmail.comwrote: With a users twitter password, I can take over their account by changing email password. Can I do that with OAuth credentials? On Mon, Apr 26, 2010 at 7:43 PM, Ron B rbther...@gmail.com wrote: Where end-user credentials are stored is entirely up to the end-user, as is who they choose to share the information with. OAuth does not and cannot address this, as it shouldn't - and neither should Twitter When a user types their username/password on the Twitter authorization screen, they are using someone's browser on someone's computer either of which could harbor malicious software that could capture what was typed, and are communicating these credentials over the open Internet using at best nothing more than the https basic auth uses. In addition, training users to become accustomed to providing their user credentials outside of their apps to requests made over the open Internet makes them a lot more susceptible to phishing attacks. How exactly is this then better security than basic auth? The only real advantage to using OAuth is more application access control and protected shared user access between application platforms. There are no real tangible advantages for the end-user. With basic auth, all an end-user had to do was tell the app their user credentials. With OAuth, they have to leave their app to tell Twitter, wait for Twitter to tell their app, and then return to their app to continue the process. At least with XAuth, the user can continue to tell their app their user credentials and have all this OAuth stuff handled behind the curtain for them. I understand the very compelling reasons why Twitter wants to convert to universal OAuth access. But let's quit spinning OAuth as this great new security enhancement technology that will benefit end- users It's not. It wasn't even meant to be. It was just meant to help the Twitters of the world communicate end-user information among each other without having to share their end-users' credentials. On Apr 26, 7:08 pm, Raffi Krikorian ra...@twitter.com wrote: What's the latest schedule for increasing the allowed API call rate for oAuth users? That seems to have been lost in the shuffle. unclear - we're actively working with our infrastructure and operations teams on capacity planning specifically so we can increase the rate limits. Also, is there any advantage to xAuth over the desktop PIN oAuth scheme (for a desktop application)? I'm putting together a proposal and can't see any real advantage to it on the desktop, especially since I have the oAuth code done, thanks to Marc Mims' Net::Twitter. ;-) personally, i would -love it-, if everybody just used the oauth web workflow so that none of you even see a user's username/password. that would make the web more secure. i'm even soliciting suggestions on what we could do to make the web workflow better. i understand, however, that the PIN workflow can be off putting for some users. so, implementing oAuth instead of xAuth would make me happy - but i doubt that's a motivation for most developers. -- Raffi Krikorian Twitter Platform Teamhttp://twitter.com/raffi -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en -- imby - in my back yard An Experiment in Local Professional Networking http://madison.imby.info/p/Philip.Crawford -- Abraham Williams | Developer for hire |http://abrah.am @abraham |http://projects.abrah.am|http://blog.abrah.am This email is: [ ] shareable [x] ask first [ ] private.
[twitter-dev] Re: xauth error -1012
Hi, I have same problem. Received approval from Twitter. But the same thing. Do you have solutions? On Apr 21, 5:13 am, sae twitp...@gmail.com wrote: Hi, I just set up my application forxauthand started testing. It keeps failing with error message: Error Domain=NSURLErrorDomain Code=-1012UserInfo=0x268d70 Operation could not be completed. (NSURLErrorDomain error -1012.) What is this error? Is anything wrong with my app setting, or my parameter may not be correct? Any clue will be really appreciated... Here is the copy of signature-base-string and authorization header, which all look ok to me: POSThttps%3A%2F%2Fapi.twitter.com%2Foauth %2Faccess_tokenoauth_consumer_key%3Dxx%26oauth_nonce %3D684B1D0C-4276-47BD-9A43-C31FDDD0DD8A%26oauth_signature_method %3DHMAC-SHA1%26oauth_timestamp%3D1271708678%26oauth_version %3D1.0%26x_auth_mode%3Dclient_auth%26x_auth_password%3Dxx %26x_auth_username%3Dy OAuth realm=\\, oauth_consumer_key=\\, oauth_signature_method=\HMAC-SHA1\, oauth_signature=\rg5s%2BW8wMxSx5MJt0wV3idqjriI%3D\, oauth_timestamp=\1271708678\, oauth_nonce=\684B1D0C-4276-47BD-9A43-C31FDDD0DD8A\, oauth_version=\1.0\; -- Subscription settings:http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
[twitter-dev] Re: Schedule for API call rate increases with oAuth?
I understand the very compelling reasons why Twitter wants to convert to universal OAuth access. But let's quit spinning OAuth as this great new security enhancement technology that will benefit end- users It's not. It wasn't even meant to be. It was just meant to help the Twitters of the world communicate end-user information among each other without having to share their end-users' credentials. You're working on a webapp to deal with twitter timelines. You store twitter usernames and passwords. For some reason or another your site gets hacked and all usernames and passwords are compromised. In a majority of cases, users have the same password setup for other accounts. The hackers do a username search to find the user in other places and try to retrieve their data there. To combat this and be totally sure, the user now has to remember all sites where they could have used that password and get it changed. Crap. Now let's see the oAuth version. Your site gets hacked. You reset the consumer key and secret. Tada, Hackers now have useless tokens. You get to the bottom of the hacking and explain to everyone what occured and whatever data was compromised. However, you don't have to tell them that their login information was compromised, which is a really nice thing. Will people be distrustful of your app? Yes, but the fallout is a lot less painful. -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
[twitter-dev] Re: Schedule for API call rate increases with oAuth?
Unless I'm wrong (it happens), I believe you can do everything the API offers with OAuth that you can currently do with basic auth. But even if that isn't true, preventing basic auth from allowing username/ password changes is a much more direct solution (and easier) than forcing an OAuth implementation to solve that issue. Anytime you enter your credentials, regardless of where, you open yourself to being snooped. I believe that is far less likely when communicating with YOUR app on YOUR computer, than it is via a browser over the open Internet to a 3rd party that may or may not be who you think it is... On Apr 26, 7:49 pm, philip crawford philipha...@gmail.com wrote: With a users twitter password, I can take over their account by changing email password. Can I do that with OAuth credentials? On Mon, Apr 26, 2010 at 7:43 PM, Ron B rbther...@gmail.com wrote: Where end-user credentials are stored is entirely up to the end-user, as is who they choose to share the information with. OAuth does not and cannot address this, as it shouldn't - and neither should Twitter When a user types their username/password on the Twitter authorization screen, they are using someone's browser on someone's computer either of which could harbor malicious software that could capture what was typed, and are communicating these credentials over the open Internet using at best nothing more than the https basic auth uses. In addition, training users to become accustomed to providing their user credentials outside of their apps to requests made over the open Internet makes them a lot more susceptible to phishing attacks. How exactly is this then better security than basic auth? The only real advantage to using OAuth is more application access control and protected shared user access between application platforms. There are no real tangible advantages for the end-user. With basic auth, all an end-user had to do was tell the app their user credentials. With OAuth, they have to leave their app to tell Twitter, wait for Twitter to tell their app, and then return to their app to continue the process. At least with XAuth, the user can continue to tell their app their user credentials and have all this OAuth stuff handled behind the curtain for them. I understand the very compelling reasons why Twitter wants to convert to universal OAuth access. But let's quit spinning OAuth as this great new security enhancement technology that will benefit end- users It's not. It wasn't even meant to be. It was just meant to help the Twitters of the world communicate end-user information among each other without having to share their end-users' credentials. On Apr 26, 7:08 pm, Raffi Krikorian ra...@twitter.com wrote: What's the latest schedule for increasing the allowed API call rate for oAuth users? That seems to have been lost in the shuffle. unclear - we're actively working with our infrastructure and operations teams on capacity planning specifically so we can increase the rate limits. Also, is there any advantage to xAuth over the desktop PIN oAuth scheme (for a desktop application)? I'm putting together a proposal and can't see any real advantage to it on the desktop, especially since I have the oAuth code done, thanks to Marc Mims' Net::Twitter. ;-) personally, i would -love it-, if everybody just used the oauth web workflow so that none of you even see a user's username/password. that would make the web more secure. i'm even soliciting suggestions on what we could do to make the web workflow better. i understand, however, that the PIN workflow can be off putting for some users. so, implementing oAuth instead of xAuth would make me happy - but i doubt that's a motivation for most developers. -- Raffi Krikorian Twitter Platform Teamhttp://twitter.com/raffi -- Subscription settings:http://groups.google.com/group/twitter-development-talk/subscribe?hl=en -- imby - in my back yard An Experiment in Local Professional Networkinghttp://madison.imby.info/p/Philip.Crawford