[twitter-dev] Re: Widgets above Slimbox/lilghtbox
OK, i figured it out myself, I'll write solution here if someone needs
this.
First, put div tags around your tweeter widget code like this:
/* here is your tweeter widget code */
Then in css file wtite this:
#tweets .twtr-timeline {
z-index: 0;
}
On Feb 13, 12:47 pm, Ivan wrote:
> Twitter wigdets are displaying above lightbox gallery, here is
> example:http://i.imgur.com/QwYFE.jpg
>
> This is an old problem
> (http://groups.google.com/group/twitter-development-talk/browse_thread...
> ) but I haven't find solution yet.
--
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group:
http://groups.google.com/group/twitter-development-talk
[twitter-dev] Widgets above Slimbox/lilghtbox
Twitter wigdets are displaying above lightbox gallery, here is example: http://i.imgur.com/QwYFE.jpg This is an old problem ( http://groups.google.com/group/twitter-development-talk/browse_thread/thread/79df37343715b2cb ) but I haven't find solution yet. -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] User ID reuse
Is there guarantee that ID will never be reused by another user? I mean, for example, if I delete account does it mean that my ID will be assigned to someone in the future?
[twitter-dev] Re: What's up with OAuth?
This is good news. This has taken ages to solve though. We came up with a solution at Tipjoy, told everyone about it, but no one bothered. Clients are largely to blame for the continued commonness of asking for passwords: http://tipjoy.com/api/#authentication Ivan http://kirigin.com On Feb 11, 8:36 pm, Ryan Alford wrote: > He specifically states the possibility for mobile apps to use xAuth. > > Ryan > > Sent from my DROID > > On Feb 11, 2010 11:27 PM, "kehers" wrote: > > Talking xAuth, hope mobile apps count as 'applications except web > applications'
Re: [twitter-dev] Re: Possibility to link to the user page not by the name but by the id.
Yeap. But. 1. I have incorrect URL, that i can't use immediately. I mean for the every URL i can't be sure that guid is not changed for this username, so i can't be sure that every URL is correct. So for each URL 2. I have to find out the correct link with the help of 3. One or several request to the twitter API 4. If that URL is already in my database, i have to replace it with the new one, or better search for all records with this URL and replace old URL with the new one. It's unacceptable price for the absence of just one additional (and very chip for the twitter) functionality in the API. Ivan. On Sun, Jan 31, 2010 at 6:41 PM, Michael Steuer wrote: > If user is no longer the same user as the one that posted status id > , then the link http://twitter.com//statuses/ would no longer > be valid (as the NEW user is not the owner of the status id). > > > > On Jan 30, 2010, at 11:40 PM, Ivan Glushkov wrote: > >> Actually i can't. >> For example, i get some link like >> http://twitter.com/AAA/statuses/11, for the message that was >> posted month ago. I can't be sure if the current user AAA has the same >> guid as the AAA month ago. >> If i had the link like http://twitter.com/redirect?id=111&status=222 i >> would be sure that it's the same user and the same status for that >> user. >> >> Ivan. >> >> >> On Sun, Jan 31, 2010 at 9:36 AM, Michael Ivey >> wrote: >>> >>> You could do this internally in your application, using statuses/show to >>> make sure you have the correct user info before redirecting. >>> -- ivey >>> >>> >>> On Sat, Jan 30, 2010 at 4:06 AM, Ivan Glushkov >>> wrote: >>>> >>>> Oh, thanks, Abraham! That's great! >>>> >>>> But why isn't it documented anywhere? >>>> And is there any way to redirect to some status of this user? >>>> I mean smth like >>>> http://twitter.com/account/redirect_by_id?id=9436992&status=3 >>>> ??? >>>> >>>> Thanks once more, >>>> Ivan. >>>> >>>> >>>> On Fri, Jan 29, 2010 at 11:37 PM, Abraham Williams <4bra...@gmail.com> >>>> wrote: >>>>> >>>>> Actually Twitter does support it. >>>>> http://twitter.com/account/redirect_by_id?id=9436992 >>>>> Abraham >>>>> >>>>> On Wed, Jan 27, 2010 at 06:42, Ivan wrote: >>>>>> >>>>>> Hi. >>>>>> >>>>>> I don't need an application that is able to handle this. Instead i >>>>>> need changes in the twitter API so i can refer to the users and their >>>>>> statuses using the user id, not the username. This is a problem for >>>>>> the aggregator, and there users (so it become also a problem for the >>>>>> twitter users). >>>>>> >>>>>> Is there any plan in this direction? >>>>>> >>>>>> Ivan. >>>>>> >>>>>> >>>>>> On 21 янв, 06:03, Abraham Williams <4bra...@gmail.com> wrote: >>>>>>> >>>>>>> I remember this topic coming up before and it seems like someone >>>>>>> built >>>>>>> an >>>>>>> application that handled this but I can't find any references to it. >>>>>>> Maybe >>>>>>> somebody else can? >>>>>>> >>>>>>> Abraham >>>>>>> >>>>>>> >>>>>>> >>>>>>> On Wed, Jan 20, 2010 at 06:29, Ivan wrote: >>>>>>>> >>>>>>>> Hi. >>>>>>> >>>>>>>> I tried to find the similar question here (in google groups), in >>>>>>>> the >>>>>>>> FAQ and in the API, but couldn't find anything. >>>>>>> >>>>>>>> The problem: >>>>>>>> Cross-posting the links to the user page and to some his statuses >>>>>>>> in >>>>>>>> the web become more and more popular. But, as i understood, you >>>>>>>> can't >>>>>>>> guarantee that this links not long after would not change the >>>>>>>> logical >>>>>>>> destination. For example I create some post
Re: [twitter-dev] Re: Possibility to link to the user page not by the name but by the id.
Oh, no! I haven't found it! I added comment in my issue that it's duplicate, but i don't know how to close it. On Sun, Jan 31, 2010 at 3:44 AM, Andy Freeman wrote: > Argh! > > I opened such a feature request late last November AND you commented > on it late last December. > > See http://code.google.com/p/twitter-api/issues/detail?id=1242 . > > On Jan 30, 11:17 am, Abraham Williams <4bra...@gmail.com> wrote: >> There does not appear to be. You could open an feature request and maybe >> Twitter will augment ithttp://code.google.com/p/twitter-api/issues/entry. >> >> Abraham >> >> >> >> >> >> On Sat, Jan 30, 2010 at 02:06, Ivan Glushkov wrote: >> > Oh, thanks, Abraham! That's great! >> >> > But why isn't it documented anywhere? >> > And is there any way to redirect to some status of this user? >> > I mean smth like >> >http://twitter.com/account/redirect_by_id?id=9436992&status=3 >> > ??? >> >> > Thanks once more, >> > Ivan. >> >> > On Fri, Jan 29, 2010 at 11:37 PM, Abraham Williams <4bra...@gmail.com> >> > wrote: >> > > Actually Twitter does support it. >> > >http://twitter.com/account/redirect_by_id?id=9436992 >> > > Abraham >> >> > > On Wed, Jan 27, 2010 at 06:42, Ivan wrote: >> >> > >> Hi. >> >> > >> I don't need an application that is able to handle this. Instead i >> > >> need changes in the twitter API so i can refer to the users and their >> > >> statuses using the user id, not the username. This is a problem for >> > >> the aggregator, and there users (so it become also a problem for the >> > >> twitter users). >> >> > >> Is there any plan in this direction? >> >> > >> Ivan. >> >> > >> On 21 янв, 06:03, Abraham Williams <4bra...@gmail.com> wrote: >> > >> > I remember this topic coming up before and it seems like someone built >> > >> > an >> > >> > application that handled this but I can't find any references to it. >> > >> > Maybe >> > >> > somebody else can? >> >> > >> > Abraham >> >> > >> > On Wed, Jan 20, 2010 at 06:29, Ivan wrote: >> > >> > > Hi. >> >> > >> > > I tried to find the similar question here (in google groups), in the >> > >> > > FAQ and in the API, but couldn't find anything. >> >> > >> > > The problem: >> > >> > > Cross-posting the links to the user page and to some his statuses in >> > >> > > the web become more and more popular. But, as i understood, you >> > can't >> > >> > > guarantee that this links not long after would not change the >> > logical >> > >> > > destination. For example I create some post about some twitter-user >> > >> > > "aaa" and give the link "twitter.com/aaa" >> > >> > > After that user “aaa” changed name to "bbb" and user "ddd" changed >> > >> > > name to "aaa". So my old link now points to the different person. >> >> > >> > > This problem becomes more serious for the aggregators that don't >> > know >> > >> > > what content they might approve after a while. >> >> > >> > > The simplest decision would be providing the possibility to link to >> > >> > > the user not by name but also by id. That pages might be just >> > >> > > redirections to the original user pages, it doesn't matter. >> >> > >> > > For example >> > >> > > if the user “aaa” have id 11, the following two links should >> > point >> > >> > > to the same page: >> > >> > > twitter.com/aaa and twitter.com/id/11 >> >> > >> > > This mechanism should also be applied for the statuses: >> > >> > > twitter.com/id/11/statuses/22 >> >> > >> > > Ivan. >> >> > >> > -- >> > >> > Abraham Williams | Moved to Seattle | May cause email delays >> > >> > Project | Intersect |http://intersect.labs.poseurtech.com >> > >> > Hacker |http://abrah.am|http://twitter.com/abraham >> > >> > This email is: [ ] shareable [x] ask first [ ] private. >> > >> > Sent from Seattle, WA, United States >> >> > > -- >> > > Abraham Williams | Moved to Seattle | May cause email delays >> > > Project | Out Loud |http://outloud.labs.poseurtech.com >> > > Hacker |http://abrah.am|http://twitter.com/abraham >> > > This email is: [ ] shareable [x] ask first [ ] private. >> > > Sent from Seattle, WA, United States >> >> -- >> Abraham Williams | Community Advocate |http://abrah.am >> Project | Out Loud |http://outloud.labs.poseurtech.com >> This email is: [ ] shareable [x] ask first [ ] private. >> Sent from Seattle, WA, United States- Hide quoted text - >> >> - Show quoted text - >
Re: [twitter-dev] Re: Possibility to link to the user page not by the name but by the id.
Actually i can't. For example, i get some link like http://twitter.com/AAA/statuses/11, for the message that was posted month ago. I can't be sure if the current user AAA has the same guid as the AAA month ago. If i had the link like http://twitter.com/redirect?id=111&status=222 i would be sure that it's the same user and the same status for that user. Ivan. On Sun, Jan 31, 2010 at 9:36 AM, Michael Ivey wrote: > You could do this internally in your application, using statuses/show to > make sure you have the correct user info before redirecting. > -- ivey > > > On Sat, Jan 30, 2010 at 4:06 AM, Ivan Glushkov wrote: >> >> Oh, thanks, Abraham! That's great! >> >> But why isn't it documented anywhere? >> And is there any way to redirect to some status of this user? >> I mean smth like >> http://twitter.com/account/redirect_by_id?id=9436992&status=3 >> ??? >> >> Thanks once more, >> Ivan. >> >> >> On Fri, Jan 29, 2010 at 11:37 PM, Abraham Williams <4bra...@gmail.com> >> wrote: >> > Actually Twitter does support it. >> > http://twitter.com/account/redirect_by_id?id=9436992 >> > Abraham >> > >> > On Wed, Jan 27, 2010 at 06:42, Ivan wrote: >> >> >> >> Hi. >> >> >> >> I don't need an application that is able to handle this. Instead i >> >> need changes in the twitter API so i can refer to the users and their >> >> statuses using the user id, not the username. This is a problem for >> >> the aggregator, and there users (so it become also a problem for the >> >> twitter users). >> >> >> >> Is there any plan in this direction? >> >> >> >> Ivan. >> >> >> >> >> >> On 21 янв, 06:03, Abraham Williams <4bra...@gmail.com> wrote: >> >> > I remember this topic coming up before and it seems like someone >> >> > built >> >> > an >> >> > application that handled this but I can't find any references to it. >> >> > Maybe >> >> > somebody else can? >> >> > >> >> > Abraham >> >> > >> >> > >> >> > >> >> > On Wed, Jan 20, 2010 at 06:29, Ivan wrote: >> >> > > Hi. >> >> > >> >> > > I tried to find the similar question here (in google groups), in >> >> > > the >> >> > > FAQ and in the API, but couldn't find anything. >> >> > >> >> > > The problem: >> >> > > Cross-posting the links to the user page and to some his statuses >> >> > > in >> >> > > the web become more and more popular. But, as i understood, you >> >> > > can't >> >> > > guarantee that this links not long after would not change the >> >> > > logical >> >> > > destination. For example I create some post about some twitter-user >> >> > > "aaa" and give the link "twitter.com/aaa" >> >> > > After that user “aaa” changed name to "bbb" and user "ddd" changed >> >> > > name to "aaa". So my old link now points to the different person. >> >> > >> >> > > This problem becomes more serious for the aggregators that don't >> >> > > know >> >> > > what content they might approve after a while. >> >> > >> >> > > The simplest decision would be providing the possibility to link to >> >> > > the user not by name but also by id. That pages might be just >> >> > > redirections to the original user pages, it doesn't matter. >> >> > >> >> > > For example >> >> > > if the user “aaa” have id 11, the following two links should >> >> > > point >> >> > > to the same page: >> >> > > twitter.com/aaa and twitter.com/id/11 >> >> > >> >> > > This mechanism should also be applied for the statuses: >> >> > > twitter.com/id/11/statuses/22 >> >> > >> >> > > Ivan. >> >> > >> >> > -- >> >> > Abraham Williams | Moved to Seattle | May cause email delays >> >> > Project | Intersect |http://intersect.labs.poseurtech.com >> >> > Hacker |http://abrah.am|http://twitter.com/abraham >> >> > This email is: [ ] shareable [x] ask first [ ] private. >> >> > Sent from Seattle, WA, United States >> > >> > >> > >> > -- >> > Abraham Williams | Moved to Seattle | May cause email delays >> > Project | Out Loud | http://outloud.labs.poseurtech.com >> > Hacker | http://abrah.am | http://twitter.com/abraham >> > This email is: [ ] shareable [x] ask first [ ] private. >> > Sent from Seattle, WA, United States > >
Re: [twitter-dev] Re: Possibility to link to the user page not by the name but by the id.
Thanks a lot, Abraham! I've created it. http://code.google.com/p/twitter-api/issues/detail?id=1412 Ivan. On Sat, Jan 30, 2010 at 10:17 PM, Abraham Williams <4bra...@gmail.com> wrote: > There does not appear to be. You could open an feature request and maybe > Twitter will augment it http://code.google.com/p/twitter-api/issues/entry. > Abraham > > On Sat, Jan 30, 2010 at 02:06, Ivan Glushkov wrote: >> >> Oh, thanks, Abraham! That's great! >> >> But why isn't it documented anywhere? >> And is there any way to redirect to some status of this user? >> I mean smth like >> http://twitter.com/account/redirect_by_id?id=9436992&status=3 >> ??? >> >> Thanks once more, >> Ivan. >> >> >> On Fri, Jan 29, 2010 at 11:37 PM, Abraham Williams <4bra...@gmail.com> >> wrote: >> > Actually Twitter does support it. >> > http://twitter.com/account/redirect_by_id?id=9436992 >> > Abraham >> > >> > On Wed, Jan 27, 2010 at 06:42, Ivan wrote: >> >> >> >> Hi. >> >> >> >> I don't need an application that is able to handle this. Instead i >> >> need changes in the twitter API so i can refer to the users and their >> >> statuses using the user id, not the username. This is a problem for >> >> the aggregator, and there users (so it become also a problem for the >> >> twitter users). >> >> >> >> Is there any plan in this direction? >> >> >> >> Ivan. >> >> >> >> >> >> On 21 янв, 06:03, Abraham Williams <4bra...@gmail.com> wrote: >> >> > I remember this topic coming up before and it seems like someone >> >> > built >> >> > an >> >> > application that handled this but I can't find any references to it. >> >> > Maybe >> >> > somebody else can? >> >> > >> >> > Abraham >> >> > >> >> > >> >> > >> >> > On Wed, Jan 20, 2010 at 06:29, Ivan wrote: >> >> > > Hi. >> >> > >> >> > > I tried to find the similar question here (in google groups), in >> >> > > the >> >> > > FAQ and in the API, but couldn't find anything. >> >> > >> >> > > The problem: >> >> > > Cross-posting the links to the user page and to some his statuses >> >> > > in >> >> > > the web become more and more popular. But, as i understood, you >> >> > > can't >> >> > > guarantee that this links not long after would not change the >> >> > > logical >> >> > > destination. For example I create some post about some twitter-user >> >> > > "aaa" and give the link "twitter.com/aaa" >> >> > > After that user “aaa” changed name to "bbb" and user "ddd" changed >> >> > > name to "aaa". So my old link now points to the different person. >> >> > >> >> > > This problem becomes more serious for the aggregators that don't >> >> > > know >> >> > > what content they might approve after a while. >> >> > >> >> > > The simplest decision would be providing the possibility to link to >> >> > > the user not by name but also by id. That pages might be just >> >> > > redirections to the original user pages, it doesn't matter. >> >> > >> >> > > For example >> >> > > if the user “aaa” have id 11, the following two links should >> >> > > point >> >> > > to the same page: >> >> > > twitter.com/aaa and twitter.com/id/11 >> >> > >> >> > > This mechanism should also be applied for the statuses: >> >> > > twitter.com/id/11/statuses/22 >> >> > >> >> > > Ivan. >> >> > >> >> > -- >> >> > Abraham Williams | Moved to Seattle | May cause email delays >> >> > Project | Intersect |http://intersect.labs.poseurtech.com >> >> > Hacker |http://abrah.am|http://twitter.com/abraham >> >> > This email is: [ ] shareable [x] ask first [ ] private. >> >> > Sent from Seattle, WA, United States >> > >> > >> > >> > -- >> > Abraham Williams | Moved to Seattle | May cause email delays >> > Project | Out Loud | http://outloud.labs.poseurtech.com >> > Hacker | http://abrah.am | http://twitter.com/abraham >> > This email is: [ ] shareable [x] ask first [ ] private. >> > Sent from Seattle, WA, United States > > > > -- > Abraham Williams | Community Advocate | http://abrah.am > Project | Out Loud | http://outloud.labs.poseurtech.com > This email is: [ ] shareable [x] ask first [ ] private. > Sent from Seattle, WA, United States
Re: [twitter-dev] Re: Possibility to link to the user page not by the name but by the id.
Oh, thanks, Abraham! That's great! But why isn't it documented anywhere? And is there any way to redirect to some status of this user? I mean smth like http://twitter.com/account/redirect_by_id?id=9436992&status=3 ??? Thanks once more, Ivan. On Fri, Jan 29, 2010 at 11:37 PM, Abraham Williams <4bra...@gmail.com> wrote: > Actually Twitter does support it. > http://twitter.com/account/redirect_by_id?id=9436992 > Abraham > > On Wed, Jan 27, 2010 at 06:42, Ivan wrote: >> >> Hi. >> >> I don't need an application that is able to handle this. Instead i >> need changes in the twitter API so i can refer to the users and their >> statuses using the user id, not the username. This is a problem for >> the aggregator, and there users (so it become also a problem for the >> twitter users). >> >> Is there any plan in this direction? >> >> Ivan. >> >> >> On 21 янв, 06:03, Abraham Williams <4bra...@gmail.com> wrote: >> > I remember this topic coming up before and it seems like someone built >> > an >> > application that handled this but I can't find any references to it. >> > Maybe >> > somebody else can? >> > >> > Abraham >> > >> > >> > >> > On Wed, Jan 20, 2010 at 06:29, Ivan wrote: >> > > Hi. >> > >> > > I tried to find the similar question here (in google groups), in the >> > > FAQ and in the API, but couldn't find anything. >> > >> > > The problem: >> > > Cross-posting the links to the user page and to some his statuses in >> > > the web become more and more popular. But, as i understood, you can't >> > > guarantee that this links not long after would not change the logical >> > > destination. For example I create some post about some twitter-user >> > > "aaa" and give the link "twitter.com/aaa" >> > > After that user “aaa” changed name to "bbb" and user "ddd" changed >> > > name to "aaa". So my old link now points to the different person. >> > >> > > This problem becomes more serious for the aggregators that don't know >> > > what content they might approve after a while. >> > >> > > The simplest decision would be providing the possibility to link to >> > > the user not by name but also by id. That pages might be just >> > > redirections to the original user pages, it doesn't matter. >> > >> > > For example >> > > if the user “aaa” have id 11, the following two links should point >> > > to the same page: >> > > twitter.com/aaa and twitter.com/id/11 >> > >> > > This mechanism should also be applied for the statuses: >> > > twitter.com/id/11/statuses/22 >> > >> > > Ivan. >> > >> > -- >> > Abraham Williams | Moved to Seattle | May cause email delays >> > Project | Intersect |http://intersect.labs.poseurtech.com >> > Hacker |http://abrah.am|http://twitter.com/abraham >> > This email is: [ ] shareable [x] ask first [ ] private. >> > Sent from Seattle, WA, United States > > > > -- > Abraham Williams | Moved to Seattle | May cause email delays > Project | Out Loud | http://outloud.labs.poseurtech.com > Hacker | http://abrah.am | http://twitter.com/abraham > This email is: [ ] shareable [x] ask first [ ] private. > Sent from Seattle, WA, United States
[twitter-dev] Re: Possibility to link to the user page not by the name but by the id.
Hi. I don't need an application that is able to handle this. Instead i need changes in the twitter API so i can refer to the users and their statuses using the user id, not the username. This is a problem for the aggregator, and there users (so it become also a problem for the twitter users). Is there any plan in this direction? Ivan. On 21 янв, 06:03, Abraham Williams <4bra...@gmail.com> wrote: > I remember this topic coming up before and it seems like someone built an > application that handled this but I can't find any references to it. Maybe > somebody else can? > > Abraham > > > > On Wed, Jan 20, 2010 at 06:29, Ivan wrote: > > Hi. > > > I tried to find the similar question here (in google groups), in the > > FAQ and in the API, but couldn't find anything. > > > The problem: > > Cross-posting the links to the user page and to some his statuses in > > the web become more and more popular. But, as i understood, you can't > > guarantee that this links not long after would not change the logical > > destination. For example I create some post about some twitter-user > > "aaa" and give the link "twitter.com/aaa" > > After that user “aaa” changed name to "bbb" and user "ddd" changed > > name to "aaa". So my old link now points to the different person. > > > This problem becomes more serious for the aggregators that don't know > > what content they might approve after a while. > > > The simplest decision would be providing the possibility to link to > > the user not by name but also by id. That pages might be just > > redirections to the original user pages, it doesn't matter. > > > For example > > if the user “aaa” have id 11, the following two links should point > > to the same page: > > twitter.com/aaa and twitter.com/id/11 > > > This mechanism should also be applied for the statuses: > > twitter.com/id/11/statuses/22 > > > Ivan. > > -- > Abraham Williams | Moved to Seattle | May cause email delays > Project | Intersect |http://intersect.labs.poseurtech.com > Hacker |http://abrah.am|http://twitter.com/abraham > This email is: [ ] shareable [x] ask first [ ] private. > Sent from Seattle, WA, United States
[twitter-dev] Possibility to link to the user page not by the name but by the id.
Hi. I tried to find the similar question here (in google groups), in the FAQ and in the API, but couldn't find anything. The problem: Cross-posting the links to the user page and to some his statuses in the web become more and more popular. But, as i understood, you can't guarantee that this links not long after would not change the logical destination. For example I create some post about some twitter-user "aaa" and give the link "twitter.com/aaa" After that user “aaa” changed name to "bbb" and user "ddd" changed name to "aaa". So my old link now points to the different person. This problem becomes more serious for the aggregators that don't know what content they might approve after a while. The simplest decision would be providing the possibility to link to the user not by name but also by id. That pages might be just redirections to the original user pages, it doesn't matter. For example if the user “aaa” have id 11, the following two links should point to the same page: twitter.com/aaa and twitter.com/id/11 This mechanism should also be applied for the statuses: twitter.com/id/11/statuses/22 Ivan.
[twitter-dev] Re: Alert: "Twitpocalypse II" coming Friday, September 11th - make sure you can handle large status IDs!
Call me crazy, but I store any data from a 3rd party in strings. Typically, I used a text blob to store some serialized object (like json or a python pickle) which maximizes flexibility. For the tweet id, I think I used 64 chars. In about 10 years, after I've cleared all the other higher priority and more impactful optimizations, I might think about dealing with this again. Ivan http://kirigin.com On Sep 10, 5:48 am, JDG wrote: > and if they are, just store the twos complement of the ID in the DB and do > the math when you retrieve if it's negative. :) > > > > > > On Thu, Sep 10, 2009 at 00:12, Rob Ashton wrote: > > I've always just stored as 64bit integers, I'd assumed that 32bit > > wouldn't be enough. > > > Now, if it goes above 64bit then I'm screwed, because neither my language > > or database have built in support for that! :P > > > *From:* JDG > > *Sent:* Thursday, September 10, 2009 4:21 AM > > *To:* twitter-development-talk@googlegroups.com > > *Subject:* [twitter-dev] Re: Alert: "Twitpocalypse II" coming Friday, > > September 11th - make sure you can handle large status IDs! > > > if you were on signed32 you'd have had a problem a long time ago. not quite > > sure why people haven't just taken to treating/storing as strings -- sure > > there's a bit more overhead mem/storage-wise, but you don't have to change > > your code every few months. > > > On Wed, Sep 9, 2009 at 16:45, Joseph Cheek wrote: > > >> Twitter is in league with Al Qaida! You heard it first here, folks! > > >> Ok, seriously, this message I wrote wasn't worth the electrons it took > >> to transmit it... let's see if I can increase the s2n ratio: > > >> 4294967296, that an unsigned 32-bit int? ok, fair enough. i know some > >> of my apps use signed 64bit ints, but i'm not sure about the db... will > >> need to check... might be signed32... > > >> Joseph Cheek > >> jos...@cheek.com,www.cheek.com > >> twitter:http://twitter.com/cheekdotcom > > >> Nicholas Moline wrote: > >> > And nobody thought about the significance of accelerating anything > >> > called a *pocolypse to be on the anniversary of a date that thousands > >> > died in a terrorist attack Tactful Twitter... Real Tactful > > >> > On Wed, Sep 9, 2009 at 1:00 PM, Alex Payne >> > <mailto:a...@twitter.com>> wrote: > > >> > Sorry, an error in phrasing. It was previously mentioned that this > >> > change was pending. We had not previously announced a date for the > >> > change. > > >> > Normally, we prefer to provide more advance notice where possible, > >> but > >> > I'm letting you all know immediately after our operations team > >> > informed me that it was necessary to make this change on Friday. > > >> > On Wed, Sep 9, 2009 at 12:13, Hwee-Boon Yar >> > <mailto:hweeb...@gmail.com>> wrote: > > >> > > May I know when and where was it mentioned that it will be > >> > > artificially increased this coming Friday? > > >> > > -- > >> > > Hwee-Boon > > >> > > On Sep 10, 2:49 am, Alex Payne >> > <mailto:a...@twitter.com>> wrote: > >> > >> As mentioned previously, the Twitter operations team > >> > willartificially > >> > >> increase the maximum status ID to 4294967296 this coming Friday, > >> > >> September 11th. This action is part of routine database > >> > upgrades and > >> > >> maintenance. > > >> > >> If your Twitter API application stores status IDs, please be > >> > sure that > >> > >> your datastore is configured to handle integers of that size. > >> > Thanks. > > >> > >> -- > >> > >> Alex Payne - Platform Lead, Twitter, Inc.http://twitter.com/al3x > > >> > -- > >> > Alex Payne - Platform Lead, Twitter, Inc. > >> > http://twitter.com/al3x > > > -- > > Internets. Serious business. > > -- > Internets. Serious business.
[twitter-dev] tatatweet.com is live: open source premium app using Tipjoy + Twitter
Hi All, Check out http://tatatweet.com Tatatweet takes multiple twitter accounts and feeds them to a single account. For example: http://twitter.com/TeamTipjoy is both @abbyxmix and @ikirigin It's a premium twitter app that costs 99¢ per month. Payments are handled through Tipjoy's API In fact, this was built by Tipjoy as an example application using our API. Here is the source: http://bit.ly/git_tatatweet Please copy it :-D We built in a pretty cool referral system too. Post a link formatted like http://tatatweet.com/r// and you'll get 20% of any money from signups. It's paid out from http://twitter.com/TatatweetLove Here would be my referral link: http://tatatweet.com/r/ikirigin/ We hope this makes it easier to build on top of the Tipjoy twitter payments API. There is still plenty of time to enter Tipjoy's API contest: http://tipjoy.com/APIcontest First prize is a MacBook Air. Ivan http://tipjoy.com
[twitter-dev] charities on twitter
Hi Folks, Lots of apps center around charities, so I thought you mind find a recent survey I took interesting. I asked @tipjoy's followers what their favorite charity on twitter is. Here is the result. Not surprisingly, there is a long tail. http://bit.ly/charities_on_twitter Here was the survey: http://bit.ly/usaTI My guess is there are 10X that many charities, with some bigger ones missing. @charitywater if a suggested account, so is probably the biggest on Twitter, despite the count. Copy and remix the data if you think something is missing. Best, Ivan http://tipjoy.com ps: ~2 weeks left in Tipjoy twitter payments API contest! http://tipjoy.com/APIcontest
[twitter-dev] in lieu of @replies, need better filters for applications
Hi, The recent @replies issue is a big problem for applications. I think either the user needs to be given control, or API access needs to be more flexible. There are a multitude of apps that act like an echo of a set of users. That is a really hard problem to solve if you aren't following the whole set. In place of getting the friend stream, you would need to poll each individually. With the API access limits, that inherently prevents an app to scale beyond a few thousand users. For example, in Tipjoy, we look for payment commands. We do this in 3 ways: - Poll the search API across all Twitter users for keyword like 'tip' 'give' ,etc. Lots of users tweet the letter 'p' though - Poll that same search but for an individual user in Tipjoy. This takes a long time to cycle through all our users - Poll @tipjoy's friends_timeline looking for payments The third is by far the best option. But the change hurts the effort as any payment from a user formatted like: "@ev p $2" wouldn't get caught. Another app I'm building is @tatatweet**. It takes a set of twitter users, and feeds their tweets to a single account. For example, @TeamTipjoy is a test account that feeds tweets from Tipjoy employees. Rather than poll each account individually, the app will make the target account follow the sources. But every tweet starting with an @reply will get filtered out, for no good reason as far as the app is concerned. I think one potential solution (in case the product people don't act) is to give apps the ability to poll a set of users, with raw tweets and all @replies. The model of having an app "follow" a user is a bit klunky anyway. Enable api endpoints to create, edit and share filters, which are sets of users and perhaps a regex in place to filter the users. This would also prevent the annoying following limits from being a problem. If a user account is protected, mandate that your service authenticate as the user to add them to the filter. I'd pay for this. Generally, changes put in place for a better user experience shouldn't hurt applications. Users and apps are different. Best, Ivan http://tipjoy.com ** @tatatweet is an open source premium twitter app built using Tipjoy's API http://bit.ly/git_tatatweet Please copy the code
[twitter-dev] Tipjoy allows API access via OAuth
Hi, We just updated the Tipjoy Twitter Payments API to let 3rd parties use OAuth for authorization. To our knowledge, this is the first twitter app mashup based on OAuth. Read more about it: http://tipjoy.com/api/#authentication http://tipjoys2cents.blogspot.com/2009/04/twitter-applications-can-now-use-tipjoy.html And try it out! We did it by asking for a pre-signed Authentication header to the verify_credentials Twitter REST API endpoint. We ping that endpoint, and if it works, the call is authenticated. Again, try it out and let me know what you think. If you haven't heard, we're holding an API contest too :-D http://tipjoy.com/apicontest/ Ivan http://tipjoy.com
[twitter-dev] Re: 403 on valid request to friendships/create/ if friendship already exists
This could also just be a bug in the python code I'm using - maybe
even something in urllib2 going wrong.
Here is a bit of my code for reference, a function which makes an HTTP
POST with a username & password. For an existing friendship, this will
throw an exception printed out as:
HTTP Error 403: Forbidden
import sys
import urllib2
import urlparse
import json
def twitter_post_pw(url, data, twitter_username, twitter_password):
encoded_data = twitter_encode(data)
realm = "Twitter API"
(scheme, netloc, path, params, query, fragment) = urlparse.urlparse
(url)
handler = urllib2.HTTPBasicAuthHandler()
handler.add_password(realm, netloc, twitter_username,
twitter_password)
opener = urllib2.build_opener(handler)
try:
o = opener.open(url, encoded_data)
return json.read( o.read() )
except:
for e in sys.exc_info():
print e
return False
def twitter_encode( data ):
return urllib.urlencode(dict([(k, unicode(v).encode('utf-8')) for
k, v in data.items()]))
On Apr 17, 12:01 pm, Matt Sanford wrote:
> Hi all,
>
> We're not seeing the 403s in our normal logs but we've seen a few
> in responses. We're looking into the issue and I'll send out more info
> when I have it.
>
> — Matt
>
> On Apr 17, 2009, at 07:27 AM, Abraham Williams wrote:
>
> > This seems to indicate it too.
>
> > The 403 Forbidden HTTP status code indicates that the client was
> > able to communicate with the server, but the server doesn't let the
> > user access what was requested.
>
> >http://en.wikipedia.org/wiki/HTTP_403
>
> > On Fri, Apr 17, 2009 at 07:46, Ivan wrote:
>
> > Hi,
>
> > Twitter returns a HTTP 403 if you make a properly authorized follow
> > request to a user already followed.
>
> > That seems like the wrong kind of response. It should return 200, with
> > data saying the friendship already existed, no?
>
> > Ivan
> >http://tipjoy.com
>
> > --
> > Abraham Williams |http://the.hackerconundrum.com
> > Hacker |http://abrah.am|http://twitter.com/abraham
> > Web608 | Community Evangelist |http://web608.org
> > This email is: [ ] blogable [x] ask first [ ] private.
> > Sent from Madison, Wisconsin, United States
[twitter-dev] 403 on valid request to friendships/create/ if friendship already exists
Hi, Twitter returns a HTTP 403 if you make a properly authorized follow request to a user already followed. That seems like the wrong kind of response. It should return 200, with data saying the friendship already existed, no? Ivan http://tipjoy.com
[twitter-dev] Re: Sign in with Twitter
Zac, this can be solved just be properly modeling user accounts and twitter accounts. It should be one-to-many. Signing in with any of their twitter accounts can sign in that user. Let me know if that doesn't address your problem. Ivan http://tipjoy.com On Apr 16, 1:18 pm, Zac Bowling wrote: > Hi Doug, > > There is a use case that sort of sucks when you don't force the user > to authenticate each time, and thats when a your application supports > multiple twitter accounts. Its nice to shortcut authenticating because > it removes a step for the end user, but it sucks when you are trying > to associate with multiple accounts. > > It would be nice if we could pass a flag to force login to show, or > pass in an expected username and if its not the same as what twitter > has for their session cookie, it invalidates and forces a login or > something. > > Not sure if something like this exists already or anyone has ran into > this issue and figured out a work around. > > Zac Bowling > > On Thu, Apr 16, 2009 at 9:55 AM, Doug Williams wrote: > > > Related: More OAuth documentation is to come throughout the day so > > some of the links will be broken. It's a glaring omission in the > > documentation. > > > Let's use this thread to fill the holes people find while implementing > > Sign in with Twitter for the time being. > > > Cheers, > > Doug Williams > > Twitter API Support > >http://twitter.com/dougw > > > On Apr 16, 9:52 am, Doug Williams wrote: > >> Matt has deployed our answer for one click login. It requires only a small > >> change to the normal Twitter OAuth workflow and is documented here: > > >>http://apiwiki.twitter.com/Sign-in-with-Twitter > > >> This is the perfect tool for web applications wanting to offer users the > >> ability to sign in with a Twitter account and a single mouse click. We want > >> to see it in the wild so please let us know if you roll this out in your > >> application. > > >> Thanks, > >> Doug Williams > >> Twitter API Supporthttp://twitter.com/dougw
[twitter-dev] free idea: paid protected updates
Hi, Over at the Tipjoy blog, I'm posting free ideas on how to use our Twitter Payments API for our API contest. The latest is about paid protected accounts, where you pay to get access to the stream. Check it out: http://tipjoys2cents.blogspot.com/2009/04/tipjoy-api-idea-2-paid-protected.html Note that it might require some Twitter API enhancements to work smoothly as a 3rd party service: http://bit.ly/AF20N What do you think? Ivan http://tipjoy.com/APIcontest ps. on my todo list today is getting the API working with OAuth access. Are there any other examples of mashups between twitter apps that work with OAuth? It'd be fun to be the first. http://giantrobotlasers.com/post/96816868/public-daily-todo-list-experiment
[twitter-dev] Re: protect updates via API?
Also, is there a way to approve follow requests to a protected account via the REST API? Ivan On Apr 15, 9:42 pm, Ivan wrote: > Hi, > > I have an idea I'd like to write about for the Tipjoy Twitter Payments > APIhttp://tipjoy.com/APIcontest/ > > I'm blogging ideas as I have time to write them down > here:http://tipjoys2cents.blogspot.com/ > > The idea deals with protected updates. The service I have in mind > would benefit from an API endpoint to protect a twitter user's > updates. > > I don't see one on the wiki - is this possible? > > Also, is it possible for a protected account to make a user unfollow > them? The friendship/destroy endpoint doesn't appear to enable this > from the protected account. > > Could the user be blocked and then unblocked? That would make them > unfollow the protect account, and then move them to a normal state. I > think this is a hack and not the intended use of "block", but it would > probably work. > > I'd like to avoid unfollowing from the following account because the > credentials could be changed or OAuth access revoked as a way of > avoiding follower removal. > > Thanks, > Ivanhttp://tipjoy.com/twitter
[twitter-dev] protect updates via API?
Hi, I have an idea I'd like to write about for the Tipjoy Twitter Payments API http://tipjoy.com/APIcontest/ I'm blogging ideas as I have time to write them down here: http://tipjoys2cents.blogspot.com/ The idea deals with protected updates. The service I have in mind would benefit from an API endpoint to protect a twitter user's updates. I don't see one on the wiki - is this possible? Also, is it possible for a protected account to make a user unfollow them? The friendship/destroy endpoint doesn't appear to enable this from the protected account. Could the user be blocked and then unblocked? That would make them unfollow the protect account, and then move them to a normal state. I think this is a hack and not the intended use of "block", but it would probably work. I'd like to avoid unfollowing from the following account because the credentials could be changed or OAuth access revoked as a way of avoiding follower removal. Thanks, Ivan http://tipjoy.com/twitter
[twitter-dev] Re: Tipjoy opens Twitter Payments API, celebrates with an API Contest
That's an interesting point, Chad. My basic assumption is that "normal" people don't know what the hell OAuth is. They're used to giving out passwords. If clicking a banner makes it work, they're happy. I figured the 3rd party apps would already be using a Twitter password. So they aren't asking for a password to work with Tipjoy, but with their service. For example, an iphone twitter client could, say, turn off ads by making a Tipjoy payment. The Tipjoy account creation, payment, balance extraction, and other API calls would all just use the Twitter password already stored in the client. "It just works*" This is a bit different for applications that sell content, that might want to start selling over Twitter. if http://popcuts.com started using Tipjoy to sell mp3s over twitter, they would need to ask for the Twitter password just to use Tipjoy. Then this concern is valid. Either way, I hope to have the OAuth solution in place this week. No need to keep it a secret: we plan on allowing for a authorization_url param that is an OAuth signed call to http://twitter.com/account/verify_credentials.json We'd verify the call with Twitter, then proceed like we have a twitter password. This call won't work though, because we'd need to update the user's status http://tipjoy.com/api/#creating_twitter_payment We'll enable a work-around by posting the tweet, and calling that endpoint with an id of a tweet already posted. That should all work, right? Thanks! Ivan http://tipjoy.com *ymmv On Apr 8, 11:21 am, Chad Etzel wrote: > Hi Ivan, > > This looks quite interesting. I do have one concern, though. > > On the main tipjoy.com site, you have a prominent banner saying "click > here to sign up in 5 seconds without giving us your password." > ...which then leads to the OAuth sign-in. > > The Tipjoy API requires a twitter user/pass combo for authentication. > If I am User A who already has created an account on Tipjoy using > OAuth, and now I see another 3rd party application asking for my > twitter user/pass to interact with Tipjoy, I am going to be very > concerned that this other app is trying to scam me. > > I guess it just looks like a conflicting message to me. > > I know you said you are "hacking" something together for OAuth apps, > so maybe this concern is unnecessary, but wanted to give you that > feedback as a potential user of this system. > > As a developer, the API looks very interesting. I don't know how many > people would actually want to tie their twitter account to actual > money transactions, but I guess there's only one way to find out... > > Congrats on the API launch, > -Chad > > On Wed, Apr 8, 2009 at 10:57 AM, Ivan Kirigin wrote: > > >>>the recipient has enough to cash out to a PayPal account ... before the > >>>transaction is cancelled ... what happens? > > > We audit every cash out, so this step isn't fully automated. It's hard > > to "take the money and run" > > > Also, we track transactions across the site. As you can imagine with > > micropayments, any wholesale fraud would require lots of transactions > > or amounts much larger than the median to make any real money. This > > makes fraud detection easier. > > > If anyone sees any transactions that are faulty, they can let us know. > > We already actively block many IPs and domains because of link spam, > > and expect to do the same for fraudsters too. > > > Best, > > Ivan > >http://tipjoy.com > > > On Apr 8, 9:52 am, Dossy Shiobara wrote: > >> Great, now Nigerian royalty can use Twitter to get their millions of > >> secret dollars out of their country, with the aid of Twitter users help! > >> (lol) > > >> Or, the first rogue Twitter app. that tweets a Tipjoy payment message > >> from the user who gives up their username/password to the rogue app. > >> It'd be a Tipjoy mugging! > > >> At least Tipjoy lets you cancel transactions that aren't paid for yet. > >> But, if you pre-charge your account, and the money is sent from the > >> account, and the recipient has enough to cash out to a PayPal account > >> ... before the transaction is cancelled ... what happens? > > >> Sounds so very dangerous. > > >> On 4/8/09 9:27 AM, Ivan wrote: > > >> > Hi Folks, > > >> > Tipjoy's Twitter Payments have been really successful for P2P and > >> > charitable payments. Now we've released an API for Twitter > >> > applications to do payments over Twitter: > >> >http://tipjoy.com/api > > >> -- > >> Dossy Shiobara | do...@panoptic.com |http://dossy.org/ > >> Panoptic Computer Network |http://panoptic.com/ > >> "He realized the fastest way to change is to laugh at your own > >> folly -- then you can let go and quickly move on." (p. 70)
[twitter-dev] Re: Tipjoy opens Twitter Payments API, celebrates with an API Contest
>>the recipient has enough to cash out to a PayPal account ... before the >>transaction is cancelled ... what happens? We audit every cash out, so this step isn't fully automated. It's hard to "take the money and run" Also, we track transactions across the site. As you can imagine with micropayments, any wholesale fraud would require lots of transactions or amounts much larger than the median to make any real money. This makes fraud detection easier. If anyone sees any transactions that are faulty, they can let us know. We already actively block many IPs and domains because of link spam, and expect to do the same for fraudsters too. Best, Ivan http://tipjoy.com On Apr 8, 9:52 am, Dossy Shiobara wrote: > Great, now Nigerian royalty can use Twitter to get their millions of > secret dollars out of their country, with the aid of Twitter users help! > (lol) > > Or, the first rogue Twitter app. that tweets a Tipjoy payment message > from the user who gives up their username/password to the rogue app. > It'd be a Tipjoy mugging! > > At least Tipjoy lets you cancel transactions that aren't paid for yet. > But, if you pre-charge your account, and the money is sent from the > account, and the recipient has enough to cash out to a PayPal account > ... before the transaction is cancelled ... what happens? > > Sounds so very dangerous. > > On 4/8/09 9:27 AM, Ivan wrote: > > > Hi Folks, > > > Tipjoy's Twitter Payments have been really successful for P2P and > > charitable payments. Now we've released an API for Twitter > > applications to do payments over Twitter: > >http://tipjoy.com/api > > -- > Dossy Shiobara | do...@panoptic.com |http://dossy.org/ > Panoptic Computer Network |http://panoptic.com/ > "He realized the fastest way to change is to laugh at your own > folly -- then you can let go and quickly move on." (p. 70)
[twitter-dev] Tipjoy opens Twitter Payments API, celebrates with an API Contest
Hi Folks, Tipjoy's Twitter Payments have been really successful for P2P and charitable payments. Now we've released an API for Twitter applications to do payments over Twitter: http://tipjoy.com/api Because Twitter is a broadcast platform, these payments are social. That's very valuable. A microgiving cause gets the benefit of all the user's followers seeing the payment. A premium twitter app paid using Tipjoy gets a free advertisement on Twitter. It's not an orchestrated "social media marketing" effort - it's real people actually using your service. Here is a tutorial: http://tipjoy.com/twitterApps We're holding an API contest to celebrate the API release. We'll be giving away lots of schwag and our favorite app will win a MacBook Air. Contest details are here: http://tipjoy.com/APIcontest By the way, the API uses a Twitter username & password for authorization. I'm hacking together something to give all the OAuth applications some love. I'll post here when it's ready. I'd love to hear what you all think! Best, Ivan http://tipjoy.com/twitter http://twitter.com/ikirigin
[twitter-dev] Re: 4-legged OAuth discussion
>>Would any developers out there that proxy credentials like this, please speak >>up and share your use case? I realize I hadn't shared the use case for Tipjoy. We opened an API for payments that requires a twitter username and password: http://tipjoy.com/api Here is a tutorial http://tipjoy.com/twitterApps In most cases this is to GET or POST information to Tipjoy, like creating a Tipjoy account, getting balance information, getting transaction data, etc. In most cases, we only need to verify the userfor these endpoints, not communicate to Twitter. If we do create a Tipjoy account, we set their password to be their Twitter password, and tell them this via a DM after they auto-follow @tipjoy. We could work around this by requiring they OAuth into Tipjoy once they visit the site, and we could tell them this via @TipjoyHelper, an automated helper account. We do have one endpoint that explicitly requires communication with Twitter to perform a status update: http://tipjoy.com/api/#creating_twitter_payment It initiates a payment, updates the status, and returns transaction information. The benefit of this over posting a tweet that we later detect to perform a transaction, is that the post through Tipjoy allows a real-time response to return transaction information. Any service using Tipjoy for payments that needs to _do_ something after the payment ( read: all e-commerce ), requires a callback or realtime returns. A polling pattern could work, but that makes me cringe. Also, desktop and mobile clients can't use callbacks from tipjoy.com. We will require a Twitter username & password until we can work a way around this. We do intend on becoming our own OAuth provider, but I don't think that is a good solution for all other OAuth consumers to become providers, as some on the OAuth list thread have suggested. >> Finally, Ivan you have had some great input for our development team. And >> for that, we are appreciative. No problem :) Best, Ivan http://tipjoy.com On Mar 27, 9:37 pm, Doug Williams wrote: > Ivan, > Iain of @tweetdeck brought this use case to my attention during devnest so > it is certainty something we want to address with OAuth. We still consider > OAuth's current implementation as a beta, and thus incomplete. The pattern > for proxied approval hasn't been decided but as I said, is on our minds. > > Would any developers out there that proxy credentials like this, please > speak up and share your use case? I'd like as to have as wide of a survey as > possible to offer our developers while we craft our authentication strategy. > > Finally, Ivan you have had some great input for our development team. And > for that, we are appreciative. > > Doug Williams > Twitter API Supporthttp://twitter.com/dougw > > On Wed, Mar 25, 2009 at 5:21 PM, Ivan wrote: > > > I started a discussion on the OAuth mailing list about 4-legged OAuth > > in the context of Twitter OAuth consumer applications. > >http://groups.google.com/group/oauth/browse_thread/thread/bdf8b99e84a... > > > I'd love to have the input from the Twitter developer community. > > > The problem is essentially that OAuth access tokens aren't > > transferable. For example, a Twitter user on TweetDeck can input a > > username & password, which lets TweetDeck post a picture to TwitPic. > > If TweetDeck were granted OAuth access to the user's Twitter account, > > TwitPic couldn't verify the access tokens easily, and couldn't > > communicate to Twitter with them. > > > Applications moving to OAuth could mean fewer mashups, which is bad. > > > OAuth providers should have a way of authenticating to Consumer A that > > Consumer B has access to a user's account. > > > The access to the Twitter API could still require independent OAuth > > access grants for each consumer. > > > What do you think? > > > Ivan > >http://tipjoy.com
[twitter-dev] 4-legged OAuth discussion
I started a discussion on the OAuth mailing list about 4-legged OAuth in the context of Twitter OAuth consumer applications. http://groups.google.com/group/oauth/browse_thread/thread/bdf8b99e84a8aaef I'd love to have the input from the Twitter developer community. The problem is essentially that OAuth access tokens aren't transferable. For example, a Twitter user on TweetDeck can input a username & password, which lets TweetDeck post a picture to TwitPic. If TweetDeck were granted OAuth access to the user's Twitter account, TwitPic couldn't verify the access tokens easily, and couldn't communicate to Twitter with them. Applications moving to OAuth could mean fewer mashups, which is bad. OAuth providers should have a way of authenticating to Consumer A that Consumer B has access to a user's account. The access to the Twitter API could still require independent OAuth access grants for each consumer. What do you think? Ivan http://tipjoy.com
[twitter-dev] Re: Can OAuth approval process work in an IFRAME?
Scott is correct here. As a policy, web sites should never allow sign in through an iframe, as even the minority of users smart enough to verify the source URL is twitter.com can't verify it. Ivan http://tipjoy.com On Mar 20, 11:24 pm, Scott Carter wrote: > I think Ivan's suggestion could answer the concern about the case > where a user needs to enter a username/password: > "If not signed in, a new window could load with the regular OAuth > process. " > > For the case where the user is already logged in, there doesn't appear > to be any risk here. Consider the scenario where the IFRAME is > populating a page from a site pretending to be Twitter with an Allow/ > Deny button. By clicking "Allow", nothing bad can happen. Twitter > isn't Allowing anything in this case since it wasn't their page to > begin with. > > FYI - I think my case is different than Ivan's since he is discussing > a widget whereas my app lives entirely in the IFRAME. The callback > from Twitter after authorization would simply cause the IFRAME to > redirect back to a page on bigtweet.com where I could then present a > different (logged in) view for the user. > > Joshua's suggestion would work, but providing IFRAME support with a > callback URL would save the user two steps - needing to close the > Authorization window, and clicking the Complete Connection button. > > Scott > > On Mar 20, 5:50 pm, Abraham Williams <4bra...@gmail.com> wrote: > > > If you have the approval process take place in the iframe there is no way to > > for the user to actually verify they are interacting with twitter. if they > > are not logged into twitter already you are then asking users to enter > > username/password on a potentially unsafe site and opening up to fishing. > > > On Fri, Mar 20, 2009 at 16:29, Joshua Perry wrote: > > > > The interesting thing is, that you could omit the callback URL in your > > > application registration with Twitter. On your site when the user clicks > > > the "connect twitter" button you would go and grab a request token and > > > pop a > > > new window with that request token in the URI like usual. The user would > > > click accept and since there is not a callback URL Twitter will say "You > > > can > > > close this window and complete the Connect process". Waiting on your > > > webpage would be the "complete connection" button which, when clicked, > > > would > > > request Twitter to convert the request token into an access token. > > > > Instead of popping a window I don't know why you couldn't load the Twitter > > > authorization page into an IFrame, but the message to "close this window" > > > may be a bit confusing to the user. > > > > This flow is the same as a desktop application has to use to accomplish an > > > OAuth connection and should work the similarly well with a web > > > application. > > > > Josh > > > > Ivan Kirigin wrote: > > > >> I'd love to be able to do this also, and have mentioned it off the > > >> list. > > > >> Imagine a "Twitter Connect" button, which would be a tiny iframe > > >> loaded from twitter.com. If signed in, the token exchange could take > > >> place right there. If not signed in, a new window could load with the > > >> regular OAuth process. The callback in the button would be to a tiny > > >> iframe acting as a confirmation of the success, loaded by the > > >> consumer. > > > >> There is a diminished phishing risk, because the widget isn't asking > > >> for your password. Only the new window would. > > > >> The only question is how the rest of the widget gets the notification > > >> that the OAuth access grant has taken place. My thought is that the > > >> widget could just ping the web service to see if things are integrated > > >> properly. Cross domain iframe communication is a HUGE pain in the ass. > > >> You can get around it if the twitter iframe loaded a designated hidden > > >> iframe from the 3rd party. > > > >> Alternatively, you could ask the user to refresh the widget / > > >> bookmarklet. > > > >> Generally, I'd like to see some standard buttons from twitter, so > > >> normalize the OAuth experience. You can see on the top of > > >>http://tipjoy.com > > >> a banner we made that uses twitter fonts and colors. > > > >> Best,
[twitter-dev] Re: Can OAuth approval process work in an IFRAME?
I'd love to be able to do this also, and have mentioned it off the list. Imagine a "Twitter Connect" button, which would be a tiny iframe loaded from twitter.com. If signed in, the token exchange could take place right there. If not signed in, a new window could load with the regular OAuth process. The callback in the button would be to a tiny iframe acting as a confirmation of the success, loaded by the consumer. There is a diminished phishing risk, because the widget isn't asking for your password. Only the new window would. The only question is how the rest of the widget gets the notification that the OAuth access grant has taken place. My thought is that the widget could just ping the web service to see if things are integrated properly. Cross domain iframe communication is a HUGE pain in the ass. You can get around it if the twitter iframe loaded a designated hidden iframe from the 3rd party. Alternatively, you could ask the user to refresh the widget / bookmarklet. Generally, I'd like to see some standard buttons from twitter, so normalize the OAuth experience. You can see on the top of http://tipjoy.com a banner we made that uses twitter fonts and colors. Best, Ivan http://tipjoy.com ps check out our twitter payments api: http://tipjoy.com/api feedback welcome! On Mar 20, 3:00 pm, Scott Carter wrote: > I'm starting to look at the OAuth process and had a question for the > OAuth folks at Twitter. > > My application BigTweet is invoked via a bookmarklet and displays as > an IFRAME on any web page that a Twitter user happens to be > browsing. Ideally I would like to be able to complete the entire > OAuth process within the IFRAME (for initial login). > > I believe that Twitter recently added measures to prevent framing of > their site to stop phishing attacks. Does this extend to the OAuth > approval page? Could an exception be made for the OAuth page when > invoked from a registered application presenting a valid Request > Token? If so, could this be documented (perhaps in the OAuth Twitter > FAQ)? > > The authorization page at Twitter appears to have a fairly small > content section (with Deny/Allow buttons, etc), which could fit into a > reasonably sized IFRAME. If you are agreeable to allow IFRAME > support, would it be possible to standardize on content dimensions > (for IFRAME sizing) and document this as well? > > Thanks for considering my request. > > Scotthttp://twitter.com/scott_carter
[twitter-dev] Re: TinyUrl and Twitter. Should I use it?
I can highly recommend http://bit.ly You can also setup a CNAME to point to their service. I have b.tipjoy.com setup, for links like this: http://twitter.com/TipjoyHelper/status/1267799430 They give you real time analytics on clicks, which is great. I just tweeted this awesome Mario Paint rendition of Paranoid Android: http://bit.ly/WFMN9 And you can track the clicks here: http://bit.ly/WFMN9+ Note that I'm biased - I know the good folks who make bit.ly Best, Ivan http://tipjoy.com On Mar 10, 1:56 am, PSM wrote: > you are completely safe to use tinyurl. yes there are issues with > it. yes it would be nice if somebody offered fixes to that. > > but the fact is that several hundred thousand twits per day use > tinyurl. so whatever issues tinyurl per se may or may not have, > twitter and the twitter community are putting up with it.
[twitter-dev] converting existing users to OAuth
I apologize if this has already been addressed. Is there an automated way to convert a set of twitter users in a 3rd party application (i.e. usernames and passwords), into usable OAuth credentials? If not, this makes the transition difficult, both because additional user action is required and app logic needs to include provisions for different kinds of twitter accounts. That's translates to lots of friction for the whole twitter developer userbase. I'd be fine with a one-off mechanism that isn't open to an API but involves submitting a CSV file or something like it to a form. Thanks, Ivan http://tipjoy.com
[twitter-dev] sending credentials from one third party app to another
Hi, The current username/password basic auth system for the Twitter API makes it easy to transfer credentials between third party applications. For example, any mobile or desktop client can use TwitPic's API using the username/password they store. This makes it so apps can leverage eachother, and is a very good thing. In my understanding, oauth access tokens don't commute, because the oauth_consumer_key & oauth_consumer_secret are required and shouldn't be shared. How can 3rd party apps play nice with each other with OAuth based authentication? This is an issue for Tipjoy. You can see a growing set of tools for twitter app developers to use us for payments here: http://tipjoy.com/api They won't work well without sharing authorization. I don't have a good solution for this, and would love to hear what ideas people have. Best, Ivan http://tipjoy.com
Re: OAuth Documentation Preview
Awesome, thanks! I'll try to post some Python / Django code as we get things working for Tipjoy. Ivan http://tipjoy.com On Feb 7, 12:52 am, Matt Sanford wrote: > Hi all, > > We launched our OAuth code to production yesterday with employee- > only access to check for any problems that didn't show up during our > testing. We've been running it through it's paces and fully plan to > have it open to the closed beta group by next week. If you didn't hear > back from Alex and I don't worry, we're working to expand the beta > once things are a bit more stable. As part of a company meeting today > I presented OAuth to the people who haven't been working on it via a > demo app I wrote … it was exciting times to see this run on > production. I think of the application developers on this list as an > extension of our team so I don't want to wait until next week to send > you the documentation. I wrote up a quick how-to sort of thing on the > wiki about writing a very simple OAuth app for Ruby on Rals. Check it > out athttp://bit.ly/api-oauth-ruby. > With any luck we can add some more examples and things during this > beta period, most notably in PHP since that seems to be the majority > of the questions on the list. > > Thanks; > — Matt Sanford
Re: API Changes for January 12, 2009
Generally, it would be really interesting to know a user on a webpage has a twitter account. Clearly, you should patch security holes, but a tiny piece of javascript to tell the front end whether the user just has a twitter account would be great. We have a tiny alert on the top of http://tipjoy.com that tells people about our twitter payments. Let's just say the font would be a lot bigger if we knew they had a twitter account. We might even redirect them to another page. This is one failing of Facebook Connect actually. Real estate in widgets like ours is limited ( http://tipjoy.com/banners ), which means adding a connect button is costly unless we know they have a Facebook account. They could do it, but they haven't made this functionality AFAIK. Ivan http://tipjoy.com On Jan 12, 6:59 pm, Matt Sanford wrote: > Here are the changes launched today, 2009-01-12: > > Fixed: some methods were defaulting to JSON when no format was > specified. A format must be specified for all API calls. > > Security: it was possible to discover the currently logged-in user via > an unauthenticated call to the /statuses/user_timeline method. This is > a potential privacy concern, and was disabled. > > Fixed: Atom feeds for timelines incorrectly reported all user profile > pictures as image/png. This may take up to a day to propagate through > all of our caches. > > Fixed: Requests with &id= and no value returned a user rather than an > error. Now an error is returned. > > As always you can review changes by checking the change log > athttp://apiwiki.twitter.com/REST+API+Changelog. > > Thanks; > — Matt Sanford / @mzsanford
Re: jquery bug or twitter bug? on api call to /users/show/[username].json
Thanks Matt, that really helped explain things.
I tried to use a straight $.ajax(...).ajaxError to catch the error.
It didn't work.
My solution was to toggle a loader gif before the transaction, set the
timeout in $.ajax to 4000ms, and made a setTimeout at 4100ms to a
function that checked if the loader gif was still shown. If so, it
reported a problem to the user.
This is obviously a very, very ugly hack. But it worked. :D
Look for an update soon about what this little project is all about at
my twitter stream: http://twitter.com/tipjoy
The final mini app that we've made will be a pretty good example of
how to very quickly extract info from the twitter API using jquery.
Ivan
http://tipjoy.com
On Jan 7, 11:07 am, Matt Sanford wrote:
> Hi Ivan,
>
> The jQuery getJSON replaces the trailing "?" with a function name
> like jsonp4728701093601231 [1]. To test you need to use something more
> like:
>
> $ curl 'http://twitter.com/users/show/someBadUsername.json?callback=foo'
> foo({"request":"\/users\/show\/someBadUsername.json?
> callback=foo","error":"Not found"})
>
> It looks like the Twitter API is working correctly. One thing to
> note is that the Twitter API is returning HTTP 404. I am pretty sure
> the jQuery getJSON method is only calling your function on success
> (HTTP 200). I'm not totally sure but the jQuery ajaxError event
> handler may help do what you need.
>
> Thanks;
> — Matt Sanford / @mzsanford
>
> [1] - "jsonp" + currentTimeMillis
>
> On Jan 7, 2009, at 07:48 AM, Ivan wrote:
>
>
>
> > Hi,
>
> > I'm cofounder of Tipjoy - we just made payment on twitter. Check it
> > out:http://tipjoy.com/twitter
>
> > We have a fun project related to this that I'm working on right now.
>
> > I'm using jquery to parse the twitter account info from the API.
> > Disclaimer: I'm learning javascript JIT.
>
> > There is either a bug in my javascript, or the return from the twitter
> > API is wrong.
>
> > Here is some simplified code:
>
> > $(document).ready(function(){
> > var url = "http://twitter.com/users/show/"; + [the username] +
> > ".json?callback=?";
> > $.getJSON(url,
> > function(data){
> > if( data.error ){
> > alert("username doesn't exist")
> > }
> > else{
> > alert("that username exists")
> > }
> > }
> > );
> > });
>
> > This code uses jquery's getJSON to grab the account info for a given
> > username.
>
> > The return for a correct username is:
> > ({...});
>
> > That wrapping is to pass it to the callback unnamed function.
>
> > But this code doesn't work for a username that doesn't exist. The
> > function doesn't even get called, and the alert doesn't show up.
>
> > Putting this is a browser
> >http://twitter.com/users/show/someBadUsername.json?callback=?
>
> > Returns:
> > {"request":"\/users\/show\/someBadUsername.json?
> > callback=?","error":"Not found"}
>
> > Should that be wrapped in ({...}); ? Is that a bug on twitter's side?
>
> > Or is there something I'm doing wrong in jquery?
>
> > I looked at the code for this project, and it looks like they are
> > using jquery to access summize in the same way I'm grabbing from the
> > twitter api.
> >http://tweet.seaofclouds.com/
> >http://github.com/seaofclouds/tweet/tree/master/javascripts/jquery.tw...
>
> > Any help would be greatly appreciated.
>
> > Thanks,
> > Ivan
> >http://tipjoy.com
jquery bug or twitter bug? on api call to /users/show/[username].json
Hi,
I'm cofounder of Tipjoy - we just made payment on twitter. Check it
out: http://tipjoy.com/twitter
We have a fun project related to this that I'm working on right now.
I'm using jquery to parse the twitter account info from the API.
Disclaimer: I'm learning javascript JIT.
There is either a bug in my javascript, or the return from the twitter
API is wrong.
Here is some simplified code:
$(document).ready(function(){
var url = "http://twitter.com/users/show/"; + [the username] +
".json?callback=?";
$.getJSON(url,
function(data){
if( data.error ){
alert("username doesn't exist")
}
else{
alert("that username exists")
}
}
);
});
This code uses jquery's getJSON to grab the account info for a given
username.
The return for a correct username is:
({...});
That wrapping is to pass it to the callback unnamed function.
But this code doesn't work for a username that doesn't exist. The
function doesn't even get called, and the alert doesn't show up.
Putting this is a browser
http://twitter.com/users/show/someBadUsername.json?callback=?
Returns:
{"request":"\/users\/show\/someBadUsername.json?
callback=?","error":"Not found"}
Should that be wrapped in ({...}); ? Is that a bug on twitter's side?
Or is there something I'm doing wrong in jquery?
I looked at the code for this project, and it looks like they are
using jquery to access summize in the same way I'm grabbing from the
twitter api.
http://tweet.seaofclouds.com/
http://github.com/seaofclouds/tweet/tree/master/javascripts/jquery.tweet.js
Any help would be greatly appreciated.
Thanks,
Ivan
http://tipjoy.com
