[twitter-dev] Why The Restrictions On DMs Are Bad For Users
I am the author of Quitter. Quitter is a desktop app for Windows. It runs in a Command window. The idea was to give folks access to Twitter without all of the graphical overhead of a web interface. Screenshot: http://www.josephcs.com/blog/wp-content/uploads/2010/01/quittermentions.jpg I am receiving a lot of emails from my users because Twitter revoked my application's access to direct messages. An example email is below: You must know that Quitter is the ONLY client that I can trust to read my tweets due to an internet connectivity issue, in my case I moved to a town called GAN GAN here in Argentina where people can only access the internet through dial-up 2G mobile technology and speed rate is 14kbps average! Well, its impossible to read any tweet using the Twitter webpage with this speed but Quitter works like a charm! This user and every other Quitter user like him has had their access to Direct Messages taken away for reasons that (like every other policy change Twitter makes) are obtuse, unclear and arbitrary. My client would keep these users -more- involved in the Twitter ecosystem, but now their access to it reduced. This isn't a business. I'm not in it the for the money. Quitter is a free and open source product that I wrote because I loved Twitter and thought it would be a neat client. I would be very grateful if someone from Twitter could explain the benefit of taking Direct Message access away from desktop clients. It makes no sense. -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk
[twitter-dev] Re: consistency and ecosystem opportunities
Wow. Thanks for getting so many people interested in Twitter. Now get lost. This is appalling. -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] How many people have authorized my application?
I used to be able to go to http://twitter.com/oauth_clients and see how many users have authorized my application. Twitter appears to have removed those numbers. Where can I go to find out how many people have authorized my application? Why was this information removed? -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] Re: TWITTER BANS 3rd PARTY ADVERTISING
The way this reads, you can't even have a WordPress blog that puts ads near a Twitter stream. Please correct me if I'm misinterpreting this. You're misinterpreting it. There's not a problem if you're displaying a Twitter feed on a page and there are ads -near- it. What is now forbidden is the injection of ads into the stream itself.
[twitter-dev] Re: Promoted Tweets and the API?
The lack of response to this is pretty discouraging. On 13 Apr, 05:28, Tim fabianh...@googlemail.com wrote: I've been looking around for information on how the new promoted tweets advertising feature will affect the API, and I've not really found anything. I gather that it's a two phase approach starting with search and then rolling out to timelines, but can anyone here clarify: (a) whether API responses will include promoted tweets, (b) whether these tweets will be identified as ads (c) whether third parties are 'obligated' to present them to users (d) whether there will be an API Terms of Use as a result -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
[twitter-dev] Re: Promoted Tweets and the API?
I'm curious about this myself. One of the first things end users are going to ask for is a way to block these ads from their timelines. Don't kid yourself; there's a reason why AdBlock is such a popular Firefox plugin. Secondary question: Is the first step towards paid Twitter accounts, where free users have to receive ads and paid users do not? Straight answers here would be appreciated. On 13 Apr, 05:28, Tim fabianh...@googlemail.com wrote: I've been looking around for information on how the new promoted tweets advertising feature will affect the API, and I've not really found anything. I gather that it's a two phase approach starting with search and then rolling out to timelines, but can anyone here clarify: (a) whether API responses will include promoted tweets, (b) whether these tweets will be identified as ads (c) whether third parties are 'obligated' to present them to users (d) whether there will be an API Terms of Use as a result
[twitter-dev] Re: 503 - Server Unavailable on User Search
Is there an ETA on when this transition will be completed? I'm still getting 503's on every attempt. On Feb 25, 10:04 pm, Raffi Krikorian ra...@twitter.com wrote: 503 is not an authentication error - 503 is a service is unavailable. we're in the process of transitioning our name search infrastructure, so please be prepared for a few 503s. On Thu, Feb 25, 2010 at 7:00 PM, Duane Roelands duane.roela...@gmail.comwrote: Getting steady 503 errors when trying to execute user searches. I know my OAuth signature generation is working because I can post tweets and read timelines. http://api.twitter.com/1/users/search.xml?oauth_consumer_key=[REMOVED]oauth_nonce=9431003oauth_signature_method=HMAC-SHA1oauth_timest amp=1267153135oauth_token=46250708-a4j7vouEUIK3Ro89mpHo8pcRUh8eUmtjeKsBUQD QSoauth_version=1.0page=1q=Duane%20Roelandsoauth_signature=zR3Rd%2FeA1t ubrjNzMxsb6NxM2D0%3D -- Raffi Krikorian Twitter Platform Teamhttp://twitter.com/raffi
[twitter-dev] 503 - Server Unavailable on User Search
Getting steady 503 errors when trying to execute user searches. I know my OAuth signature generation is working because I can post tweets and read timelines. http://api.twitter.com/1/users/search.xml?oauth_consumer_key=[REMOVED]oauth_nonce=9431003oauth_signature_method=HMAC-SHA1oauth_timestamp=1267153135oauth_token=46250708-a4j7vouEUIK3Ro89mpHo8pcRUh8eUmtjeKsBUQDQSoauth_version=1.0page=1q=Duane%20Roelandsoauth_signature=zR3Rd%2FeA1tubrjNzMxsb6NxM2D0%3D
[twitter-dev] Re: 'Incorrect signature' on status update with OAuth when verify credentials works
I ended up rolling back my library to an earlier version of my encoding algorithm and things are working now. Unfortunately, it meant sacrificing compatibility with multibyte characters, so my library loses some functionality. It's frustrating to have production code fail test cases that worked the day before. But when you don't have complete control over the entire system, these are the things that will occasionally happen. Thanks for looking into it, Ryan. On Feb 4, 8:35 am, ryan alford ryanalford...@gmail.com wrote: I just posted this status using my library with OAuth and it worked fine.. Testing my Twitter OAuth library with some special characters !?:*^%...@!~`=+-_ Ryan On Thu, Feb 4, 2010 at 6:19 AM, Bhavani Sankar Sikakolli b.san...@gmail.com wrote: Yes, it fails everytime. I have checked to see that I am configuring everything the right way. On Thu, Feb 4, 2010 at 4:43 PM, ryan alford ryanalford...@gmail.comwrote: Does it fail everytime? I will test mine when I get to work in about an hour. Ryan Sent from my DROID On Feb 4, 2010 12:23 AM, Duane Roelands duane.roela...@gmail.com wrote: And please forgive my obnoxious tone; I'm tired and frustrated. :) On Feb 4, 12:05 am, Duane Roelands duane.roela...@gmail.com wrote: Ryan: If posting Hello ...
[twitter-dev] Re: 'Incorrect signature' on status update with OAuth when verify credentials works
Ryan: If posting Hello World works and posting Hello world! fails, then the problem is not the presence or absence of the status parameter. These are libraries that were working until recently; it appears that something has changed on Twitter's end. Multiple users of multiple libraries are now reporting the issue. On Feb 2, 11:09 pm, ryan alford ryanalford...@gmail.com wrote: Remember that the status update is different from most of the other requests, because it adds the status parameter that is not in the other requests. This means that it needs to be part of the query string and also the signature. Leaving this out could cause an issue. Ryan Sent from my DROID On Feb 2, 2010 10:03 PM, ohauske ovonhau...@gmail.com wrote: Hi Ryan, I tried getting the home timeline and a couple of other methods and everything works, everything except the update status here's my request: http://twitter.com/statuses/update.xml?oauth_consumer_key=**oaut... I'm using this library http://code.google.com/p/oauth/ On Jan 29, 6:10 am, ryan alford ryanalford...@gmail.com wrote: Try getting the home timeline and... On Jan 28, 2010 11:14 PM, arian cabezas arian.cabe...@gmail.com wrote: Hi Ryan. I´m havi...
[twitter-dev] Re: 'Incorrect signature' on status update with OAuth when verify credentials works
And please forgive my obnoxious tone; I'm tired and frustrated. :) On Feb 4, 12:05 am, Duane Roelands duane.roela...@gmail.com wrote: Ryan: If posting Hello World works and posting Hello world! fails, then the problem is not the presence or absence of the status parameter. These are libraries that were working until recently; it appears that something has changed on Twitter's end. Multiple users of multiple libraries are now reporting the issue. On Feb 2, 11:09 pm, ryan alford ryanalford...@gmail.com wrote: Remember that the status update is different from most of the other requests, because it adds the status parameter that is not in the other requests. This means that it needs to be part of the query string and also the signature. Leaving this out could cause an issue. Ryan Sent from my DROID On Feb 2, 2010 10:03 PM, ohauske ovonhau...@gmail.com wrote: Hi Ryan, I tried getting the home timeline and a couple of other methods and everything works, everything except the update status here's my request: http://twitter.com/statuses/update.xml?oauth_consumer_key=**oaut... I'm using this library http://code.google.com/p/oauth/ On Jan 29, 6:10 am, ryan alford ryanalford...@gmail.com wrote: Try getting the home timeline and... On Jan 28, 2010 11:14 PM, arian cabezas arian.cabe...@gmail.com wrote: Hi Ryan. I´m havi...
[twitter-dev] Re: 'Incorrect signature' on status update with OAuth when verify credentials works
Users of my library (TwitterVB) are reporting the same problem. this
library has been working for quite some time, we've made no changes to
the encoding, and now we're getting reports from several users that
statuses that contain the exclamation point (!) are being rejected
for incorrect signature.
I'd be grateful for some feedback from the platform team on this.
This wouldn't be the first time that OAuth was changed and no one
communicated it to the developer community.
On Feb 2, 10:02 pm, ohauske ovonhau...@gmail.com wrote:
Hi Ryan,
I tried getting the home timeline and a couple of other methods and
everything works, everything except the update status
here's my request:
http://twitter.com/statuses/update.xml?oauth_consumer_key=**oaut...
I'm using this library
http://code.google.com/p/oauth/
On Jan 29, 6:10 am, ryan alford ryanalford...@gmail.com wrote:
Try getting the home timeline and see if you get the incorrect signature
message.
Ryan
Sent from my DROID
On Jan 28, 2010 11:14 PM, arian cabezas arian.cabe...@gmail.com wrote:
Hi Ryan.
I´m having the same problem with the statuses/update using the php
library provided by Twitter, name as : Twitter-async, as said eco_bach
i verified my signatures and i receive information back on verify
credentials (and no 'incorrect signature' error), it´s really rare
what it´s happening couse some times it works and some times apeear
when a do a ¨$connection-post('statuses/update', array('status' =
$statusStr))¨ the misterious message ¨incorrect signatures¨ as
response. I dont know what to do, becouse i´m following all the stuffs
that are described on the Twitter-async API. It began to happen the
last Tuesday 26th.
My regards.
Arian
On 27 ene, 00:30, ryan alford ryanalford...@gmail.com wrote: It is still
a POST, you just don't...
On Jan 26, 2010 4:32 PM, eco_bach bac...@gmail.com wrote: Hi Ryan
Changed to 'GET' and i...
[twitter-dev] Re: Tweets with !, ', and other characters refused..
I'm seeing this in a library that previously was not having this issue. On Jan 14, 9:48 am, Xavier Grosjean xavier.grosj...@yoono.com wrote: There must be an issue in the OAuth signature computing, which is why you are requested to provide your login again... 2010/1/14 thetwitmaniac alon.a.ta...@gmail.com We are using UTF-8 and still have this issue! Really can't understand why, all help would be greatly appreciated! On Dec 23 2009, 6:04 pm, Abraham Williams 4bra...@gmail.com wrote: Make sure you are properly encoding the characters before you send them to Twitter. Abraham On Tue, Dec 22, 2009 at 23:49, thetwitmaniac alon.a.ta...@gmail.com wrote: Hi, I'm building a desktop twitter client and for some reason whenever I try to post a tweet with an exclamation mark or apostrophe, the tweet is rejected and I am presented with a request to provide login credential for the Twitter API. Has anyone run into this issue or have any idea why this would occur? Thanks! -- Abraham Williams | Awesome Lists |http://awesomeli.st Project | Intersect |http://intersect.labs.poseurtech.com Hacker |http://abrah.am|http://twitter.com/abraham This email is: [ ] shareable [x] ask first [ ] private.
[twitter-dev] Re: Skipping the PIN based workflow for Desktop clients using OAuth
I'm not sure I follow your line of reasoning. You say you're working in PHP, which suggests that you're writing a web app. The PIN is only for desktop apps and is not a part of the web OAuth process. Are you writing a desktop app, or a web app? On Jan 2, 10:57 am, Vikram vikram.prav...@gmail.com wrote: Hi All, I am fairly a newbie to OAuth. Currently I am working on desktop client which uses the basic authentication. Would like to switch to OAuth. So I intially tried my hands with Abraham's PHP library. Apparently, I couldn't the callback to work. After googling and going through the latest OAuth changes I realized that I need to register my app as a Webapp for callbacks to work. Digging further I found that twitter actually validates the callback URL and as i don't have a public server I couldn't register myApp as a Web client because twitter says my callback URL is invalid(As Expected). So I am kind of struck. My actual idea was to save the access token and reuse it in future for authentication without having the user go through the entire process. But I found that the PIN is required everytime. So I thought of using of registering my app as web app and use PHP to work till getting the access token and then use the access token for further operations, but I couldn't get the callback to work because of the above mentioned issue. So I am wondering how to solve the problem? Please help me out,if there is no way to skip the PIN based workflow for desktop apps then I will have to continue with BASIC AUTH. But Twitter claims that it will soon drop support for BASIC AUTH and make the API ACCESS OAUTH ONLY. Please help me out. Thanks a Ton in advance.
[twitter-dev] Re: Question about Twitter use in library names
It's been four weeks since I originally asked this question. Is there any chance at all it will be answered in the near future? The time it takes to get a simple straight answer is mind-boggling. On Dec 22 2009, 11:14 am, Duane Roelands duane.roela...@gmail.com wrote: Hopefully, I haven't asked a question with an unfortunate answer. When I look at the number of great libraries with Twitter in the name, it would be a real kick in the teeth to the developer community. On Dec 22, 12:09 am, Ryan Sarver rsar...@twitter.com wrote: Just wanted to follow up with everyone and let you know we are still on this and haven't forgotten about the thread. Hopefully will have an answer for you soon. Best, Ryan 2009/12/5 Ryan Sarver rsar...@twitter.com Duane, We definitely don't want to be sending any nastygrams, especially for something that helps the community. I put a note into our legal / marks department so that I can get an answer back to you and everyone else. Please bear with us as it could take a bit, but I'll get you an answer. Best, Ryan On Fri, Dec 4, 2009 at 1:39 PM, Duane Roelands duane.roela...@gmail.comwrote: A question for the Twitter team: I'm the developer and maintainer of an open source library called TwitterVB. Can I expect a nastygram from your lawyers at some point? Or is there some way I can have the project vetted to avoid such a thing in the future?
[twitter-dev] Re: Tweets with !, ', and other characters refused..
What language are you working in? Also, are you using an existing library or writing your own? On Dec 23, 12:49 am, thetwitmaniac alon.a.ta...@gmail.com wrote: Hi, I'm building a desktop twitter client and for some reason whenever I try to post a tweet with an exclamation mark or apostrophe, the tweet is rejected and I am presented with a request to provide login credential for the Twitter API. Has anyone run into this issue or have any idea why this would occur? Thanks!
[twitter-dev] Re: Question about Twitter use in library names
Hopefully, I haven't asked a question with an unfortunate answer. When I look at the number of great libraries with Twitter in the name, it would be a real kick in the teeth to the developer community. On Dec 22, 12:09 am, Ryan Sarver rsar...@twitter.com wrote: Just wanted to follow up with everyone and let you know we are still on this and haven't forgotten about the thread. Hopefully will have an answer for you soon. Best, Ryan 2009/12/5 Ryan Sarver rsar...@twitter.com Duane, We definitely don't want to be sending any nastygrams, especially for something that helps the community. I put a note into our legal / marks department so that I can get an answer back to you and everyone else. Please bear with us as it could take a bit, but I'll get you an answer. Best, Ryan On Fri, Dec 4, 2009 at 1:39 PM, Duane Roelands duane.roela...@gmail.comwrote: A question for the Twitter team: I'm the developer and maintainer of an open source library called TwitterVB. Can I expect a nastygram from your lawyers at some point? Or is there some way I can have the project vetted to avoid such a thing in the future?
[twitter-dev] Re: Desktop App oAuth GET request with valid accesstoken returns 401 Unauthorized
Sanjay,
There are several really good .NET libraries that handle OAuth
already.
I would give TweetSharp a look to see if it meets your needs. You
might also want to look at TwitterVB.
http://tweetsharp.com
http://twittervb.codeplex.com
On Dec 18, 5:01 am, Sanjay shosansha...@gmail.com wrote:
We are still trying with no luck :-(. Is somebody from Twitter
listening who could help us here? I think we are making some little
mistake which is blocking us. It's really frustrating. Maybe if
somebody could check at server side and let us know if our encoding or
string formation or what might be the issue. Please help!!! Does
it matter from which region (country) we are trying to make these
calls? I hope not. We are trying this from India.
Some more things we tried:
1. We put Authorization in header as below (once with oauth_signature
encoded and once without encoded, we get two different error codes,
see below for detail):
-Header without oauth_signature encoded
{User-Agent: Testweet
Content-Type: application/x-www-form-urlencoded
Authorization: OAuth realm=Twitter API,oauth_consumer_key=---
removed---,oauth_nonce=68f3e3ca5d7440e5bac6cbc08029d817,oauth_signature_
method=HMAC-
SHA1,oauth_timestamp=1261129193,oauth_token=---
removed---,oauth_version=1.0,oauth_signature=uVAiNwVqoSa8FFqZ/HRN/
rwhod0=
}
We get following error:
{Status: 500 Internal Server Error
Vary: Accept-Encoding
Connection: close
Content-Length: 4684
Cache-Control: no-cache, max-age=300
Content-Type: text/html; charset=utf-8
Date: Fri, 18 Dec 2009 09:40:27 GMT
Expires: Fri, 18 Dec 2009 09:45:27 GMT
Set-Cookie: _twitter_sess=xxx; domain=.twitter.com; path=/
Server: hi
}
-Header with oauth_signature encoded
{User-Agent: TestTweet
Content-Type: application/x-www-form-urlencoded
Authorization: OAuth realm=Twitter API,oauth_consumer_key=---
removed---,oauth_nonce=88b3f32da1fe46c7af8581f63e869c14,oauth_signature_
method=HMAC-
SHA1,oauth_timestamp=1261129414,oauth_token=---
removed---,oauth_version=1.0,oauth_signature=h
%2FHxJ9zS0UWISrh4T2762u5paA0%3D
}
We get following error:
{Status: 401 Unauthorized
Vary: Accept-Encoding
Connection: close
Content-Length: 148
Cache-Control: no-cache, max-age=1800
Content-Type: application/xml;
charset=utf-8
Date: Fri, 18 Dec 2009 09:44:13 GMT
Expires: Fri, 18 Dec 2009 10:14:13 GMT
Set-Cookie: _twitter_sess=xxx; path=/
Server: hi
WWW-Authenticate: Basic realm=Twitter API
}
Thank
On Dec 15, 6:52 pm, Sanjay shosansha...@gmail.com wrote: Any Idea out
there? I tried following to no avail:
a. Did the entire process (starting from registering the app and
generating consumer key/secret to getting Access Token/secret. Works
fine till I get Access Token Secret
b. When I copy/paste complete URL in browser's address bar, it prompts
[twitter-dev] Re: Developer Preview: Contributor API
The blog post says that this will be launched to all business users and ecosystem partners which would seem to imply that it's not going to be launched for the entire userbase. 1. Is Twitter planning to charge money for this feature? 2. If so, how does that affect developers? Is this going to cost developers any money in any way whatsoever? 3. Will developers who -don't- have business accounts have access to the Contributor API? On Dec 15, 12:16 am, Justyn justyn.how...@gmail.com wrote: That's exactly what I was wondering, helps for planning. Thanks Raffi! On Dec 14, 11:14 pm, Raffi Krikorian ra...@twitter.com wrote: what we have not yet exposed is the invitation or linking step - but, you are mostly correct. to carry on with my example, @twitter would invite @raffi to contribute on its behalf. now @raffi, has the ability to call API endpoints with contributingto=783214. �...@raffi and @twitter are both twitter accounts, but @twitter has enabled itself for contributors to access it. does that help? On Mon, Dec 14, 2009 at 8:33 PM, Justyn justyn.how...@gmail.com wrote: Hi Raffi, Curious how the contributors will be associated? Will it essentially be linking accounts? Presumably then the user would identify in an app which account to post an update to based on those accounts they have been associated as contributors to? So, a contribution would originate from a separate Twitter account, let's say @Raffi and be posted to @Twitter. The primary difference from what we're used to with CoTweet for example, where you may have many authors with no individual twitter accounts, this would all be based on having two or more accounts (1 biz account linked to contributor accounts). Does that make sense? Justyn On Dec 14, 6:07 pm, Raffi Krikorian ra...@twitter.com wrote: As you may have seen on our bloghttp://blog.twitter.com/2009/12/feature-test-with-businesses.html, we're starting a very small test of a new feature that will allow a Twitter account to have multiple contributors. This is the first in a suite of features that we'll be rolling out specifically targeted to the needs of businesses, and this particular feature is going to allow a business to invite employees and representatives to tweet, DM, follow users, etc., on behalf of the account holder. While this feature is not ready for prime-time, and while we're not yet taking requests to be part of an early-access release while we work out the kinks, we're really committed to keeping our developers in the loop. I want to give you all a heads up on what is coming on the API side, and, for this particular feature, I wanted to give you all a look at what we're calling the Contributor API. The reason I want to really highlight these changes is because we'll be making an addition to the status objects as this rolls out. We'll be introducing a new parameter called contributingto to most API endpoints -- this parameter must be set to the user ID of the user that the employee or representative wants to take the action on behalf of. If using contributingto, then the caller must authenticate when calling and must use OAuth. For example, if I, @raffi, wanted to tweet on behalf of @twitter (ID 783214), I would call /status/update.xml, I would attach a parameter of contributingto=783214, and I would authenticate to that endpoint as myself using OAuth. The API will confirm that @raffi has permission to contribute to the @twitter account, and will error with a 403 if that account does not. You can expect to see contributingto show up as an optional parameter to the following endpoints (and presumably some more) when calling onhttp:// api.twitter.com/1: /account/rate_limit_status /account/update_profile /account/update_profile_background_image /account/update_profile_colors /account/update_profile_image /account/verify_credentials /blocks/blocking /blocks/blocking/ids /blocks/create /blocks/destroy /blocks/exists /direct_messages /direct_messages/destroy /direct_messages/new /direct_messages/sent /favorites /favorites/create /favorites/destroy /followers/ids /friends/ids /friendships/create /friendships/destroy /friendships/exists /report_spam /saved_searches /saved_searches/create /saved_searches/destroy /saved_searches/show /statuses/destroy /statuses/followers /statuses/friends /statuses/friends_timeline /statuses/home_timeline /statuses/mentions /statuses/public_timeline /statuses/retweet /statuses/retweeted_by_me /statuses/retweeted_to_me /statuses/retweets /statuses/retweets_of_me /statuses/show /statuses/update /statuses/user_timeline /users/show
[twitter-dev] Re: delete a tweet with twitterVB .net library API
Kelly, I'm the maintainer of the TwitterVB project. Thanks for trying TwitterVB! Your best bet for getting help with the TwitterVb library is to post in the TwitterVB discussion forum at the following URL: http://twittervb.codeplex.com/Thread/List.aspx To answer your question more specifically... 1. Call the UserTimeLine() method, using the TwitterParameters object to specify whose tweets you want to see and how many tweets you want to see. 2. Loop through the resulting List(Of TwitterStatus) and call the DeleteUpdate() method, massing in each Tweet ID that you wish to delete. Because the timelines do not reach back terribly far, it may not be possible to delete every ID that's older than one week. If that's what you want to accomplish, you may want to store the IDs of the tweets you post as you post them, along with the date. Then, you could just retrieve the appropriate IDs from that list. Hope this helps! --Duane On Dec 14, 7:48 pm, KellyP kelly.pear...@ct.gov wrote: I guess I should have been more specific. I saw the DeleteUpdate method which calls for an ID parameter to be passed in, but I don't know how to get the ID of a tweet, let alone all the IDs for tweets older than 1 week. I know if you hover over a tweet in twitter you can see the ID, but how do you get at it programmatically? Sorry if this a simple thing, I'm a newbie in regards to twitter and I can't seem to find any documentation or help on how to get the ID. On Dec 14, 5:43 pm, Andrew Badera and...@badera.us wrote: Hrmmm, the method that says DeleteUpdate might just possibly delete updates. But that's just from glancing at the TwitterVB site for a mere 30 seconds, I could be wrong. ∞ Andy Badera ∞ +1 518-641-1280 Google Voice ∞ This email is: [ ] bloggable [x] ask first [ ] private ∞ Google me:http://www.google.com/search?q=andrew%20baderaOnSun, Dec 13, 2009 at 11:09 PM, KellyP kelly.pear...@ct.gov wrote: Is there a way to delete previously posted tweets using the twitter API? I'm using the twitterVB .net library and would like to delete all tweets older than 1 week. Any help would be appreciated. Thanks.
[twitter-dev] Re: A New API For Browserless Apps?
It seems clear to me from Raffi's comments on it that this third oauth flow is intended solely to enable Twitter use from embedded applications or in other environments in which it is not possible to use the existing oauth flows because there is no way to bring up a browser. And this will be enforced...how? The API is going to be smart enough to discern the environment from which the request originates? Of course not. The methods that allow the user-credentials-for-OAuth- tokens swap will be available to all developers. Developers who want the easier implementation and easier user experience will choose those methods, amplifying the notion that giving away your Twitter credentials to third-party apps is a good idea. It in no way prevents or discourages use of the existing oauth flows in scenarios where a browser is available. Prevents? No. Discourages? Absolutely. It provides an incentive for poor security decisions by developers and users.
[twitter-dev] Re: WTF? - Password harvester or sandbox?
Looks like a scam site to me On Dec 11, 10:17 am, Mack Earnhardt mack.earnha...@gmail.com wrote: BE CAREFUL WITH THIS LINK! Ishttp://oulove(dot) appspot (dot) com/ a legitimate test, or a password harvester?
[twitter-dev] Re: WTF? - Password harvester or sandbox?
I reported it to the Google appspot abuse team. On Dec 11, 10:22 am, Duane Roelands duane.roela...@gmail.com wrote: Looks like a scam site to me On Dec 11, 10:17 am, Mack Earnhardt mack.earnha...@gmail.com wrote: BE CAREFUL WITH THIS LINK! Ishttp://oulove(dot) appspot (dot) com/ a legitimate test, or a password harvester?
[twitter-dev] Re: A New API For Browserless Apps?
Many of us in the developer community have been strongly pushing the point of view that third-party apps should never be asking for user credentials. We did so because we believed that Twitter was firmly committed to the security of the ecosystem and protecting the accounts of its users. It now appears that this belief was in error. This decision is going to actively hurt developers who chose the more secure implementation. Application A just lets me log in with my Twitter credentials, but Application B wants me to go through this harder process. Most users will choose option A, and the more-secure application B loses users. this decision punishes developers who chose the more secure model. It's disappointing, because a lot of developers have worked very hard to bring OAuth implementations to the community that were robust and secure and **didn't require a user to hand over their Twitter credentials**. There was a great opportunity here for Twitter to be a security leader in the social network space by saying We don't want our users giving their Twitter credentials to anyone except Twitter. It's a shame they didn't stick to their gun; the result is going to be a less- secure ecosystem.
[twitter-dev] A New API For Browserless Apps?
If we're talking about replacing the PIN Workflow, then this is a good idea. If we're talking about completely different interfaces for web and desktop apps, I can't see how that's an improvement. Seeing as the Search API is still not in line with the rest of the API, does this mean that we're going to have three disparate incompatible interfaces to juggle? How is that an improvement?
[twitter-dev] Re: Announcements
On Dec 9, 1:38 pm, Raffi Krikorian ra...@twitter.com wrote: i wouldn't qualify a text-only client as a desktop client :P Funny, the 800 people who are using my OAuth-enabled text-only client seem to think it works just fine. Just because -you- don't like it doesn't mean it doesn't count. http://GetQuitter.com - A text-only client for Twitter implemented as a .NET console application.
[twitter-dev] Question about Twitter use in library names
A question for the Twitter team: I'm the developer and maintainer of an open source library called TwitterVB. Can I expect a nastygram from your lawyers at some point? Or is there some way I can have the project vetted to avoid such a thing in the future?
[twitter-dev] Re: What Is The Status of Twitter OAuth?
Use it or don't, and own your decision. It works. It's stable. It's more secure than Basic Auth. It's what Twitter wants you to use. What's the problem here? So tired of OAuth whining. If Twitter OAuth is stable enough for Twitter to recommend that that all third-party applications connect through OAuth connection, then move it out of beta and into production mode, and announce it as such. If not, then don't make that recommendation.
[twitter-dev] Re: Authorizing users for my app's API
Lee, TwitPic and TweetPhoto use Basic Auth for this; if you post a photo to TwitPic via the API, you've got to pass the Twitter username and the password. It works for those APIs, so it should work for yours. OAuth don't (yet) provide a good solution for the scenario you describe; until they do, Basic Auth is fine. My recommendation is that you -never- store those login credentials that are passed and require them on every API method call; you're just safer that way for obvious reasons. On Nov 30, 6:19 pm, LeeS - @semel lse...@gmail.com wrote: Here's the situation: My app lets users OAuth via Twitter as their login. Simple and standard. Now, I've created an API for my app. I want other apps, say Twitter clients, to be able to use my app, as if they are one of my app's users. What's the best way to let the user authorize that app to use my app? Do I have to implement OAuth myself, and then have the user OAuth twice, once into my app and once into Twitter via my app to let my app access Twitter? That's a lot of screens for the user to go through. I'm curious how you'd handle this, and if there's a simpler solution. Lee
[twitter-dev] Re: What Is The Status of Twitter OAuth?
You state to don't use it. It doesn't look like we will have much of a choice soon. Twitter is recommending third-parties move to OAuth. Looks like it won't be long before basic auth is depreciated. No, what I said was use it or don't. Please don't misrepresent my statements. In other words, make a decision about OAuth and stop complaining about the 'beta' label.
[twitter-dev] TwitterVB 2.0 Release
I am pleased to announce the release of TwitterVB 2.0, a .NET library for Twitter applications. The newest version of the library includes several important features: - OAuth for web applications - TwitPic support - TweetPhoto support - URL Shortener support TwitterVB includes comprehensive API documentation, and is free to use. You can check it out at http://TwitterVB.codeplex.com. TwitterVB is 100% Visual Basic.NET. Many thanks to all of the members of this group who have helped me turn TwitterVB from an idea into a reality.
[twitter-dev] Re: oauth Process flow and status Part 1
Classic ASP? You may in for a rough road. It not just an encoded URL. You have to generate a signature for the URL using some algorithms that may not be easily implemented in ASP. I'm not saying it's impossible. Why classic ASP? On Nov 27, 7:56 am, abruton andrebru...@gmail.com wrote: Hi I've found a test site that gives feedback to what the error is athttp://term.ie/oauth/example/ My error is that the signature is incorrect. What must the string look like that needs to be signed? I've tested my script and I know it encodes correctly if you give it the right information. Can someone please post a copy of the string that is sent to be encoded. Best regards Andre On Nov 27, 6:22 am, Andre Bruton andrebru...@gmail.com wrote: Classic ASP On Fri, Nov 27, 2009 at 2:58 AM, Duane Roelands duane.roela...@gmail.com wrote: Andre, Are you sure there isn't already an OAuth library out there that will work for you? What language are you developing in? --Duane On Nov 26, 2:11 am, abruton andrebru...@gmail.com wrote: Thank you for the help. I'm still trying to get the first part to work... 1. The first step in the process, you will make a GET request to http://twitter.com/oauth/request_token;. In this request, you will need the following parameters in this specific order: oauth_consumer_key oauth_nonce oauth_signature_method oauth_timestamp oauth_version oauth_signature What string do I sign? The whole URL? Eg: oauth_consumer_key=2FuDFffo1MnWkw9g2JK7621HAoauth_nonce=1112009260947V57BU QK06I7H1BL88VBR65VT2oauth_signature_method=HMAC- SHA1oauth_timestamp=1259226047oauth_version=1.0 or http://twitter.com/oauth/request_token?oauth_consumer_key=2FuDFffo1Mn... When do I UTF-8 encode? Before signing or after signing? Same with the posting? What do i post and when do I UTF-8 encode? Best regards Andre On Nov 24, 10:17 pm, ryan alford ryanalford...@gmail.com wrote: The signature has to go last. That's one mistake that most people make. You are suppose to put the parameters in order EXCEPT the signature parameter. The signature parameter is created by using the other parameters, then it's appended to the end of the query string. The OAuth signature is generated. I made a blog post where I tried to explain it a little better than the documentation does. It's for .Net for the desktop, but the process is the same for any language, and only slightly different for web applications. http://eclipsed4utoo.com/blog/net-twitter-desktop-oauth-authentication/ On Tue, Nov 24, 2009 at 3:12 PM, abruton andrebru...@gmail.com wrote: Hi All I am trying to get my head around the Twitter oauth flow. The twitter documentation links to oauth.net for parameters, but these are general and not well documented. Is the first step to usehttp://twitter.com/oauth/request_token? 1. I created the following URL: http://twitter.com/oauth/request_token?oauth_consumer_key=3Uu...1HAo... When I put this in a browser to test it, I get the following error: Failed to validate oauth signature and token 1. What is wrong with the string? - Is the oauth_signature just your Consumer secret string? - Do I have to use oauth_signature_method and what method do I use. If it is sha1, what string do I hash? The whole URL? Do I POST the data tohttp://twitter.com/oauth/request_tokenorGETor what? Best regards Andre F Bruton
[twitter-dev] Re: oauth_callback help
If that's true, then that would make testing/development very difficult, if not impossible. On Nov 25, 4:04 am, jmathai jmat...@gmail.com wrote: Without having tested it, I wouldn't be surprised if the callback url needs to be on the same domain as the url specified in application settings. Have you tried using a callback url to a random page on the domain of the application setting url? On Nov 24, 5:38 pm, Duane Roelands duane.roela...@gmail.com wrote: Trying to work through web authentication and running into a problem that I am sure someone else has solved. http://twitter.com/oauth/authorize?oauth_token=lM4ZRypYyYkA255S2dHVk6... I authorize the app, but I am not redirected to my localhost page - I am redirected to the URL in the application settings. Is my URL not properly formed?
[twitter-dev] oauth_callback help
Trying to work through web authentication and running into a problem that I am sure someone else has solved. http://twitter.com/oauth/authorize?oauth_token=lM4ZRypYyYkA255S2dHVk6JmPuAnjK14DVFqreuNvxsoauth_callback=http://localhost:51157/Default.aspx I authorize the app, but I am not redirected to my localhost page - I am redirected to the URL in the application settings. Is my URL not properly formed?
[twitter-dev] Re: Is it possible to recreate Twitter's followers screen?
I would get a list of the current user's followers and maintain it in a cache. Then, when displaying an arbitrary list of users, check each user to see if that user exists in the cache. They they do, show the Unfollow button. If they don't, show the Follow button. On Nov 23, 12:08 pm, Chris Thomson chri...@chris24.ca wrote: There seems to be a `following` boolean attribute returned for each user in /statuses/followers.xml (and .json)... is that what you're looking for? -- Chris Thomson On 2009-11-23, at 11:16 AM, Ryan Bell wrote: I would like to completely recreate Twitter's followers screen. After some research, we aren't sure its possible without being inefficient with the API. We're unable to determine if a user is a following the logged in user in a bulk fashion.This information is needed in order to determine which options to include next to each follower. ex) should you show 'follow' or 'unfollow' button? Twitter returns your followers information, but does not include information as to whether you are also following that user. It seems that the only way to get this additional information is on a 1-by-1 basis by checking to see if each of your followers is being followed by you. QUESTION: Is there a better way to determine in bulk if users are being followed by you? It seems that this functionality must exist in order for an application to mimic Twitter's Followers page. Thanks in advance for any assistance, Ryan
[twitter-dev] Re: Kill the new RT feature - it's non-relational
I lost tack of how many times you contradicted yourself, so I'll just point out the big one. AT LEAST GIVE ME THE OPTION TO DECIDE FOR MYSELF IF I WANT TO SEE RTs FROM NON-FOLLOWERS! ...and then... I NEED to see an RT from people who aren't following me to help me build my business. You didn't have the option to filter retweets from non-followers before. This feature makes that possible for developers to give you that feature in client software. So, this feature makes it POSSIBLE to give you the feature you want when it wasn't possible before. Maybe you want this feature, maybe you don't. I can't tell from your ranting which you want or don't want. But, this change puts more control in the hands of developers and that's a good thing. You may or may not agree with that. You'll probably agree AND disagree in the same response. On Nov 22, 10:49 am, chuckblakeman cfblake...@gmail.com wrote: AT LEAST GIVE ME THE OPTION TO DECIDE FOR MYSELF IF I WANT TO SEE RTs FROM NON-FOLLOWERS! Unless I'm missing something here, this is the single worst (and only) degradation of service Twitter has ever put in place. A big step backwards for three reasons - 1) It completely ignores the concept of relationship building, 2) it promotes elitist arrogance on Twitter, and 3) it will increase meaningless RTs exponentially - What am I missing here on what's good about this? Ignoring Relationship Building People gravitate toward people they enjoy communicating with - that's how we build friends in any context. One of the main ways I find people I want to meet is that they like what I say, and more often than not, an RT tells me they like what I say, and I do the same for them. To keep me from being able to see people who like what I say removes one of the best ways of building relationships Twitter has. I NEED to see an RT from people who aren't following me to help me build my business. Elitist Arrogance Being annoyed by people retweeting you is like an author being annoyed that people showed up at their book signing - how elitist to turn up your nose at people who like what you say. Gee, sorry about that. This mindset doesn't want to build relationships but just wants to be able to count how many faceless, nameless people RT them - how arrogant is that? Increased Meaningless RT Traffic Before this feature, you actually had to do a little work to RT - copy, paste, put RT in front of it and send. Ouch - that's a lot of work. But that tiny bit of work kept people from senselessly RT'ing just to gain followers - it was too cumbersome to use effectively for spamming. Now by the simple push of a button people will be RT'ing like changing TV channels w/ a remote, and you won't really know if it meant enough to them to put a little effort into building that relationship with you - just stop holding your finger up and let it fall - that really shows a how much that comment meant to you? Summary Twitter started out as a tool to build relationships. It has become less and less personal. This new RT'ing feature reduces your ability to build relationships, plays to the arrogant elite, and makes it easier for people to use RT'ing and 10 different ghost accounts to spam people to death. And this is an upgrade? Hmmm not seeing it. Facebook is starting to look good all of a sudden.
[twitter-dev] Re: Please allow me to see people who RT me! !
I believe the Retweets Of Me timeline is what you're looking for. On Nov 22, 12:24 pm, chuckblakeman cfblake...@gmail.com wrote: I don't see any RTs in the Your tweets, retweeted tab from people WHO AREN'T FOLLOWING ME. I want to see those! Is there a way for me to see people who RT me who aren't following me? That's the biggest problem i see with this, and unless I can find those people, this whole upgrade ignores some basic fundamentals of building relationships. Imagine having people visit your blog and try to leave a comment that they agree with you and you're not allowed to see it. And this is an upgrade? Still not seeing any upgrade here. On Nov 22, 9:14 am, Michael Ekstrand mich...@elehack.net wrote: Chuck Blakeman wrote: Unless I'm missing something here, this is the single worst (and only) degradation of service Twitter has ever put in place. A big step backwards for three reasons - 1) It completely ignores the concept of relationship building, 2) it promotes elitist arrogance on Twitter, and 3) it will increase meaningless RTs exponentially - What am I missing here on what's good about this? Have you tried looking at the Your tweets, retweeted tab in the Retweets page on Twitter's web site? - Michael -- mouse, n: A device for pointing at the xterm in which you want to type. Confused by the strange files? I cryptographically sign my messages. For more information see http://www.elehack.net/resources/gpg. signature.asc 1KViewDownload
[twitter-dev] TwitPic upload method for VB.NET developers
After implementing TwitPic upload functionality in the TwitterVB library, it seems only appropriate to share the code here with other VB.NET developers. http://twittervb.codeplex.com/wikipage?title=TwitPicUpload
[twitter-dev] 404s from OAuth?
I'm seeing 404s from OAuth suddenly, when trying to hit... http://api.twitter.com/1/oauth/request_token?[query string removed[ ...but getting normal responses from http://api.twitter.com/oauth/request_token I thought the /1/ was standard at this point. Was I mistaken, or is this just a blip?
[twitter-dev] Re: Posting non-English Characters using OAuth
I'd be very interested in seeing your solution.
I'm having this very problem in my OAuth implementation and I can't
seem to find a good solution.
On Nov 2, 7:15 am, Kalpesh kalp.meh...@gmail.com wrote:
Done!
It's now updating status successfully for ascii as well as non-ascii
characters..
the problem was my oAuth.. i downloaded the latest code and it's
working flawlessly..
thx for ur help!
On Nov 2, 4:27 pm, Kalpesh kalp.meh...@gmail.com wrote:
I have tried two things to get my non-english characters status update
to work:
1.) Using meta tag in the head as meta http-equiv=Content-Type
content=application/x-www-form-urlencoded; charset=UTF-8 /
2.) Using utf8_encode for status and posting
None of the above works. I get incorrect signature trying to post
non-english characters. English characters works fine.
I am able to update non-english status with direct status posting from
cURL, problem is with oAuth..
Can anyone provide a working example code using oAuth for this?
On Oct 29, 12:35 am, Cameron Kaiser spec...@floodgap.com wrote:
What encoding function to use for postingnon-englishcharacters ??
i am using urlencode but it is not postingnon-englishcharacters to
twitter
Are you properly encoding the characters as UTF-8? That should occur
before you URL-encode your payload.
--
personal:http://www.cameronkaiser.com/--
Cameron Kaiser * Floodgap Systems *www.floodgap.com*ckai...@floodgap.com
-- The gift of death metal does not smile on the good looking. -- S.B.
#141 ---
[twitter-dev] TwitterVB 1.4 Available
It is my pleasure to announce that version 1.4 of the TwitterVB library is available at http://twittervb.codeplex.com/ TwitterVB is a .NET library primarily intended for developers who are interested in creating desktop Twitter applications. Among its features: - A working implementation of OAuth with an easy-to-follow tutorial. - Support for search. - Multibyte-character support for languages such as Japanese. - Documentation in a compiled help file and lots of code samples. TwitterVB is free and open source and will always be both.
[twitter-dev] Re: TwitterVB 1.4 Available
John, In Vista or Windows 7, you'll have to right-click on the .chm file and click Unblock before you can see the contents of the topics. It - might- be that way in XP as well, but I haven't worked in XP in a while. :) As for search, the default number of items is 20. Paging is supported. Once your help file is working, check out the documentation for the TwitterSearchParameters class. There's a code sample there that shows how to change the default number of items per page, and how to specify the page number you want. On Oct 30, 11:57 pm, John Meyer john.l.me...@gmail.com wrote: Oh, one other thing Duane. Downloaded the chm file but it doesn't seem to be opening any of the topics. Duane Roelands wrote: It is my pleasure to announce that version 1.4 of the TwitterVB library is available athttp://twittervb.codeplex.com/ TwitterVB is a .NET library primarily intended for developers who are interested in creating desktop Twitter applications. Among its features: - A working implementation of OAuth with an easy-to-follow tutorial. - Support for search. - Multibyte-character support for languages such as Japanese. - Documentation in a compiled help file and lots of code samples. TwitterVB is free and open source and will always be both.
[twitter-dev] Re: Checking if a user exists by email
...and there never ever should be. On Oct 14, 4:55 pm, JDG ghil...@gmail.com wrote: no. On Wed, Oct 14, 2009 at 09:50, HAR HAR harsocialme...@gmail.com wrote: There was a post on this group called API Method for checking if a user exists? a while ago. The method for checking if a user exist described there no longer works. Is there a way for me to use the API to verify if an email address is associated with a twitter account? Thanks. -- Internets. Serious business.
[twitter-dev] Re: OAuth wed desktop feedback
Please do NOT adopt anything like the Facebook model. Facebook authentication for desktop applications is a nightmare. You have to programatically interact with the browser and it's an enormous hassle. I think that the OAuth flow for desktop applications is fine as-is. Mobile apps need some love, no question, but for desktop apps, I don't think anything is all that broken. On Oct 12, 3:38 pm, Isaiah supp...@yourhead.com wrote: 1. What can be improved about the web workflow? I'll leave this one for the web dudes. 2. What can be improved about the desktop workflow? The UX: it's currently very complicated for the user. Much more more complicated than basic auth. Users are unaccustomed to it. Novelty isn't a bonus during authorization. The browser: drop-kicking the user to another app seems egregious. Make it so that this is unnecessary and the UX problem is nearly solved. The assumption: there seems to be an assumption that twitter clients are *not* trusted and the web browser *is* trusted. But the reality is that all of the phishing, scams, and untrusted things that I'm bombarded with daily come in the browser. Please help me to resolve this paradox. 3. What other models of distributed auth do you think we could learn from and what specifically about them? All of the clients for everything that needs authorization on my desktop use a basic-auth-like model: email, ftp, backup services, picture sharing, blogging, well, you get the idea. I'm not saying it's right or wrong, but that is the way it is. I want my app to be part of that ecosystem and not stand out like a sore thumb. Make matching the user experience of other desktop apps your goal. If you can't achieve that goal, then maybe OAuth isn't ready for the desktop. Or perhaps it's more apt to say that the desktop is not ready for OAuth. If you say, it's really no big deal to add this one step, then stop. It **is** a big deal. Every step added is **really** big deal. Really. 4. What could we improve around the materials for integrating OAuth into your application? It's not all the complicated to implement. There's a lot of open source on web in a multitude of languages. If you have manpower to throw around, please work on the UX first. ;-) I'd be happy to contribute to any open source project that helps to achieve this. Count me in. Isaiah
[twitter-dev] Re: Have you read the OneForty.com Developer Contract?
No, no, a thousand times no. Licensor further warrants to oneforty and its Customers and Sublicensees that the Licensed Item shall be free from defects in workmanship or design Does OneForty understand that the licensed item is -software- and that software often contains bugs? Who determines what a defect in design is? OneForty? Me? Their lawyers? Licensor further warrants to oneforty and its Customers and Sublicensees that the Licensed Item shall not contain any information or content of whatever nature that is defamatory, obscene, indecent, pornographic, seditious, offensive, threatening, liable to incite racial hatred, blasphemous... Blasphemous? Really? So if my code includes a comment that states I can't make this goddamn thing work, I'm violation of the contract. Offensive? To whom? Licensor shall maintain reasonable insurance Insurance? I need to maintain insurance to claim my free, open-source Twitter client in OneForty's directory? Licensor agrees that it will not use “oneforty”, “oneforty.com” or any other trademark held by oneforty in keyword meta tags or any pages of Licensor’s website or any website(s) owned or operated by Licensor. So, I can't have a link on my page that says Check us out on OneForty! or We're listed on OneForty! or Post a review on OneForty! Laura from OneForty has the best intentions, and I really believe that she wants to produce a developer-friendly community where everyone reaps benefits. That's great, and I applaud her for her efforts to make this work. This agreement (and the noxious one that preceded it) give me the impression that OneForty's lawyers have a fundamental ignorance of software, software development, and the internet in general.
[twitter-dev] Re: Have you read the OneForty.com Developer Contract?
I read it, and I was horrified. So, I logged into IRC and found two members of the OneForty development team. I asked them to remove my application from the directory. They refused. OneForty is not a developer-friendly platform. On Oct 8, 7:44 pm, brad...@squeejee.com brad...@praexis.com wrote: wow, somehow managed to totally miss that thread... thanks! On Oct 8, 6:07 pm, Dewald Pretorius dpr...@gmail.com wrote: There's another thread herehttp://bit.ly/Owfvdwherethe developer contract also raised some eyebrows. Dewald On Oct 8, 7:25 pm, brad...@squeejee.com brad...@praexis.com wrote: There has been a lot of buzz around OneForty.com and what it will mean for all of us Twitter app developers. However, some of the things in their developer contract (that you have to agree to in order to claim your application on their side) gave us (Squeejee) pause after we decided to read the fine print. Please see read the contract for yourself (http://oneforty.com/terms/ publisher_contract), see our blog post with our concerns (http:// squeejee.com/blog/2009/10/08/questions-for-oneforty) and leave your comments! Laura Fitton, the founder of oneforty.com, has been very receptive and wants to engage in open dialogue about the contract. Please add to the discussion!
[twitter-dev] Re: Source parameter only available through oauth - misses a use case
It's an incentive to move to OAuth. Twitter has made their intentions clear about Basic Auth: They want it to go away. By restricting the source parameter to OAuth requests, they give developers an incentive to move forward. On Sep 15, 4:20 am, Emrah e...@ekanet.net wrote: I totally agree... Ivo, I got the same answers for a pretty similar question some months ago... I do not see the link between the source parameter and how the authentication is made... Cheers! Ivo wrote: Hi, short answer: oauth is for delegated authentication; I'm using direct authentication of my own account. Both are valid use cases, so in my opinion the source parameter should continue to work for the second use case (I can't find a good reason to only support it for delegated authentication) Besides; all the examples you mention are for delegated authentication; it would be weird to have a headless system that is working as a service implement an oauth scheme. greetings, Ivo On Sep 14, 12:09 pm, Andrew Badera and...@badera.us wrote: With all the freely available examples, and all the freely available documentation and support available through oauth.net, what's stopping you from cranking out an OAuth client implementation in 2 hours? OAuth helps prevent, or at least make obvious for the time being, spammers. HTTP Basic Auth has no value here. ∞ Andy Badera ∞ +1 518-641-1280 ∞ This email is: [ ] bloggable [x] ask first [ ] private ∞ Google me:http://www.google.com/search?q=andrew%20badera On Mon, Sep 14, 2009 at 1:48 AM, Ivo i...@epointment.com wrote: Hi, the developer wiki mentions that the source parameter is no longer recommended, because using oauth, twitter can already know the source of messages. However, there are a few use case scenario's that are limited if source is only available through oauth. Oauth is all about delegated authentication. It's about the user granting access to his resources to a service. There are services out there that do not use the user's credentials at all, but use their own account. E.g. I built flackr.net, and it logs in with its own @flackr account to follow its own timeline and aggregate news on a website. I don't need user's credentials at all for that. The Flackr backend is autonomous and runs on a server that has no web frontend, it just fetches data and processes it. It does send out tweets when it has aggregated something interesting. If I were to use oauth in this scenario I would have to build in full oauth support in my backend script, only to login once with my own account to grant myself access. Since this is not about delegated access, I don't need oauth and can authenticate against twitter directly. This is a perfectly good use case scenario, and the source parameter would have to stay in order to support this use case scenario while still providing a different source.
[twitter-dev] Re: Random 408 errors having been appearing the last 48 hours
I'm having this issue as well, and also getting some 405s, which I thought were long gone. On Sep 11, 9:44 am, Jeff Ayars je...@pelago.com wrote: We're using basic auth and having the problem so it's not OAuth related. IP ranges, accounts, curl -vvv and TCP dump of failures sent to a...@twitter yesterday. Seeing ~60% failures and 40% successes also. Haven't heard back from Twitter. Would love to hear something. JEff -Original Message- From: twitter-development-talk@googlegroups.com [mailto:twitter-development-t...@googlegroups.com] On Behalf Of Roy Hooper Sent: Thursday, September 10, 2009 9:04 AM To: Twitter Development Talk Subject: [twitter-dev] Re: Random 408 errors having been appearing the last 48 hours I'm still seeing this recurring problem. Are only oauth users experiencing this? If so, maybe its time for us to give up on OAuth? On Sep 9, 12:16 pm, John Kalucki jkalu...@gmail.com wrote: Point your mobile device through a web proxy that you control. Monitor the traffic there with tcpdump. On Sep 9, 7:07 am, Naveen A knig...@gmail.com wrote: It might be useful if detailed (step by step) instructions of how to generate the debug information twitter needs to track down this HTTP data being returned on the API, I am not sure how much data you are getting but I would really like to provide as much as I possibly can and provide others with the tools to make providing this information as easily as possible. We unfortunately can't easily provide the necessary information as our application runs on a mobile device where we can not easily get the detailed information you require. I understand how to provide the ip address, and the verbose curl request.. Unclear what you are looking for when you are requesting a tcp dump.. I would be happy to attempt to generate this information if it will help expedite solving this problem.. On Sep 7, 10:06 pm, John Kalucki jkalu...@gmail.com wrote: If you are having connection problems like this, please send your IP address, account(s), a curl(1) -vvv trace, and a tcpdump of the failure to a...@twitter.com. -John Kaluckihttp://twitter.com/jkalucki Services, Twitter inc. On Sep 7, 5:02 pm, fablau fabri...@virtualsheetmusic.com wrote: I am having the same issue, most of the times I cannot connect to Twitter, I get 408 error and the API is mostly unusable form my side. I am able to connect just a couple of times every 36-48 hours! Are we the only people having this issue? How that can be possible? Is there any way to contact Twitter folks about this issue? Are they aware of this? Any more thoughts and testimonials about this issue would be appreciated. Thank you for sharing. Best,
[twitter-dev] Re: TTYtter 0.9.7 and 1.0.0-unstable
Congratulations on feature-complete! On Aug 30, 8:16 pm, Cameron Kaiser spec...@floodgap.com wrote: For those who are using TTYtter as an app platform, 0.9.7 was released today which will be the final feature release for the 0.9 branch. Bug fixes only will land for 0.9.8 and 0.9.9, after which the branch will be discontinued in favour of the (hopefully then stabilized) 1.0.x series. The reason this is relevant is that 1.0.0 will introduce several minor but possibly significant incompatibilities which may affect people using it for scripts. There will be plenty of warning and plenty of test versions, but I didn't want to catch people unawares when 0.9 support ends. TTYtter is a Perl 5-based interactive client and Twitter application platform with an extensible API intended for the command line and text environments. http://www.floodgap.com/software/ttytter/ -- personal:http://www.cameronkaiser.com/-- Cameron Kaiser * Floodgap Systems *www.floodgap.com* ckai...@floodgap.com -- BOND THEME NOW PLAYING: Never Say Never Again
[twitter-dev] Re: Some1 Can Explain Me This Process?
I believe that the % values in the signature need to be uppercase, so instead of %2bgUJx2ydmVWdoLgdGrFWfwy0efg%3d your sig should look like %2BgUJx2ydmVWdoLgdGrFWfwy0efg%3D On Aug 27, 3:29 pm, Gustavo Melo pipoc...@gmail.com wrote: I was trying to change my old app for the new OAuth authentication. I'm using *.NET C#* I could get my *token* and *tokenSecret*. Ok. So i try to test *verify_credentials.xml* looks like this:http://twitter.com/account/verify_credentials.xml ?*oauth_consumer_key*=xx *oauth_nonce*=xx *oauth_signature_method*=HMAC-SHA1 *oauth_timestamp*=1251398498 *oauth_token*=xx *oauth_signature*=%2bgUJx2ydmVWdoLgdGrFWfwy0efg%3d And i received this message: *errorCould not authenticate you./error* *But...* If i put this link directly on browser some message box appear with: The API requer a login and password Login: Password: If a put my pass and login i can get the right return: user idX/id namepipocadr/name screen_namepipocadr/screen_name location/ description/ - profile_image_urlhttp://a3.twimg.com/profile_images/299177807/3D_normal.png /profile_image_url url/ *This is the basic auth or oauth? I pass my token and tokenSecret and consumerKey etc... So how can i get the result?* Best Regards
[twitter-dev] Re: Wondering if this would be against TOS
There are other applications already deployed that let you do things like control your computer via Twitter, and I haven't heard any complaining about them with regard to TOS. I have a second Twitter account that I use for testing my application, and I'm not aware of any TOS provision that prohibits this. On Aug 28, 12:24 am, Peter J. Walsh xor.g...@gmail.com wrote: tl;dr: I'm a hobbyist programmer writing an application that passes data to/from devices using twitter, and was wondering if this would be a violation of the TOS? or if you prefer, the longer version: I'm a hobbyist programmer writing an application. An application that controls other applications on a host by receiving data sent to twitter from a remote device such as a cell phone. It's not very far along, so far the only thing it can do is query the status of uTorrent at the request of the remote device and return it through direct messaging, and add torrents passed through a direct message. I was wondering if this portion would constitute spam? The application also requires a person to have two accounts, one for themselves, and one for the application. As a hobbyist programmer I don't really spread my applications around, just to a few people to help test them. So far this particular application has only been sent to one other person. So I was wondering also if this creation of two accounts would cause issues? If this would cause issues, I could rewrite the application to only need one account for all it's users, but this would hinder it's adoption of other applications that don't support a HTTP interface. Of course if any of these things would cause any issues I would be more than willing to discontinue development.
[twitter-dev] Re: get the id's of twitter users who have authenticated with OAuth?
Doing it without the express, explicit consent of the user is sneaky. It's also likely to get your application banned. If it's important to you to know who your users are, ask them to register. But it should always be opt-in. On Aug 25, 11:21 pm, JDG ghil...@gmail.com wrote: I fail to see how knowing the user's screen name only is phoning home or a sneaky thing. On Tue, Aug 25, 2009 at 16:20, Joseph Cheek jos...@cheek.com wrote: I agree. I've seen a lot of resistance to user apps that phone home in the past. Joseph Cheek jos...@cheek.com @cheekdotcom mcdade wrote: Thanks JDG for the advice but I wrote an App, not a webapp. The program runs on the users computer and they auth, I really don't want to do a whole i'm going to quietly send your info to me while you aren't looking. I really dislike when companies put in a some sneaky things to get the user info without the user knowing about it. Twitter really should provide a method of seeing this server side, I guess they don't. -b On Aug 25, 11:44 pm, JDG ghil...@gmail.com wrote: they do. when you get an access token, the screen name and their ID are returned to you along with the token. Use it. Store it. On Tue, Aug 25, 2009 at 15:18, mcdade bmcd...@gmail.com wrote: Bumping on this since no one answered.. And i'm up to 90 users who authed now but I have no idea who they are since i can't search my app's name. Twitter needs to create a way for Developers to track users who are using the product. Look at Facebook, they have amazing tools for the Developer -b On Aug 12, 4:33 pm, mcdade bmcd...@gmail.com wrote: Ok. So I have my app written, I usedoauthto authenticate them since it was easier the storing the password. Anyways I didn't write in anything special to trackusers(or make the follow me) but I would like to see who is using it since I had about 300 downloads on the app but have only about 58 ppl who have authenticated with twitter. Thanks -bryan oh.. and i wrote the app in Cocoa and the framework and code examples suck and mostly don't work. -- Internets. Serious business. -- Internets. Serious business.
[twitter-dev] Re: get the id's of twitter users who have authenticated with OAuth?
Here's the example: 1. You download my desktop Twitter client. 2. You install it and authorize it to your Twitter account. 3. -Without your consent or knowledge-, my Twitter client sends me your screen name. That's unethical. If you don't think so, go ahead and code that into your client and watch your users freak out when they find out that you've been collecting their personal information without your consent. On Aug 26, 9:14 am, JDG ghil...@gmail.com wrote: How could using JUST the screen name -- something that twitter explicitly provides to you -- possibliy get your application banned? I'm failing to see how something that is readily available that Twitter provides for identification purposes is so bad, and despite my respect for many of the developers on this list, I have yet to see a compelling argument for that position. I'm willing to have my mind change, don't get me wrong. But at the same time, I know that there are chances for malicious hijinx in ANY case where the user has granted access to a third-party app, regardless of whether the app has that user's screen name or not. On Wed, Aug 26, 2009 at 02:45, Duane Roelands duane.roela...@gmail.comwrote: Doing it without the express, explicit consent of the user is sneaky. It's also likely to get your application banned. If it's important to you to know who your users are, ask them to register. But it should always be opt-in. On Aug 25, 11:21 pm, JDG ghil...@gmail.com wrote: I fail to see how knowing the user's screen name only is phoning home or a sneaky thing. On Tue, Aug 25, 2009 at 16:20, Joseph Cheek jos...@cheek.com wrote: I agree. I've seen a lot of resistance to user apps that phone home in the past. Joseph Cheek jos...@cheek.com @cheekdotcom mcdade wrote: Thanks JDG for the advice but I wrote an App, not a webapp. The program runs on the users computer and they auth, I really don't want to do a whole i'm going to quietly send your info to me while you aren't looking. I really dislike when companies put in a some sneaky things to get the user info without the user knowing about it. Twitter really should provide a method of seeing this server side, I guess they don't. -b On Aug 25, 11:44 pm, JDG ghil...@gmail.com wrote: they do. when you get an access token, the screen name and their ID are returned to you along with the token. Use it. Store it. On Tue, Aug 25, 2009 at 15:18, mcdade bmcd...@gmail.com wrote: Bumping on this since no one answered.. And i'm up to 90 users who authed now but I have no idea who they are since i can't search my app's name. Twitter needs to create a way for Developers to track users who are using the product. Look at Facebook, they have amazing tools for the Developer -b On Aug 12, 4:33 pm, mcdade bmcd...@gmail.com wrote: Ok. So I have my app written, I usedoauthto authenticate them since it was easier the storing the password. Anyways I didn't write in anything special to trackusers(or make the follow me) but I would like to see who is using it since I had about 300 downloads on the app but have only about 58 ppl who have authenticated with twitter. Thanks -bryan oh.. and i wrote the app in Cocoa and the framework and code examples suck and mostly don't work. -- Internets. Serious business. -- Internets. Serious business. -- Internets. Serious business.
[twitter-dev] Re: get the id's of twitter users who have authenticated with OAuth?
Quitter checks for updates, and like TTYtter it always asks permission and you can turn it off in the configuration menu. If your users have information that you want, ask them for it. If the information has value to you, offer something of value in return. On Aug 26, 11:02 am, Cameron Kaiser spec...@floodgap.com wrote: Here's the example: 1. You download my desktop Twitter client. 2. You install it and authorize it to your Twitter account. 3. -Without your consent or knowledge-, my Twitter client sends me your screen name. That's unethical. If you don't think so, go ahead and code that into your client and watch your users freak out when they find out that you've been collecting their personal information without your consent. Quite. Whether or not it seems logical, it's all about user perception, and most of them are not going to like apps passing on any kind of data without them opting into it. Even the version check in TTYtter is purely opt-in, and that's strictly anonymous. -- personal:http://www.cameronkaiser.com/-- Cameron Kaiser * Floodgap Systems *www.floodgap.com* ckai...@floodgap.com -- I ... I love you! Oh noo! I don't! -- Awful movie, Ranma 1/2 -
[twitter-dev] Re: get the id's of twitter users who have authenticated with OAuth?
Do what zillions of other applications do: Would you like to register your copy of [application name]? We promise not to spam you or sell your email address. Registration will ensure that you know when new versions are released and it lets us know who's using our application! Is this information worth $10/month? Randomly select one registered user each month and send them an iTunes gift card. You'd be AMAZED how much personal information users will give up for something like that. On Aug 25, 6:16 pm, JDG ghil...@gmail.com wrote: Explain why not? I've written apps that can do it. It's a matter of knowing how to parse the user token responses. If you're using an OSS library, you're welcome to change it to suit your needs -- it is, at its core, the beauty of OSS. On Tue, Aug 25, 2009 at 15:55, mcdade bmcd...@gmail.com wrote: Thanks JDG for the advice but I wrote an App, not a webapp. The program runs on the users computer and they auth, I really don't want to do a whole i'm going to quietly send your info to me while you aren't looking. I really dislike when companies put in a some sneaky things to get the user info without the user knowing about it. Twitter really should provide a method of seeing this server side, I guess they don't. -b On Aug 25, 11:44 pm, JDG ghil...@gmail.com wrote: they do. when you get an access token, the screen name and their ID are returned to you along with the token. Use it. Store it. On Tue, Aug 25, 2009 at 15:18, mcdade bmcd...@gmail.com wrote: Bumping on this since no one answered.. And i'm up to 90 users who authed now but I have no idea who they are since i can't search my app's name. Twitter needs to create a way for Developers to track users who are using the product. Look at Facebook, they have amazing tools for the Developer -b On Aug 12, 4:33 pm, mcdade bmcd...@gmail.com wrote: Ok. So I have my app written, I usedoauthto authenticate them since it was easier the storing the password. Anyways I didn't write in anything special to trackusers(or make the follow me) but I would like to see who is using it since I had about 300 downloads on the app but have only about 58 ppl who have authenticated with twitter. Thanks -bryan oh.. and i wrote the app in Cocoa and the framework and code examples suck and mostly don't work. -- Internets. Serious business. -- Internets. Serious business.
[twitter-dev] Re: Suspended Account - Need Help!!!
what is more concerning is that it appears that Twitter just blanketly suspended several of our accounts and our users accounts that had any tweets posted recently from our application. Is it possible that these customers of yours had their accounts suspended for activity that had nothing to do with your application? The fact that they are your users doesn't mean that they are -only- your users. Nor does it mean that their suspensions are related to your application. On Aug 20, 9:52 am, Dewald Pretorius dpr...@gmail.com wrote: Sorry, I was thinking with Basic Auth in mind with my previous replies. Logically, OAuth should work differently. I think the idea is that you shouldn't be able to make any API calls from the app, if the Twitter account from where you registered your application is suspended. Meaning, a suspension would be an effective blackout of your app. I don't know if that's the way Twitter intended it or implemented it. I have not yet added OAuth to my site, so I don't have in-depth knowledge of it. Dewald On Aug 20, 10:03 am, AccountingSoftwareGuy virga.rob...@gmail.com wrote: Oauth
[twitter-dev] Re: help retrieving tweets from other users!
My understanding is that 200 is the limit for retrieving status updates via the REST API. On Aug 20, 4:38 am, raashid bhatt raashidbh...@gmail.com wrote: Hi all i am developing a Desktop client of twitter for self use its actually my first time working on twitter API i want get tweets from other user for that i use user_timeline REST method but for that i can only view latest 200 tweets for that particular user and page parameter don't works with user_id combinations so please suggest me how can i tackle this problem Thanks!
[twitter-dev] Re: Twitter Oauth Integration
1. When Twitter is having issues (like the recent DDoS attacks), OAuth tends to suffer. Basic Auth appears to hold up in these situations. 2. OAuth gives you the same access to the API that Basic Auth does. 3. OAuth requires that all requests to the API be signed as per the OAuth spec, so implementing OAuth has implications beyond just the authentication process. 4. Yes, you should probably start implementing OAuth. Twitter has stated its desire to eventually deprecate Basic Auth. On Aug 20, 5:08 am, vinay vinay0123456...@gmail.com wrote: I'm planning to incorporate the Oauth in my application. But I would like to know the following things. 1. How about Oauth stability/reliability comparing with basic auth? 2. Is there any limitation specific to Oauth? 3. Is there any difference between Oauth and basic auth except the authentication process? 4. Shall we start develop application in Oauth? Please let me know ASAP.
[twitter-dev] Re: help retrieving tweets from other users!
Hm! I stand corrected! Thanks for setting me straight, Jim! On Aug 20, 12:29 pm, jim.renkel james.ren...@gmail.com wrote: Yes, the *per request* limit is 200, but using the page parameter you can retrieve up to the last 3200 status updates. Seehttp://apiwiki.twitter.com/Things-Every-Developer-Should-Know#6Therea... for more information. I've implemented and tested this in my site (http://twxlate.com), and it seems to work as advertised. Hope this helps, Jim On Aug 20, 9:49 am, raashid bhatt raashidbh...@gmail.com wrote: no u didnt understood me .. i know per request the limit is 200 but what about the next 200 tweets how can i get those ( of the other user) On Aug 20, 7:06 am, Duane Roelands duane.roela...@gmail.com wrote: My understanding is that 200 is the limit for retrieving status updates via the REST API. On Aug 20, 4:38 am, raashid bhatt raashidbh...@gmail.com wrote: Hi all i am developing a Desktop client of twitter for self use its actually my first time working on twitter API i want get tweets from other user for that i use user_timeline REST method but for that i can only view latest 200 tweets for that particular user and page parameter don't works with user_id combinations so please suggest me how can i tackle this problem Thanks!
[twitter-dev] Re: Creating Groups
Chris, I've implemented this in my client, which you are free to look at if you feel it would be helpful (http://code.google.com/p/quitter- client). I do a read of the Friends timeline, and display to the user only those tweets from members of the selected group. I do this by checking each status in the timeline to see if it should be displayed or not and setting a Boolean value accordingly. The display code reads the entire timeline and only displays those tweets that are flagged as being from a member of the group. Regards, Duane On Aug 20, 11:32 am, Chris Babcock cbabc...@kolonelpanic.org wrote: On Thu, 20 Aug 2009 07:20:28 -0700 (PDT) Ryan Bell ryan.j.b...@gmail.com wrote: Twitter Groups: I am adding the ability to create custom 'groups' of twitter users to my site. My current approach seems very processor/ twitter api intensive. Can anyone make a recommendation or refer me to a link where I can find information on how I might more efficiently code this feature? Any help is appreciated. Current Approach: 1. User can put n users in a group 2. User clicks their group to view the timeline 3. Iterate through all 'n' users in the group and get the respective user's timelines 4. Merge the timelines into a collection. 5. Sort the timelines by date 6. Bind this collection to the display grid. 7. This timeline is immediately out of date of course so a click of the 'refresh' button triggers the need to do the entire process again. You need a local data store - at least as a cache even if you don't provide permanent storage. You can take a queue from the Twitter API and cache compiled results so that the user isn't causing your site to poll Twitter more frequently than Twitter is willing to give you fresh results. Don't poll each group member's statuses individually. Poll the user's friends/home timeline in aggregate, remove non-members, then merge in those who are member's of the group that your user is not following. Use the since_id parameter to only fetch new statuses. Choose a sort algorithm optimized for a merge of previously sorted data streams. Don't fetch all your streams then sort. Merge your most recent fetch operation while you are executing the next fetch. Find a good book on data access patterns. Best, Chris Babcock
[twitter-dev] Re: Is Twitter completely down at present?
All systems go here.
[twitter-dev] Re: about 8 hours ago from API
Eagle1, In order to customer the from API, your application must authenticate with Twitter using OAuth. There are several libraries available that implement OAuth. What language/platform are you targeting with your development? --Duane On Aug 19, 4:00 pm, Grant Emsley grant.ems...@gmail.com wrote: Of course you can. It's called oAuth. You should check it out. On Aug 19, 3:05 pm, Eagle1 nathan.rud...@gmail.com wrote: Hi there ! I wanted to know if it is possible to remove that text when you tweet from an API. Or to change the API word... thanks for help !
[twitter-dev] Re: Do My Customers Have a Twitter Account?
This is a terrible idea. 1. It's unethical because Twitter users have never authorized Twitter to use their email addresses in this way. The TOS specifically states We claim no intellectual property rights over the material you provide to the Twitter service. Your profile and materials uploaded remain yours. My profile is mine; that includes my email address. 2. It will drive users away from Twitter because they will start getting email that says Hey, we know you use Twitter! Your account name is @DWRoelands! Follow us on Twitter! Users don't like having their email addresses used in ways that surprise them; ESPECIALLY when it results in marketing email that they didn't ask for. Many users will conclude (incorrectly) that Twitter sold their email addresses and that's not the sort of press Twitter needs. 3. It's a spammer's dream; an email-validation system that not only tells you which email addresses are probably good - it also gives you a pile of Twitter usernames to auto-spam-follow. As a developer and a user, I hope Twitter -never- implements this. On Aug 19, 8:12 pm, Jesse Stay jesses...@gmail.com wrote: Here's the use-case we should be considering for this, and I think it's valid and I'd love to see Twitter allow this: With the ability to identify matching Twitter users by e-mail, you can now suggest to your users people in their friends list on your own website that have Twitter accounts and allow them to follow on Twitter as well as your own site. Or vice-versa - if your users are friends on Twitter but not on your site, you can identify this and suggest they become friends on your own site. Facebook allows this by enabling developers to send a hash digest of the user's e-mail address (or group of users e-mail addresses) on your system, and Facebook returns a list of users on Facebook that match those e-mail addresses (with some caveats). No e-mail address is ever revealed and you can match by e-mail that way. I think this would be a very useful feature, especially from a marketing perspective, but from the Ux perspective as well, for Twitter to implement. Jesse On Wed, Aug 19, 2009 at 9:07 AM, arawajy araw...@gmail.com wrote: Dear Developers, I have a list of 400,000 e-mail addresses of my clients. I want to know Is it possible to develop a script to check if they have a twitter account or not?. I will then want to generate 2 separate lists based upon the result; one for the twitter users and one for the non-twitter users. I want to only invite the users and create a custom invitation message. Is it possible to check if the e-mail address's owner is a twitter user or not? provide details please. Thanks and Regards, Mahmoud
[twitter-dev] Re: OAuth on client side
It sounds like what you're looking for is a Javascript library, though I'm not familiar with any. It certainly sounds feasible; you could do Ajax calls to talk to the API. The trick would be in how you choose to persist the OAuth tokens. *wheels turning in head*. A Twitter client that resides completely in a single HTML file. Hm... On Aug 17, 12:47 am, Arseny Slutsky arse...@gmail.com wrote: I can use Twitter from CLient Side... What I am trying to avoid is calling Twitter from Server side 2009/8/17 JDG ghil...@gmail.com How do you expect to use Twitter if you can't get to Twitter? On Sun, Aug 16, 2009 at 09:00, JONNiE` arse...@gmail.com wrote: Hi, I was wondering is there a way to implement OAuth and Twitter functionality without server going out to twitter.com? We have servers that are closed to external websites. Yet the client side application should be Twitter Enabled. Is that possible? -- Internets. Serious business.
[twitter-dev] Re: BOJAN RAJKOVIC - Your DLL is not working!
I agree with Andrew, Bojan. Your work was invaluable to me and I'm sure it has been to others as well. Don't let one ungrateful user run you off. On Aug 14, 4:01 am, Andrew Badera and...@badera.us wrote: On Thu, Aug 13, 2009 at 11:03 PM, Bojan Rajkovicseveredcr...@gmail.com wrote: Hi all, After the recent furor over my OAuth implementation, I've decided to end the project. I don't have the time to maintain it currently (real life work is keeping me busy), and upon some reflection after today's outburst, I've come to feel like I've wasted my time working on the project. If you'd like the source code, just shoot me an e-mail, I'd be more than happy to send you a current SVN checkout (that you can import into another repo and continue working from, if you want, though I can't guarantee anything about the commit history. If you know of a way to export history, please let me know). Many thanks to everyone who's helped me and who's supported me in these threads. --B. Bojan, I think it's unfortunate that one childish jerk would be enough of a pain to cause you to shut down your project, especially considering all the other people who've talked about how helpful you've been. I've only barely used/looked at your work, but even so, it's offered value to me. I certainly don't think you've been wasting your time. ∞ Andy Badera ∞ This email is: [ ] bloggable [x] ask first [ ] private ∞ Google me:http://www.google.com/search?q=(andrew+badera)+OR+(andy+badera)
[twitter-dev] Re: MyTwitterButler.com Legal issues Update 2
I'm afraid I'm not willing to accept Dean's characterization of events since he's been lying from the get go (e.g. claiming Twitter's suing me when nothing of the kind was happening). I give no credibility to those who practice deception in order to win people to their cause. On Aug 14, 7:31 pm, Dewald Pretorius dpr...@gmail.com wrote: Unless something drastic changes in their approach, I think we as a developer community should all rise and give them a standing ovation for a brilliant performance in pissing people off.
[twitter-dev] Re: Can someone suggest a VB.NET Twitter API Interface that works?
Catcalls, Check out Quitter: http://code.google.com/p/quitter-client/ Quitter is a Twitter client that's 100% Visual Basic.NET with a working implementation of OAuth. The classes that are specifically for talking to Twitter are in the TwitterVB namespace/folder. Everything else is the client that I've built on those components. For the record, I started out using the excellent c# Twitterizer library (http://code.google.com/p/twitterizer/). I wanted to add OAuth, so I ported Twitterizer to VB.NET and implemented OAuth afterwards. Regards, --Duane Roelands On Aug 13, 5:48 pm, catcalls g.obrzut3...@ntlworld.com wrote: Hi, I've been using a free Twitter API Interface that was coded in C# and I imported the DLL and it was working fine until I discovered I cannot post spaces to twitter updates! I mean, WHAT!? So, I have basically coded this application with full interaction with this DLL and wasted the past three days of my time because the original coder was too lazy to get it to work for his clients. So, can someone recommend a library that they used and was really pleased with - I don't mind paying a small fee for something that actually works you see. I have a complete app coded that just needs the API Interface to work. I tried rewriting some OAuth code but kept getting nonce errors so I gave up. I might go back to that again though if this request fails as a last resort. I now understand the API authentication procedure a lot more now - and remember the mistakes I was making previously. I might be able to actually code a working class in VB.nET now with my expanded knowledge of the OAuth authentication procedure. But, in the meantime, any one know of a good API for VB.NET to use in the form of a DLL that is Open Source too? This is because I'd really like to take a look at working OAuth/Twitter API code in visual basic .net 2005. Thank you in advance. catcalls
[twitter-dev] Re: BOJAN RAJKOVIC - Your DLL is not working!
I am using this guys library and he really needs to get it sorted for me and the rest of his user base. Um, no he doesn't. Bojan's a great guy who's helped me a great deal, but he doesn't owe you (or me) anything. On Aug 13, 7:50 pm, JDG ghil...@gmail.com wrote: url encoding for space is %20, not 2B On Thu, Aug 13, 2009 at 15:27, catcalls g.obrzut3...@ntlworld.com wrote: Yeah - after much searching I discovered the URL encoding for space is %2B - but this still did not work. I really think there is a problem with oauth.WebRequest() in the DLL? I know there is a Twitter Interface but there is no documentation on how to use it either (that Rackovic wrote) On Aug 13, 9:55 pm, catcalls g.obrzut3...@ntlworld.com wrote: Dim post_data As String = TextBox1.Text Dim url As String = http://twitter.com/statuses/ update.xml?status= post_data Dim xml As String = oauth.WebRequest(RequestMethod.POST, url, String.Empty) This is my code. I'll try URL Encoding the string next. Thanks for the suggestion. On Aug 13, 9:53 pm, Andrew Badera and...@badera.us wrote: Perhaps you need to reconsider your design abstractions -- you should be able to virtually plug and play. You should have an assembly sitting between your app and the Twitter library, if you're using third party, and use your intermediary assembly as an adapter or facade. That makes it a lot simpler to swap the library on the backend. You can also use interfaces for this sort of purpose; I prefer the separate assembly because it reduces regression testing needs when you make changes later. Single-purpose-ish principle. Have you tried encoding the spaces before sending them into his library? ∞ Andy Badera ∞ This email is: [ ] bloggable [x] ask first [ ] private ∞ Google me: http://www.google.com/search?q=(andrew+badera)+OR+(andy+badera)http://www.google.com/search?q=%28andrew+badera%29+OR+%28andy+badera%29 On Thu, Aug 13, 2009 at 4:50 PM, catcallsg.obrzut3...@ntlworld.com wrote: Furthermore - I have wrote an entire program with full Twitter Interfacing from Searching to Following to Finally Updating and now I find I cannot post spaces with the library. I cannot rewrite my entire code base because you suggest LINQ2Twitter. I am using this guys library and he really needs to get it sorted for me and the rest of his user base. Basically, my only work around is to replace spaces with an underscore _ That works. But it looks like garbage. -- Internets. Serious business.
[twitter-dev] Re: How to post spaces to twitter from vb.net?
Catcalls,
I mentioned this on one of the other threads.
My project (http://code.google.com/p/quitter-client/) is a Twitter
client that is 100% Visual Basic.NET with a working implementation of
OAuth.
The classes for talking to Twitter are in the TwitterVB namespace/
folder. The rest is the code for the client itself.
Bojan's work helped me to understand OAuth and he was super helpful to
me when I was struggling. He's a great guy.
Regards,
--Duane Roelands
On Aug 13, 7:18 pm, catcalls g.obrzut3...@ntlworld.com wrote:
Rajkovic,
That is version 0.3 - I'm using 0.1!
I cannot use 0,3 - as for log4net - isn't that a Linux thing? I'm
coding under Visual Studio in XP.
I googled log4net - and Apache links came up? What the hell?
Also, I tried using Twitter.API.Authentication.GetAccessToken and it
fails.
Then I tried modifying my code further to use
Twitter.API.Authentication.GetAuthorisationLink() and it gives a 401.
So, basically, the DLL version 0.1 should be trashed. I know version
0.3 works like you said but I do not have the files required to use
it.
Overall, this has been a disappointing evening. I've spent the last
three days coding this app using Rajkovic's DLL and got the search to
work, follow to work, and update to work. Then I find I cannot post a
update with spaces!?
I mean, c'mon!
Oh, I also imported system.web and encoded the Hi Carla string with
and without the + sign. No luck.
So, basically, I'm looking now for a working DLL for Visual Basic Net
2005.
Any suggestions?
On Aug 13, 11:25 pm, Bojan Rajkovic severedcr...@gmail.com wrote:
On Thu, Aug 13, 2009 at 6:11 PM, catcalls g.obrzut3...@ntlworld.com wrote:
Oh - you really think that, eh? So how does RFC POST work again?
Are you really this thick?
I tried %20 too - it fails. Nothing works because the DLL that
Rackovic wrote is rubbish.
If my DLL is rubbish, then how does this work:
using Twitter.API;
using OAuth;
using System;
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class NoCheckCertificatePolicy : ICertificatePolicy
{
public bool CheckValidationResult (ServicePoint a, X509Certificate b,
WebRequest c, int d)
{
return true;
}
}
class Test
{
static void Main (string[] args)
{
ServicePointManager.CertificatePolicy = new NoCheckCertificatePolicy ();
//Twitter.API.Preferences.Service.SupportsSSL = false;
Twitter.API.Preferences.Authentication.OAuthAuthorizer = new OAuth.Twitter
(myConsumerKey, myConsumerSecret);
Twitter.API.Preferences.Debugging = true;
Twitter.API.Preferences.Authentication.OAuthAuthorizer.Debugging = true;
Console.WriteLine
(Twitter.API.Preferences.Authentication.OAuthAuthorizer.GetAuthorizationLin
k
());
string pin = Console.ReadLine ();
if (Twitter.API.Preferences.Authentication.OAuthAuthorizer.GetAccessToken
(int.Parse (pin)))
Twitter.API.REST.Statuses.Update (Testing status updates., 0);
}
}
That produced this tweet without any
issues:http://twitter.com/bojanrajkovic/status/3295247812
[twitter-dev] Re: FW: Twitter is Suing me!!!
You're not being sued. That's a cease-and-desist letter. You're violating Twitter's trademark by selling a product with Twitter in the name. The legal precedents for this are ironclad. You can't do it. You're violating Twitters terms of service by offering a program that auto-follows thousands of people at a time. Did you really think you were going to get away with that? It doesn't matter if you think it's fair. It doesn't matter who else is doing it. It doesn't even matter if you think you're right: you're not. Stop infringing Twitter's trademark and stop violating their terms of service and they'll leave you alone. It's really not rocket science.
[twitter-dev] Re: FW: Twitter is Suing me!!!
Are any of these developers -selling- their products? You are. Are any of these developers violating the Terms of Service? You are. Just because another website has Twitter in the name doesn't make their situation the same as yours. You made a tool for spammers. You get caught. Get over it. On Aug 12, 10:14 am, Dean Collins d...@cognation.net wrote: So has anyone heard from or know any of the other developers? Did they also get an email last night?
[twitter-dev] Re: 401 Unauthorized...
I'm seeing some app problems this morning as well. Attempting to retrieve the timeline for the authenticated user returns no statuses. On Aug 12, 11:08 am, AccountingSoftwareGuy virga.rob...@gmail.com wrote: Is Twitter still blocking posts to the API from non-white listed apps? Since the DDOS attack we can't seem to send any posts through the API using oAuth. Nothing in our code has changed but all was working prior to the attack. Is anyone out there havine any success sending messages with oauth (non-whitelisted app)??? Can someone/anyone please comment, I need to get our app working but considering our code has not changed I don't want to spend a lot of time chasing something down that is not my fault and out of my control. PLEASE HELP
[twitter-dev] Re: problem: friends/ids occasionally returning empty sets
Yes. When calling statuses/user_timeline to retrieve the recent tweets of the authenticated user, I am occasionally receiving a valid response, but with no statuses. It's happened often enough that I had to code around it. On Aug 12, 2:35 pm, PJB pjbmancun...@gmail.com wrote: Before I bring you back to your regularly scheduled programming concerning intellectual property issues and whether or not someone may or may not be sued, I do have something API-related... Is anyone else experiencing problems today with friends/ids and followers/ids returning empty sets, yet with no errors? The JSON returned does not time out and is well-formed, but there are zero ids returned, when the queried for user clearly has friends/followers. This problem occurs intermittently. Anyone else?
[twitter-dev] Re: twitter Apis not working
I'm still having API issues On Aug 10, 10:11 am, John Kalucki jkalu...@gmail.com wrote: Sultan, All functionality should have been restored on Sunday before noon, but various actions may be slow and sometimes time out. Have you read:http://groups.google.com/group/twitter-development-talk/browse_frm/th... ? Please retest your app and send a...@twitter.com detailed information about exactly what is failing, including your IP address. Thanks, John Kaluckihttp://twitter.com/jkalucki Services, Twitter Inc. On Aug 10, 5:13 am, Sultan Saadat sultansaa...@gmail.com wrote: i think the reprecussions of the DDOS attack on twitter are still prevailing. My application is still unable to access anything and i cannot register my new application. Some issue with api limit and the oauth module. The past 2 days have been frustrating for me. When will twitter fix all issues?
[twitter-dev] Re: Twitter Update, 8/9 noon PST
My users are seeing these as well. On Aug 10, 10:22 am, Dewald Pretorius dpr...@gmail.com wrote: Just to let you guys know that 502 Bad Gateway responses are coming thick and fast this morning (Monday). Dewald
[twitter-dev] Re: Twitter Update, 8/9 10am PST
When calling http://twitter.com/statuses/user_timeline.xml via OAuth (no id passed, looking for information on the authenticated user), I am seeing this response: ?xml version=1.0 encoding=UTF-8? statuses type=array / statuses Not sure if that's in the list of things being monitored, but there you go. On Aug 9, 1:42 pm, Dewald Pretorius dpr...@gmail.com wrote: On Aug 9, 2:34 pm, Ryan Sarver rsar...@twitter.com wrote: I will continue to give ongoing updates every 5-6 hours throughout the day even if nothing has changed so that you know we are still focused on it. Now THAT'S what we're talking about! Thank you Ryan. It may not seem important to busy Twitter folks to report status even when there is nothing new to report, but with an outage of this duration it is absolutely essential, because it keeps everyone's temperatures down. Dewald
[twitter-dev] Re: Problem with in reply to status id
Difficult to spot the error without knowing the values of message
and in inreply.
Are you sure these values are correctly populated when this code
executes?
On Aug 6, 4:25 pm, digi ishmeetah...@gmail.com wrote:
I hate to bump this... but I need help... anybody
On Aug 6, 9:39 am, digi ishmeetah...@gmail.com wrote:
hello there,
I have been trying to fix this for so long but It is not working.
I am developing a wndows mobile application for twitter in C# am
trying to reply to a status id. The message gets posted but it is not
posted as a reply but just an update message. I dont know what I am
missing... Please help. I am pasting my code too
//Code
postString = source=MyAppstatus= + Uri.EscapeUriString(message) +
in_reply_to_status_id= + Uri.EscapeUriString(inreply);
HttpWebRequest webRequest = (HttpWebRequest)
WebRequest.Create(sendTweetUrl);
NetworkCredential credentials = new NetworkCredential
(Username, Password);
webRequest.Credentials = credentials;
ASCIIEncoding encoding = new ASCIIEncoding();
byte[] postData = encoding.GetBytes(postString);
webRequest.Method = POST;
webRequest.Timeout = 2;
webRequest.ContentLength = postData.Length;
webRequest.AllowWriteStreamBuffering = true;
webRequest.ProtocolVersion = HttpVersion.Version11;
webRequest.ProtocolVersion = HttpVersion.Version10;
try
{
using (Stream outStream = webRequest.GetRequestStream
())
{
outStream.Write(postData, 0, postData.Length);
outStream.Flush();
}
}
catch (Exception ex)
{
throw new customException(Connection
unsuccessful., ex);
}
try
{
using (HttpWebResponse response = (HttpWebResponse)
webRequest.GetResponse())
{
using (StreamReader reader = new StreamReader
(response.GetResponseStream()))
{
reader.ReadToEnd();
}
}
}
catch (WebException ex)
{throw new customException(Update unsuccessful., ex);}
Let me know if there is anything I am missing.
in btw I am also including the @username in the reply to the status
id.
Is there anything else?
[twitter-dev] Re: 401 Unauthorized
I think Twitter is still experiencing issues from this morning's DDOS attack. I've been working on code tonight and things were working swimmingly and now my app can't connect. On Aug 6, 8:38 pm, Goldbird softserv...@gmail.com wrote: Are anyone experiencing 401 Unauthorized errors? Everything worked fine before yesterday. Now we are getting 401 Unauthorized on both basic authorization and OAuth on 80% of the calls. Other 20% works fine. What's happening?
[twitter-dev] Re: Sign in with Twitter
If your users don't understand why they're seeing the Twitter login screen, then your application needs to do a better job of explaining it. On Aug 4, 2:05 pm, John Kristian jmkrist...@gmail.com wrote: a user who's focused on the application won't see the first page and wonder, Why must I log in to Twitter? I want to use application, not the Twitter website.
[twitter-dev] Re: set the from [Application]
If you're developing a new application, you -must- use OAuth if you want the From line to display your application's name. It used to work for Basic Auth, but Twitter disabled that. Applications that had been working when they disabled it were grandfathered in, but apps created after that point must use OAuth to have access to this feature. On Aug 3, 6:47 am, Sam Street sam...@gmail.com wrote: I've had this difficulty too, with the 'source' parameter being ignored. I recommend using OAuth which handles it all fine. I'm weary about providing my password to apps these days On Aug 3, 6:49 am, Pek wushup...@gmail.com wrote: how do you set the from field when you tweet from the API. Right now mine says from API. I'd like it to say from [My Application] I've set all the fields necessary from the apps settings
[twitter-dev] Re: Submitting Actionscript OAuth Library
This is a good question. I'd like to submit the TwitterOAuth library I use for .NET, as well. On Aug 2, 4:15 am, Coderanger d...@coderanger.com wrote: I have created an Actionscript class and examples for using OAuth in Flex/Air. How do I go about adding this to the OAuth examples page for others to use?
[twitter-dev] Re: Showing Twitter profile information on OAuth sites - rate limit problem
Caching the data seems like the right solution. Profile ins't the sort of stuff that changes daily. I would think you could update an individual profile daily (or less). On Aug 1, 7:14 pm, Scott Aikin haw...@gmail.com wrote: I've got an OAuth site that lets people register through Twitter to create a profile and post to my site. When you see comments or posts by these users I show their Twitter profile information and have been retrieving it with users/show. The problem is that I can only show this information 150 times each hour which quickly runs out. What is the best-practices method for accomplishing this? Do I need to cache their profile information and update it via my crontab? I like the real-time nature of my current solution, but with the 150 limit it's just not going to work. Any suggestions?
[twitter-dev] Replying to direct messages
The direct_messages/new request does not accept any sort of in-reply- to parameter. Am I correct in assuming that a reply to a direct message is sent as a normal status update via statuses/update (with in_reply_to_status_id set and the username in the text). Does Twitter know that in_reply_to_status_id was a direct message and send the reply as a direct message? How do I ensure that a reply to a direct message is correctly sent as a direct message?
[twitter-dev] Obtaining a list of valid recipients for direct messages
If I understand correctly, in order to send a direct message to another user, we must be mutual followers; he must be following me and I must be following him. Now, I could call friends/ids and then followers/ids and use the intersection of those two calls. That seems like an awful lot of data to pull down to get to a much smaller subset. Is there a more direct way, perhaps a method call I have overlooked?
[twitter-dev] Re: Obtaining a list of valid recipients for direct messages
Ah, I see. I was misled by the Twitter.com website. If go to Twitter.com and select Direct Messages on the right, you are taken to a screen with a dropdown list for selecting the recipient. That dropdown does -not- have all of my followers in it. But, I see that if I browse to the profile of one of my followers, I can send them a direct message from there. Thanks, Abraham! Followup: Twitter Devs, what's the rationale for not showing all potential recipients in the dropdown? On Jul 31, 9:12 am, Abraham Williams 4bra...@gmail.com wrote: This is incorrect. Account A can send DMs to any accounts that are following account A. Account A does not having to be following the accounts receiving the DMs. Abraham On Fri, Jul 31, 2009 at 07:25, Duane Roelands duane.roela...@gmail.comwrote: If I understand correctly, in order to send a direct message to another user, we must be mutual followers; he must be following me and I must be following him. Now, I could call friends/ids and then followers/ids and use the intersection of those two calls. That seems like an awful lot of data to pull down to get to a much smaller subset. Is there a more direct way, perhaps a method call I have overlooked? -- Abraham Williams | Community Evangelist |http://web608.org Hacker |http://abrah.am|http://twitter.com/abraham Project |http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private. Sent from Madison, Wisconsin, United States
[twitter-dev] Re: 2 week advance notice: changes to /friends/ids and /followers/ids
Thanks for the heads-up on this change! Good show. On Jul 31, 3:06 pm, Isaiah supp...@yourhead.com wrote: First off, thanks for the heads up and giving us a large lead time. It's what I asked for in a previous email, and even if you never read that email and this isn't a response to me at all. I'll say thanks anyway, because it's great. :-) But, forgive me if I'm off base, but you're saying this change is going to happen just like a switch. One minute the API will behave one way, then next minute the API will behave differently? Doesn't this level of behavior change merit a bit of a deprecation period where both behaviors function? After a sudden change any app still using the old behavior is guaranteed to fail. If the app fixes early then it will fail up until the api change. In other words, ALL APPS that use this api call WILL be guaranteed to FAIL for some period of time. That seems like a pretty ugly prospect. Many api temper this sort of change in behavior by adding a new method call or a new argument to the method call. And for some period of time letting both function while marking the old method deprecated, use at the risk of being abandoned without warning at the next update. This lets apps update from one functioning call to another functioning call without users experiencing any downtime. I understand that some changes might need to be rolled in quickly to avert infrastructure disaster or to patch security holes, but with 2 weeks notice, I'm guessing that's not what we're dealing with here. Isaiah YourHead Software supp...@yourhead.comhttp://www.yourhead.com On Jul 31, 2009, at 11:09 AM, Arik Fraimovich wrote: On Jul 31, 9:03 pm, Alex Payne a...@twitter.com wrote: To clarify, since several people have asked: this pending change does NOT mean that pagination is required. You can still attempt to retrieve all IDs in one call, but be aware that this is likely to time out or fail for users with large social graphs. What is defined as large social graphs? -- Arik Fraimovich follow me on twitter:http://twitter.com/arikfr
[twitter-dev] Re: OAuth URLEncode for VB.NET Libraries
Here's TwitterOAuth.vb, the OAuth class I'm using for my Twitter client. http://dpaste.com/73411/ This is a VB.NET port of Shannon Whitley's C# class, with a few tweaks and extensions. My client's still a 0.5 alpha, so it's entirely possible that there are still holes in this. If you find any, I'd be grateful to know so I can fix them. On Jul 30, 12:53 pm, Ney Garcia neygar...@gmail.com wrote: Hi guys, I have gone into the same problem : my app uses OAuth to post tweets and went ok over the weekend but on Monday, Twitter started refusing OAuth posts. My app then tries to post using basic method, and it works. I also implemented OAuth using Shannon Whitley's example, which I transformed in a Web Service. I saw Duane's VB code but I havent noticed what has changed from original UrlEncode method. Would you give me any help ? Thanks in advance. Ney. On 28 jul, 15:13, Duane Roelands duane.roela...@gmail.com wrote: My application appears to be back in the game, after some corrections to my url encoding. I've posted the code here (http://dpaste.com/hold/ 72568/) for the benefit of other VB.NET developers. This is a VB.NET port of the URLEncode method found in the Twitter/ OAuth class from Shannon Whitley and Eran Sandler. They rock. Hopefully, this gets you guys back in the game as well.
[twitter-dev] Re: OAUTH: Basic Auth is simpler/more reliable/more secure/better received than OAuth!?
OAuth lets you access the Twitter service without giving your Twitter credentials to anyone but Twitter. Basic Auth requires you to give your Twitter credentials to someone other than Twitter. Therefore, OAuth is more secure than Basic Auth. This is not rocket science. On Jul 30, 7:07 pm, Bradley S. O'Hearne brad.ohea...@gmail.com wrote: In that case, OAuth *still* requires production of credentials to a complete stranger. Because it supposedly redirects to the Twitter web site for authentication doesn't save you from the either originating web site, the browser, or the machine itself spoofing the redirect -- I mean you've already labeled them a complete stranger, so you have to allow now for that possibility. Additionally, that login directly into Twitter also doesn't save you from keyboard logging or phishing on the machine -- or, and I'm not 100% sure on this one but I think it is possible, malicious browser plugins. So here we get into the issue of not just a single trusted / non-trusted app, but whether it is a trusted box or not. Perhaps I'm still ignorant, but unless I've completely missed the boat, credentials are still being produced -- i mean, at some point they have to be, otherwise they wouldn't be credentials, something else would be. I think what I'm really responding to here is the lack of context given to discussions surrounding OAuth's security -- there are blanket statements being made about not giving a stranger passwords, and OAuth somehow solving that. Well, that stranger happens to be the machine you've chosen to trust. Just because OAuth exists, it doesn't make Twittering or accessing Twitter data from Facebook on an Internet Cafe computer any safer necessarily. There is a degree of trust somewhere that is being trusted as a beginning prerequisite. I do not believe there is a no-trust scenario here. What I really want to hear stated, or read on a FAQ, is the pre-requisite security trust, that in that scenario, it necessarily makes OAuth superior to basic authentication. Brad On Jul 30, 2009, at 11:52 AM, Duane Roelands wrote: Brad, Encryption on disk and encryption over the wire are not the issues and really don't have very much to do with the Basic vs. OAuth decision. The most important issue I see is that Basic Auth requires you to give your Twitter credentials to a person you do not know. This is a BAD IDEA. Basic Auth is great for prototyping and testing and getting the core functionality of your app working, but at some point you should bit the bullet and implement OAuth. It's better for your customers (security) and it's better for you because your customers can use your application with peace of mind. If YOU wouldn't hand over YOUR Twitter credentials to a stranger, it's silly to expect your users to do so. On Jul 30, 11:40 am, Bradley S. O'Hearne brad.ohea...@gmail.com wrote: In conclusion, as I've been reading this thread, the thing I keep coming back to is that OAuth vs. Basic Auth seems somewhat a secondary argument -- the real issue is encrypting over the wire (HTTPS) and encryption on disk, and whether those can be cracked (or are being used as they should). From a developer standpoint, given that the cracking of encryption seems outside the scope of concerns with the Twitter API, what is analog is which one serves the user better -- and I think it is clear that the Basic Auth case has fewer steps and quicker to the result. Please correct my misperceptions if I'm wrong, as I'd love to hear what details I've overlooked. Regards, Brad On Jul 30, 2009, at 1:29 AM, Dmitriy V'jukov wrote: On Jul 28, 3:27 pm, chinaski007 chinaski...@gmail.com wrote: I suppose this is not so weird. Users are accustomed to giving user/ pass information even to foreign apps. Agree. Anyway, if user just setups desktop app to his computer, he already gives it much more than just login/password to some service. And then there is 1000 and 1 way how app can then get all needed info passing over user. -- Dmitriy V'jukov
[twitter-dev] Re: OAUTH: Basic Auth is simpler/more reliable/more secure/better received than OAuth!?
First, let me state from the start that I am no fan of OAuth, Twitter's implementation of it, or the way that they've behaved with regard to it. Now, with all that being said. If your website expects me to hand over my Twitter password, I'm not using your web site. Just yesterday, another scam site (TwitViewer) managed to steal thousands of accounts, and convince other people to hand over their information because it was posting tweets from the stolen accounts. OAuth is not perfect, but it provides individual users and Twitter with a way to identify bad actors and lock them out of the ecosystem. OAuth works. There are examples out there. There are developers who are willing to help you. Implementing OAuth tells your customers that the security of their account is important to you, and shutting down Basic Auth trains your users to stop giving away their password. If your product has value, and you clearly communicate what that value is, the users will use OAuth. On Jul 29, 9:10 am, Dewald Pretorius dpr...@gmail.com wrote: It would not surprise me at all if using OAuth resulted in fewer signups. Potential technical advantages of OAuth aside, every additional click that you add in the conversion process adds an addition leakage point where some users can and will abandon the signup process.
[twitter-dev] Re: Twitter: What did you change in OAuth?
Looks like it's more than spaces. Looks like other characters are affected and URLPathEncode isn't handling it. Has -anyone- heard -anything- from Twitter? On Jul 28, 6:16 am, scotth_uk satsc...@gmail.com wrote: It's quite funny I suppose, been using basic auth forever, last week change over to OAuth...today, concidering going back, give a couple of years to iron out the bugs and maybe try again. I'm using Abraham Williams' PHP twitter OAuth library, I don't suppose anyone has found a fix for this? getting simply 'Invalid signature' is about as helpful as an unknown error occurred Cheers. On Jul 28, 6:23 am, chinaski007 chinaski...@gmail.com wrote: Confirmed. Google Playground does not work.
[twitter-dev] Re: Protected Resources requests need not be signed by the Consumer secret?
I've been using both consumer keys to sign all of my requests from day one. I still think the issue is related to URL encoding somehow, because I can successfully post tweets if they don't contain troublesome characters (apostrophe, for example). But, so long as Twitter remains silent, we'll never know. On Jul 25, 7:37 am, srikanth yaradla srikanth.yara...@gmail.com wrote: Hi I am newbie and i need clarification for the following 1)OAuth 1.0 specification says All Token requests and Protected Resources requests MUST be signed by theConsumer But twitter doesnt seem to verify the signature for all requests. I found out that signing the request byconsumersecretis required only for generating request token and requestsecret. But for subsequent requestsconsumersecretis not required. ex requesting access tokens or any protected resource (ex fetch direct messages). Is this desired behavior?. Does twitter verify the signature at all for protected resource requests? (i verified with blankconsumersecretwhich means the request is signed only by accesssecret) Or Am i missing something? 2) i am planning to write a desktop application. To protect theconsumersecreti am trying to introduce a proxy which generates the request tokens/secrets, access tokens/secrets. Ifconsumersecretis not required for signing protected resource requests this setup would work fine with me. But the OAuth specification says you require both accesssecretandconsumersecretto sign the request http://oauth.net/core/1.0/#anchor30 Experienced devs please clarify. Regards Srikanth
[twitter-dev] Re: Protected Resources requests need not be signed by the Consumer secret?
I have the same issue with my application. Desktop apps are forced to either embed the consumer keys in source code or construct some sort of elaborate server mechanism. There's no good answer here. When my application approaches 1.0 release, I'll probably use Dotfuscator or something similar to help protect the keys that are in the source. It won't stop a determined attacker, but it will at least deter the less-determined ones. On Jul 28, 10:38 am, srikanth reddy srikanth.yara...@gmail.com wrote: I dont think you got my point. Whether you were signing using both secrets or one secret doesnt matter because twitter wasnt verifying signature at all. Now they have fixed this and all your protected service requests must be signed by both secrets. My problem is how to protect the consumer secret. Looks like i cant protect it as this is the case with desktop clients using oauth On Tue, Jul 28, 2009 at 6:30 PM, Duane Roelands duane.roela...@gmail.comwrote: I've been using both consumer keys to sign all of my requests from day one. I still think the issue is related to URL encoding somehow, because I can successfully post tweets if they don't contain troublesome characters (apostrophe, for example). But, so long as Twitter remains silent, we'll never know. On Jul 25, 7:37 am, srikanth yaradla srikanth.yara...@gmail.com wrote: Hi I am newbie and i need clarification for the following 1)OAuth 1.0 specification says All Token requests and Protected Resources requests MUST be signed by theConsumer But twitter doesnt seem to verify the signature for all requests. I found out that signing the request byconsumersecretis required only for generating request token and requestsecret. But for subsequent requestsconsumersecretis not required. ex requesting access tokens or any protected resource (ex fetch direct messages). Is this desired behavior?. Does twitter verify the signature at all for protected resource requests? (i verified with blankconsumersecretwhich means the request is signed only by accesssecret) Or Am i missing something? 2) i am planning to write a desktop application. To protect theconsumersecreti am trying to introduce a proxy which generates the request tokens/secrets, access tokens/secrets. Ifconsumersecretis not required for signing protected resource requests this setup would work fine with me. But the OAuth specification says you require both accesssecretandconsumersecretto sign the request http://oauth.net/core/1.0/#anchor30 Experienced devs please clarify. Regards Srikanth
[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst
My stuff is based on Shannon Whitley's as well. Do you mind sharing where specifically you had to make the changes? On Jul 28, 11:40 am, Zaudio si...@z-audio.co.uk wrote: I don't myself think that twitter are doing anything more than enforcing the standard. I spent 3 hours 'fixing' my code for our application (uses Shannon Whitley's c# library as a base); I only found two bugs in thelibrary that caused any problem... the use of httputility.urlencode in place of the modified urlencode already implemented for use with Oauth, as required by the spec... the library just wasn't using it in two places.
[twitter-dev] OAuth URLEncode for VB.NET Libraries
My application appears to be back in the game, after some corrections to my url encoding. I've posted the code here (http://dpaste.com/hold/ 72568/) for the benefit of other VB.NET developers. This is a VB.NET port of the URLEncode method found in the Twitter/ OAuth class from Shannon Whitley and Eran Sandler. They rock. Hopefully, this gets you guys back in the game as well.
[twitter-dev] Re: Potential Solution To OAuth Problem
Check this thread for a solution for VB.NET libraries (and perhaps a good starting point for other languages). http://groups.google.com/group/twitter-development-talk/browse_thread/thread/734a29fd71d7fdd9# On Jul 28, 8:19 pm, JDG ghil...@gmail.com wrote: You shouldn't use java.net.URLEncoder as it encodes more characters than the OAuth spec specifies should be encoded. On Tue, Jul 28, 2009 at 14:12, ks91 ks91...@gmail.com wrote: The + - %20 solution seems to work for me. I am writing my own OAuth library in Java, and java.net.URLEncoder encodes the space character to +. There could be a better way, but replacing the resulted + with %20, status update on Twitter now seems to work. -- Internets. Serious business.
[twitter-dev] Re: Twitter: What did you change in OAuth?
Check this thread for a solution for VB.NET libraries (and perhaps a good starting point for other languages). http://groups.google.com/group/twitter-development-talk/browse_thread/thread/734a29fd71d7fdd9# On Jul 28, 7:50 pm, unVOXT unv...@gmail.com wrote: other threads suggest resolution by checking and changing the method of url encoding. On Jul 28, 12:27 am, Duane Roelands duane.roela...@gmail.com wrote: Simply telling developers that something changed is not sufficient information to help us get our applications back online. We need specific information concerning which part of the signature generation/validation was changed.
[twitter-dev] Re: How to use Twitter to sign out ? calling to end_session does not work
I'm not familiar with End_Session, but couldn't you just clear the OAuth Token and TokenSecret? That would effectively sign you out because you'd need to reauthenticate. On Jul 28, 11:21 pm, CG learn@gmail.com wrote: Hi, I am developing a simple Web App that use sign in with twitter , where the app will automatically redirect to twitter.com/oauth/authenticate(with request token/secret of course) if user is not authenticated. It works well until I need to add a sign out function in my App. I use the end_session API and I get an error Logged out. which I think actually is loggout successfully (I came across a ticket mentioning about this) I thought that after signing out from my app, when I revisit the same page , I supposed to be redirect to the sign in page but unfortunately , it seems like successfully authenticate me and redirect back to my app without required any authentication. I did a test on this by calling to end_session , and go to another browser tab , to accesswww.twitter.com, it seems like I am still not sign out from Twitter .. Anybody face this problem ? what is the solution for this ? without this function , my app is useless , because user can only sign out at twitter.com or clear the cache/cookie in browser. Cheers . CG
[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst
I am receiving 401 (Unauthorized) when calling http://twitter.com/statuses/update.xml and passing the following querystring: oauth_consumer_key=[removed] oauth_nonce=912352oauth_signature_method=HMAC- SHA1oauth_timestamp=1248748647oauth_token=19068738- hKO8qRlHPfJWqRHRkd62dGb4IiyXaXUy35Cqz58oauth_version=1.0status=This +is+a+testoauth_signature=Fl0kqJdHY5MkvxjUZQ%2bFn%2fxGORo%3d This code was working this afternoon and has not been changed. On Jul 27, 10:38 pm, goodtest goodtest...@gmail.com wrote: Are we sure there is no further regression bug in this new fix? On Jul 27, 7:14 pm, Doug Williams d...@twitter.com wrote: If you are still seeing errors you should check your code to ensure that you are sending the correct signature. Thanks, Doug On Mon, Jul 27, 2009 at 7:10 PM, winrich winric...@gmail.com wrote: mine broke too. i wonder though, i'm using the oauth python libraries On Jul 27, 6:35 pm, chinaski007 chinaski...@gmail.com wrote: Doug: Does this mean that Marcel made a fix for this? Or rather that we should examine our code to find the culprit? Thanks, Peter Bray On Jul 27, 6:24 pm, Doug Williams d...@twitter.com wrote: Updating you guys on this problem. A bug was reported off list that informed us we were not always verifying signatures. Today we shipped a fix for this problem which ensures that we are correctly verifying signatures. If you are still seeing invalid signature errors you should examine your code and ensure you are correctly signing requests as per the spec. Thanks, Doug On Mon, Jul 27, 2009 at 6:05 PM, Doug Williams d...@twitter.com wrote: Marcel is shipping a fix for this as I type. Thanks, Doug 2009/7/27 João Pereira joaomiguel.pere...@gmail.com Same here. On Tue, Jul 28, 2009 at 1:26 AM, goodtest goodtest...@gmail.com wrote: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst
[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst
You introduced a breaking change into the API with no warning and no help for developers as to the specifics of what we need to fix? Developers need better support than that. Is there some reason why posting updates to some accounts would work and posting to others would not? Using the same code, I'm able to post to my development test account but not to my personal account. On Jul 27, 10:59 pm, Doug Williams d...@twitter.com wrote: As stated above, some applications were sending invalid signatures which we were accepting as valid. This vulnerability was pointed out by a developer. Some libraries and code which may have previously worked may be broken by this security fix. Thanks, Doug On Mon, Jul 27, 2009 at 7:44 PM, Duane Roelands duane.roela...@gmail.comwrote: I am receiving 401 (Unauthorized) when calling http://twitter.com/statuses/update.xml and passing the following querystring: oauth_consumer_key=[removed] oauth_nonce=912352oauth_signature_method=HMAC- SHA1oauth_timestamp=1248748647oauth_token=19068738- hKO8qRlHPfJWqRHRkd62dGb4IiyXaXUy35Cqz58oauth_version=1.0status=This +is+a+testoauth_signature=Fl0kqJdHY5MkvxjUZQ%2bFn%2fxGORo%3d This code was working this afternoon and has not been changed. On Jul 27, 10:38 pm, goodtest goodtest...@gmail.com wrote: Are we sure there is no further regression bug in this new fix? On Jul 27, 7:14 pm, Doug Williams d...@twitter.com wrote: If you are still seeing errors you should check your code to ensure that you are sending the correct signature. Thanks, Doug On Mon, Jul 27, 2009 at 7:10 PM, winrich winric...@gmail.com wrote: mine broke too. i wonder though, i'm using the oauth python libraries On Jul 27, 6:35 pm, chinaski007 chinaski...@gmail.com wrote: Doug: Does this mean that Marcel made a fix for this? Or rather that we should examine our code to find the culprit? Thanks, Peter Bray On Jul 27, 6:24 pm, Doug Williams d...@twitter.com wrote: Updating you guys on this problem. A bug was reported off list that informed us we were not always verifying signatures. Today we shipped a fix for this problem which ensures that we are correctly verifying signatures. If you are still seeing invalid signature errors you should examine your code and ensure you are correctly signing requests as per the spec. Thanks, Doug On Mon, Jul 27, 2009 at 6:05 PM, Doug Williams d...@twitter.com wrote: Marcel is shipping a fix for this as I type. Thanks, Doug 2009/7/27 João Pereira joaomiguel.pere...@gmail.com Same here. On Tue, Jul 28, 2009 at 1:26 AM, goodtest goodtest...@gmail.com wrote: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst
[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst
I would start by looking at the OAuth spec at Section 9 - Signing Process. RTFM is not a helpful answer, especially when many developers are relying on libraries that they did not write. It's not unreasonable to expect some advance notice on breaking changes to the API or guidance on what specifically was changed. On Jul 27, 11:45 pm, chinaski007 chinaski...@gmail.com wrote: This is frustrating for those of us relying on authentication libraries which now may no longer work. The apparent solution is to either recode the possibly problematic library oneself, or encourage users to swap to Basic Authentication. While I certainly understand Twitter's need to ensure that everything is secure on their end, this is another unannounced API change (like the verify_credentials limit last week) that leaves some of us in the lurch. On Jul 27, 8:35 pm, Chad Etzel jazzyc...@gmail.com wrote: I would start by looking at the OAuth spec at Section 9 - Signing Process. http://oauth.net/core/1.0a#signing_process In fact, if you (meaning everyone) have never read the whole spec, you need to. -Chad On Mon, Jul 27, 2009 at 11:31 PM, goodtestgoodtest...@gmail.com wrote: Yeah, I agree, can you please point out what (in general) we might be doing wrong? I still think you probably have a further-regression bug.
