[twitter-dev] Re: abraham / twitteroauth
The direction you'll want to be heading is letting the users allow your app access once. You can then store the user's oAuth token and oAuth token secret with their account. (instead of their username and password) These won't change unless the user revokes your website's access. jarón On Feb 1, 11:51 am, Archia tomarchib...@gmail.com wrote: I have a web application to allow clients to update information for their recordings (music) which are then listed on another site. I'd like to include an area to allow them to update their Twitter status. Given that each client already signs in to the current application, and (some of) their Twitter usernames and passwords are already in a database, it would be good if they did not need to log in to Twitter as well and select 'Allow' each time they visit that area of the application. Is it possible to bypass the Sign in with Twitter step on connect.php and somehow send their username and password, or at least only require this once and store their credentials in the database to be used thereafter? Thanks! -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] Retweets_of_me: how many retweets?
My app offers users the feature to see their tweets, retweeted (using retweets_of_me - http://dev.twitter.com/doc/get/statuses/retweets_of_me). However, I would also like to show how many times a particular tweet has been retweeted, but the response does not offer that data. I could call http://dev.twitter.com/doc/get/statuses/:id/retweeted_by (as suggested in this thread: http://groups.google.com/group/twitter-development-talk/browse_thread/thread/38aa19e2fc117c36/fdba18c2870fa76d), but that would mean making 50 extra calls per page. It would be great if retweets_of_me's response would include the number of retweets and, for example, the user data of the last retweeter. Is there a simple way to find out how many times a retweets_of_me - tweet has been retweeted? Thanks, jarón -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] Re: Storing multiple tokens in cookie: can I use ampersand?
Ok, thanks! I'm going to try that. jarón On 12 dec, 20:14, Tom van der Woerdt i...@tvdw.eu wrote: The best way is to urlencode() the key and secret separately, and then separating them with a space. Tom On 12/12/10 8:07 PM, jaronbarends wrote: I have a webapp in php without any database associated with it. I'm just saving the user's (encrypted) oAuth token and token secret in two separate cookies. Now I want to build in multi-user support, and I'm wondering what would be the best way to store the multiple tokens and secrets. My idea is to keep two cookies: oauth_tokens and token_secrets. I would then take the two oauth tokens, concatenate them with an ampersand, encrypt them and put them in a cookie (and the same for the secrets). As far as I know, oauth tokens and secrets can not contain any ampersands, but I'm not sure. so: 1) Does anyone know if ampersands can occur in tokens or secrets? 2) Do you think this is a good idea, or would you tackle it otherwise? Thanks! -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] Storing multiple tokens in cookie: can I use ampersand?
I have a webapp in php without any database associated with it. I'm just saving the user's (encrypted) oAuth token and token secret in two separate cookies. Now I want to build in multi-user support, and I'm wondering what would be the best way to store the multiple tokens and secrets. My idea is to keep two cookies: oauth_tokens and token_secrets. I would then take the two oauth tokens, concatenate them with an ampersand, encrypt them and put them in a cookie (and the same for the secrets). As far as I know, oauth tokens and secrets can not contain any ampersands, but I'm not sure. so: 1) Does anyone know if ampersands can occur in tokens or secrets? 2) Do you think this is a good idea, or would you tackle it otherwise? Thanks! -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] Re: Behavior when user denies access from application
You can go further than making a reasonable assumption. If you hover over the link back to your app, you'll see it looks something like this: http://yourapp.com/callbackurl?denied=q3vuR41XYa. So, Twitter sends a get-var called denied to your callback url. If you check for the presence of that variable, you'll know the user denied access. On Sep 29, 1:55 am, K kuts...@gmail.com wrote: This was the exact info I needed. Thanks! On Sep 27, 9:47 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Kutsumi, You are correct in assessing the current behavior -- we'll return to your callback URL if they hit deny. In that case, we'll also NOT be sending you an oauth_verifier and other information you'd need on the callback URL to properly execute the exchange request token for access token negotiation step of OAuth. If your callback function is executed and does not contain the necessary paramaters to further consume an access token, you can make a reasonable assumption that the user denied the access without your application needing to make API calls to verify_credentials (you also wouldn't have any credentials to verify in this case. Taylor On Mon, Sep 27, 2010 at 9:36 PM, K kuts...@gmail.com wrote: Hi sorry for bringing up the issue that has been discussed in the past... I found this issue tracking from other posts about the same issue. http://groups.google.com/group/twitter-development-talk/browse_thread... So it says here the issue is solved, but just wanted to get clarification on how the issue is solved, and how I should implement my program. So I believe, now after user click deny, they will go to the page which has link and if user clicks on it he/she goes back to the callback_url. Is that correct? Is there any parameter that is attached when callback url is called that will tell me if user has clicked on deny? If not, do I need to call verify credentials everytime callback url is accessed just to find out if user has allowed or denied? Thanks for your help! Kate -- Twitter developer documentation and resources:http://dev.twitter.com/doc API updates via Twitter:http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk-Hide quoted text - - Show quoted text - -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] Re: @Anywhere Typo (Minor)
don't refers to look and feel, not to button, so don't is correct. On Sep 29, 2:45 am, Mike under619ta...@gmail.com wrote: Under Users login signup Custom Connect with Twitter Button it reads: If the default look and feel of the Connect with Twitter button don't meet your needs, @Anywhere makes it easy to build a custom button. I believe it should be buttons don't or button doesn't. :) -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] Re: What happens after twitter user denied access to the application?
When a user denies your app access, it says something like you denied YourAppName access... The text YourAppName is a link, and when the users clicks that, he gets redirected to your callback url, with an additional parameter denied=someLongVariable. So you can catch this scenario easily by looking for the denied getvar, but it will only work if the user decides to click the link back to your app. On Sep 7, 6:49 am, K kuts...@gmail.com wrote: Hi, When twitter user denies access to my application, it just gets redirected to the denied page and callback URL never gets called. I would like to handle the situation better when access is denied..I saw bunch of similar posts in 2009, just wondering if this feature ever got implemented, and if so, if I can find a relevant documentation on how to implement this... Thank you for your help! K -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
[twitter-dev] Insufficient feedback with read only @anywhere apps
I just spent some time figuring out why I was getting a 401 - Unauthorized error when trying to post tweets from an @anywhere tweetBox. Turns out I had forgotten to check the Read Write radio button in my app settings. (And it even says Note: @Anywhere applications require read write access.) The tweetbox didn't give me any feedback - the only thing I saw was the spinner that kept on spinning. Apperently, if your app is Readonly, @anywhere will let you include write-components anyhow. It would be nice if the @anywhere api would display a message telling you that your app needs to be Read Write, instead of showing a non-working component. Or, at the least, show some kind of error when you're trying to post a tweet. -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
[twitter-dev] Revoked @anywhere access automatically re-granted?
Hi, I'm using the @anywhere tweetbox, and I am confused by the revoking / re-granting access is handled. This is the scenario: 0) I type a tweet in the @anywhere tweetbox and hit Tweet 1) In the popup screen, I allow the app to connect to my account 2) I post a tweet. All is well. 3) I revoke my app's access (as expected, when I revisit the my Connections tab, my app is gone) 4) I go back to the app, and try post a new Tweet. Above the tweetbox, the spinner keeps spinning, but the tweet does not get posted 5) I revisit my Connections tab, and my app is now in the list of allowed apps again. 6) when I refresh my app's page, I can tweet as before. I would have expected to have to connect again after revoking access. Is this a bug (the one tweet that never gets posted certainly seems to be), or is hitting Tweet again considered an implicit granting of access? -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
[twitter-dev] Re: Revoked Access
And as an addition to what D. Smith said: you're probably storing your users' token and token_secret somewhere. So if you do have a tokens are present, you know they have granted access before. Also, you can check the message in the headers. Twitter sends a 401 when access has been revoked, and last time I checked, the accompanying message was Could not authenticate with OAuth. However, these error messages are not set in stone, and afaik they are not officially documented by Twitter.
[twitter-dev] Re: Twitter Error codes/statements?
Twitter also sends an error message in the response. These errors are a quite descriptive, but afaik they're not fixed and could change in the future. In my app I'm currently catching and handling a few of these in a special way; with others I'm showing a general error message. To be able to easily adopt my code to possible changes to Twitter's error messages, I have defined all errors as constants. Below is the part of my php code, where I am defining the errors. The second parameter in every define statement is the error message Twitter is sending. //401 Not authorized define(TWITTER_ERROR_ACCESS_REVOKED, Could not authenticate you.);//user revoked app's access define(TWITTER_ERROR_INCORRECT_SIGNATURE, Incorrect signature);// wrong oAuth tokens define(TWITTER_ERROR_PROTECTED_USER, Not authorized); //403 Forbidden define(TWITTER_ERROR_ALREADY_FAVORITED,You have already favorited this status.); //following is special case: it contains a username, so split it in parts before and after username (full string: Could not follow user: [username] is already on your list.) define(TWITTER_ERROR_ALREADY_FOLLOWING, Already following);//use this in code; function isError will check for _START and _END variants define(TWITTER_ERROR_ALREADY_FOLLOWING_START, Could not follow user:); define(TWITTER_ERROR_ALREADY_FOLLOWING_END, is already on your list.); define(TWITTER_ERROR_DUPLICATE,Status is a duplicate.); define(TWITTER_ERROR_NOT_FOLLOWING, You are not friends with the specified user.); define(TWITTER_ERROR_RATE_LIMIT_EXCEEDED, Rate limit exceeded. Clients may not make more than 350 requests per hour.);//rate limit exceede On May 28, 5:03 pm, Michael Cameron darx...@gmail.com wrote: Yeah i have only seen a response error, I would hope that we could get a tabularized list of those error responses. it would make debuging so much easier. On May 28, 1:53 am, wibblefish docherty.ja...@gmail.com wrote: Only info I have found so far ishttp://apiwiki.twitter.com/HTTP-Response-Codes-and-Errors On May 28, 1:02 am, Michael Cameron darx...@gmail.com wrote: So i am writing my catch expressions for twitter when parsing the response from twitter is there any error codes or definite strings for certain reasons. example not following user, or other errors? Thank you!
[twitter-dev] Re: parsing out entities from tweets (a.k.a. parsing out hashtags is hard!)
Yes, this would be very cool. Any ideas on when this would be rolled out? 1) It would be nice to have the profile_image_url in it as well. I can imagine a lot of nice visual enhancements with that. 2) +1 for making it optional. A lot of people are suggesting additional stuff, so maybe it would even be nicer to not just have a include/don't include param, but to be able to specify which data you would like to have included... jarón On May 14, 6:29 am, Rich rhyl...@gmail.com wrote: +1 for it being optional as well. Whilst I will probably use it, it's nice to be able to keep the bandwidth download to a minimum for scenarios where it's not needed On May 14, 1:52 am, Naveen Ayyagari nav...@getsocialscope.com wrote: +1 on the additional parameter to optionally request the data. Every byte counts for mobile device battery life and download time. --Naveen Ayyagari @knight9 On May 13, 8:13 pm, Dewald Pretorius dpr...@gmail.com wrote: Raffi, This is all good, but can you please make the inclusion in the tweet payload optional? Meaning, only include it if it is requested by an additional parameter? I, and I'm sure a lot of others, are already parsing the tweet text. This is just going to consume additional bandwidth and not add any value for us. It will add value for folks who are not already doing the parsing or don't know how. So, they can just request this additional payload.
[twitter-dev] Re: can't post same message more than 1 time Getting error: The remote server returned an error: (403) Forbidden.
Twitter uses this error not only for stuff that you would excpet to be forbidden, but als for other actions that are probably unintended. Other examples are favoriting a tweet you already favorited, trying to follow a user you're already following, etc. The error is usually also accompanied by an error message, which will tell you why you are getting the error. On May 11, 6:34 am, manjunath hindupur mhindu...@gmail.com wrote: Scenario like : i want post same message twice in a same account, if i Try to send same message twice by using API.. getting error Like below : The remote server returned an error: (403) Forbidden. its right behavior or Bug?
[twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse
@Dave Thanks for your suggestion. I do indeed have a mysql, but haven't seen the need to implement it in my app (http://twimply.com) since it basicly only offers an alternative web interface for using twitter. The only mentioned using a database as a possible solution: creating a desktop app that let's my users allow permission through xAuth, Then I would have to access the the same database from the web app, and re- use those tokens. Another problem with that is that the tokens will be bound to the desktop app, and not to the web app. So to make that work, Twitter would have to make it possible to link the tokens of a desktop app and a web app. For me this is purely hypothetical, since I do not have the skills nor the resources to create a desktop app. jarón On Apr 27, 9:11 am, Dave Sherohman d...@fishtwits.com wrote: On Mon, Apr 26, 2010 at 11:09:38AM -0400, Dean Collins wrote: Yeh but John, who is going to install MySQL for a desktop client? 1) John was responding to someone who said a database wouldn't work for [him] since I do not have a desktop app, end I do not store anything in a database. If he doesn't have a desktop app, then he's talking about a web app and, as John said, pretty much every web host out there gives you MySQL, no installation required. 2) MySQL isn't the only RDBMS out there... If I were writing a desktop app which needed to handle significant amounts of data, I'd use SQLite. The SQLite libraries in every language I'm aware of aren't just interfaces to the database, but rather contain the entire database engine, so there's no external application to install. This is a well- proven approach, with Firefox probably being the biggest-name application using an embedded SQLite database engine to handle its data. http://en.wikipedia.org/wiki/SQLite -- Dave Sherohman -- Subscription settings:http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
[twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse
@raffi thanks for your replies. I didn't mean to start a discussion about Twitter's policy here (although I can imagine some people would like to discuss it elsewhere). I'm mostly interested in finding a solution. @dean: I'm not sure I understand your suggestion about using oAuth for both the desktop and the web app. Did you mean letting the users allow access through the desktop app, then storing the username/token combination in a central database and using that database for the web app too? That wouldn't work for me since I do not have a desktop app, end I do not store anything in a database... On Apr 26, 5:34 am, Raffi Krikorian ra...@twitter.com wrote: before this gets out of hand - i, personally, am very sensitive to these issues. i've been spending some brain power trying to come up with a solution. if people have suggestions, then please feel free to reach out to me personally and off list. On Sun, Apr 25, 2010 at 7:54 PM, Ron B rbther...@gmail.com wrote: China's policy didn't just recently change, Twitter's did. So it is Twitter telling us that we may not be able to support China and other firewall blocked countries any longer. It is, after all, within Twitter's power to continue to support Basic Auth. It is their conscious decision not to, despite the significant negative ramifications being brought to their attention. In an earlier comment from Twitter: twitter.com is trying to drive people to understand and discover what's going on in the world. No one in the world needs to understand and discover what's going on more than the people of these communist-block countries that otherwise see only what their governments allow them to see. It is unfortunate that Twitter plans to turn their back on them. Then again, what's a billion people here or there?... On Apr 25, 9:04 pm, Abraham Williams 4bra...@gmail.com wrote: It is not twitter telling you it is China. -- Little androids dreaming of Nexus Ones compiled this text. On Apr 25, 2010 6:53 PM, Dewald Pretorius dpr...@gmail.com wrote: Raffi, We really need a resolution for this issue before Basic Auth is deprecated. It sounds as if Twitter is telling developers of web apps that they cannot provide service to Chinese users, and other users behind firewalls that block access to twitter.com. But that can't be right, can it? On Apr 25, 4:49 am, jaronbarends jaronbare...@gmail.com wrote: I moved my web based app from ba... This issue has discussed in this group before here: https://groups.google.com/group/twitter-development-talk/browse_threa... Being a frontend developer, I may have misunderstood the outcome of that discussion (I certain... -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en -- Raffi Krikorian Twitter Platform Teamhttp://twitter.com/raffi
[twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse
I moved my web based app from basic auth to oAuth just last week. I subsequently got several pleas from Chinese users to put the old version back up, as they could no longer use my app, since access to Twitter.com is blocked in China. This issue has discussed in this group before here: https://groups.google.com/group/twitter-development-talk/browse_thread/thread/39b8b326d8b679c6 Being a frontend developer, I may have misunderstood the outcome of that discussion (I certainly hope so). But from Raffi's last comment there (understood, but, right now, not in the plan. web apps will have to use the standard oauth workflow.) I understand that web app users in countries like China where twitter is blocked will simply no longer be able to use Twitter via the web. Have I understood this correctly? If not, how can I make sure users in blocked countries can still use my web app? If my users can no longer use my app, what do you suggest I recommend them? Jaron On Apr 24, 5:40 pm, Raffi Krikorian ra...@twitter.com wrote: hi all. you're going to be hearing a lot from me over the next 9 weeks. our plan is to turn off basic authorization on the API by june 30, 2010 -- developers will have to switch over to OAuth by that time. between now and then, there will be a *lot* of information coming along with tips on how to use OAuth Echo, xAuth, etc. we really want to make this transition as easy as we can for everybody. as always, please feel free to reach out to this group, or to @twitterapi directly. if you need help remembering the date -http://bit.ly/twcountdown . -- Raffi Krikorian Twitter Platform Teamhttp://twitter.com/raffi -- Subscription settings:http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
