[twitter-dev] What's the best way to verify a signature?
Hi, After three days of working my way through OAuth, I am getting tired and frustrated. I am so close yet so far. 1) So far I have registered my application and got the consumerKey secret 2) I have used those to get the request token secret. I was able to generate the correct signature to get this wor work. 3) I have used the token to login to twitter and allow my app access. With that I get a PIN. 4) I am using the PIN as the oauth_verifier. 5) I am trying to get the access token now. I am using the same algorithm to generate the signature that I use without fail to create the signature to get the request token (so it has worked correctly), with the exception that I have the added oauth_token and oauth_verifier parameters. I think that everything is encoded and sorted correctly. The parameters I use to create the signature is shown in this pseudo base-string: POSThttp://twitter.com/oauth/access_tokenoauth_consumer_key=ck- encodedoauth_nonce=nonce-encodedoauth_signature_method=signature- method-encodedoauth_timestamp=timestamp- encodedoauth_token=request-token-encodedoauth_verifier=pin- encoded In addition, the URL part is RFC3986 encoded as well as everything after the second (all the params in a single string). This complete string is then hashed using HMAC-SHA1 with the ConsumerSecret. I never seem to use the token secret so I don't know what that is for What am I doing wrong at this point? To unsubscribe from this group, send email to twitter-development-talk+unsubscribegooglegroups.com or reply to this email with the words REMOVE ME as the subject.
[twitter-dev] Is there support for the OAuth 2-legged model?
Hi, I am building an app that will programmatically update my twitter status every hour or so. It will update my status from a server running without any interaction from me. From what I have learned, I should use OAuth rather than basic authentication. It seems that basic authentication is to shut down June 2010 (which seems rather soon). I have spent a day and a restless night reading OAuth specs and then dreaming about them all night long :( I am guessig that I need the 2- legged model rather than the 3-legged model as there is to be no user interaction and my consumer application wants access to a single user resource only - a resource it is directly tied to. Hence my application is both the consumer and the user. I have read the 2007 spec that was put out on the 2-legged model. I have also read the most recent OAuth 1.0a spec which seems to ignore the 2-legged model. Doing a search for 2-legged or two-legged on this website yields nothing which make me think that what I am trying to do - programmatically update a user status - isn't something anyone would want to do. As that seems totally unlikely, I am wondering if I am totally barking up the wrong tree. Can something help point me in the right direction? Thanks, Grant To unsubscribe from this group, send email to twitter-development-talk+unsubscribegooglegroups.com or reply to this email with the words REMOVE ME as the subject.
[twitter-dev] Re: Is there support for the OAuth 2-legged model?
So let me see if I get this right. If I mock up some code to get an access token after I have done the manual login thingy, I should then be able to use that access token from my server indefinitely - without fear of it expiring or going away for one reason or another. Is my understanding correct? I had given this some thought last night, but if seemed that it would be fragile. On Mar 23, 9:31 am, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi all, We don't yet support two-legged OAuth but see value in its use for actions requiring client application authorization but not necessarily user-based authentication. As Raffi notes, we're implementing it now. However, two-legged OAuth does not necessarily solve the issue you're looking to solve, actions requiring an actor like tweeting, favoriting, etc. would still require an OAuth access token. In the case of a single purpose application with a single user, you would leverage OAuth to exchange your own credentials for an access token which you could then re-use indefinitely for the single-user use case of your application. Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Tue, Mar 23, 2010 at 9:19 AM, Lil Peck lilp...@gmail.com wrote: On Tue, Mar 23, 2010 at 10:50 AM, Grantcv1 grant.vergott...@gmail.com wrote: Hi, I am building an app that will programmatically update my twitter status every hour or so. It will update my status from a server running without any interaction from me. From what I have learned, I should use OAuth rather than basic authentication. It seems that basic authentication is to shut down June 2010 (which seems rather soon). I share your concern! I use Classic ASP (Yes, there are many of us still using it it because we like it!) and I have a classified ads on my site that automatically sends a tweet out to announce whenever a new ad has been posted. For my needs, Oauth seems to be convoluted and bloated. I've spotted lots of Classic ASP users searching for an Oauth solution for their code. I'm trying to understand it to figure out how to adapt my app to it, but I may have to give up the automatic tweets. :( To unsubscribe from this group, send email to twitter-development-talk+ unsubscribegooglegroups.com or reply to this email with the words REMOVE ME as the subject.- Hide quoted text - - Show quoted text - To unsubscribe from this group, send email to twitter-development-talk+unsubscribegooglegroups.com or reply to this email with the words REMOVE ME as the subject.
