BTW, I am using oauth Javascript client library(
http://oauth.googlecode.com/svn/code/javascript/ ) to create
signature. Wondering if it has a bug?
On Jul 27, 10:53 pm, goodtest goodtest...@gmail.com wrote:
btw, oauth_playground seems to be down as well.
Also, I don't understand why create
I dont think it has any bug (i have not verified this fix yet). I think the
fix is actually for this problem
http://groups.google.com/group/twitter-development-talk/browse_thread/thread/a195ea9b9952e297/9f4b9249f9ff96be?lnk=gstq=consumer+secret#9f4b9249f9ff96be
Need to verify that the parameters
I have found the problem in the Perl library I am using.
I have found the problem in the library I am using: First, a Twitter
request object is created. Second, a signature is generated. Third,
params are then added to the request object. This addition of the
params after the signing invalidates the signature. All params need
to be added before
Need to verify that the parameters are signed by both consumer secret and
access secret.
I am doing that already. For example, when I call
http://twitter.com/statuses/friends_timeline.json, I pass
consumerSecret, tokenSecret...
Using the JS library, it looks like this to get the signature:
@goodtest
Hi Post methods (that require auth) seem to be working fine.
I am stuck with GET (problem with parametrs). checking whether the problem
is incorrect usage of library or the problem with library.
will let u know
On Tue, Jul 28, 2009 at 12:25 PM, goodtest goodtest...@gmail.com wrote:
Hi
After getting the access tokens i used the sample echo.html provided by JS
library
Both GET and POST (that require auth and with parameters) are working fine.
We just need to follow the same code
On Tue, Jul 28, 2009 at 12:54 PM, srikanth reddy srikanth.yara...@gmail.com
wrote:
@goodtest
my problems are opposite (using some php scripts) verification is ok,
tweeting ok, but verified timelines (friends and mentions) not ok.
On Jul 27, 9:29 pm, winrich winric...@gmail.com wrote:
ok guys.
so my calls were failing on the verify_credentials call and not on the
update or timeline
OAuth is just not ready for primetime on Twitter.
I have used Google Optimizer to test user response to OAuth versus
Basic Auth, and users are far more likely to give Basic Auth details
rather than cumbersome and weird (from the user's perspective) OAuth.
From the user's perspective, OAuth
Do you use Google Optimizer?
If not, go there. Setup a test to compare sign-ups to your app
between OAuth and Basic Auth. Give 50% the option to sign up with
OAuth; 50% the option to sign up with Basic Auth. The results may
surprise you.
In my tests, I have found statistically significant
(I should mention that this post was made at 3am after handling errors
due to surprise, surprise Twitter API changes to OAuth made at ~5pm
(some kind of joke to checkin changes at end of workday??)... and
that's after a 8am workday start. And that's after last week's limit
to verify_credentials
I'd support the creation of such a method. My latest focus is
receiving orders/commands through DM and having a hose would give us
a much snappier response than polling every 30 secs.
On Jul 27, 8:55 pm, Doug Williams d...@twitter.com wrote:
There is currently no Streaming API to receive DMs
Random idea, but wouldn't a streaming API for DMs allow IM style
clients to be implemented on top of the twitter platform? I know I
use DMs instead of MSN now, the delay is a bit of a pain but being
able to move the conversation from public to private is great, plus
sometimes you do want delayed
Thank you Doug.
:)
On Tue, Jul 28, 2009 at 9:56 AM, Doug Williams d...@twitter.com wrote:
statuses/replies is an alias for statues/mentions. It is completely due to
history where mentions used to be called replies. Rather than break apps
that relied on statuses/replies, we made an alias to
How about letting us know what the changes were...? Apparently I am
one of the developers not correctly submitting signatures. I
developed my code based on samples in your wiki, and have no clue what
is broken with my authentication code (which has been working
perfectly for some time.)
On
Inadequate notification of this issue has just wasted a full day of my
time. I'm guessing you're not releasing details to protect the other
OAuth service providers. Did you think that this is at the same time
damaging consumers? At least give notification of fixes once you've
'fixed' them even if
No doubt. This is super frustrating.
On Jul 27, 8:19 pm, kosso kos...@gmail.com wrote:
agreed.
please Twitter, tell us WHAT the fix required was.
what should we look for.
have you tested your 'fix' against all the code examples you link from
the API pages?
that would be nice. thx.
I can confirm that Perl's Net::OAuth 0.9-1 is working with this. I had other
issues (was half way through implementing an interface when this changed -
threw me way off track) but the library should work unchanged. I was having
trouble with the inital request token retrieval. Users of this library
John,
Thanks for the quick reply! The /shadow + /follow solution should
work great! I was considering that, but was worried about opening two
streams from the same IP + reconnecting every few minutes. If that
indeed is acceptable usage of the streaming API, then I'm good. Thanks
for your help!
I'm learning oAuth and was finally able to get the Access Token
Token Secret for a Twitter account.
Now that I believe oAuth is working and I have a Access Token, I'm
trying to use the API to update my status. but continue to get the
following error: Could not authenticate you
Can someone
I'm learning oAuth and was finally able to get the Access Token
Token Secret for a Twitter account.
Now that I believe oAuth is working and I have a Access Token, I'm
trying to use the API to update my status. but continue to get the
following error: Could not authenticate you
Can someone
Mine were all to do with urlencoding, and ensuring all post data is
sent as post data, and none on the querystring for the URL; and thus
ensuring I use the modified URLencoding method required for Oauth -
which was previously being used, but not on the post data!
Once I did that, that test
I'm Using , Using http://oauth.googlecode.com/svn/code/csharp/
And it fails :( any thoughts on what might help?
On Jul 28, 6:23 am, chinaski007 chinaski...@gmail.com wrote:
Confirmed. Google Playground does not work.
On Tue, Jul 28, 2009 at 3:55 AM, Doug Williamsd...@twitter.com wrote:
There is currently no Streaming API to receive DMs for a given user. If you
have a great use case for this please share it here.
We like to have justification for new streaming methods. If you have ideas
to help augment a
It's quite funny I suppose, been using basic auth forever, last week
change over to OAuth...today, concidering going back, give a couple of
years to iron out the bugs and maybe try again.
I'm using Abraham Williams' PHP twitter OAuth library, I don't suppose
anyone has found a fix for this?
(Then again, given that this was a Twitter security flaw, I guess I
can kind of understand how they favored not to pre-announce this fix.
That said, some consideration to developers would have been
appreciated.)
Hi
i think now both access secret and consumer secret are required. i verified
this by giving blank consumer secret and valid access secret and i got
invalid signature error. It works fine when i give correct values for both.
Looks like there is no way you can protect your consumer secret
On Tue,
I'm also frustrated.
I can't have a consistent behaviour from twitter API. Now works fine then
give invalid signature for all users, then works again, can't understand
g
Moreover, for the same user, using the same code for authentication, some
call works and others don't.
When will you guys
Looks like it's more than spaces. Looks like other characters are
affected and URLPathEncode isn't handling it.
Has -anyone- heard -anything- from Twitter?
On Jul 28, 6:16 am, scotth_uk satsc...@gmail.com wrote:
It's quite funny I suppose, been using basic auth forever, last week
change over
I've been using both consumer keys to sign all of my requests from day
one.
I still think the issue is related to URL encoding somehow, because I
can successfully post tweets if they don't contain troublesome
characters (apostrophe, for example).
But, so long as Twitter remains silent, we'll
Twitter Status : ... Is adding feature to his app so it can switch
between OAuth and Basic for when OAuth breaks again.
:-)
Well, at least Basic auth's phase-out date has been pushed back
another year.
Hi,
I'm writing an app that requires semi-live updates from each user.
Right now my registered userbase is five, so with a cron job I run the
script every two minutes for 150 calls per hour (I'm requesting user
Xs updates since last update) with a whitelisted limit of 2/hour
though this only
On Tue, Jul 28, 2009 at 4:39 AM, Ben Hallben200...@googlemail.com wrote:
Random idea, but wouldn't a streaming API for DMs allow IM style
clients to be implemented on top of the twitter platform?
It would.
Indeed very frustrating.. developers also has a life haha.. i hope.
My day was gone because of this..
All my GET's work, only POST is not working... using PHP to generate
the sig.
Any good ideas yet?
Apparently two things were changed:
1. Setting the Consumer Secret is now a mandatory part of the signing
process, empty consumer secrets don't work anymore.
2. Parameter encoding didn't previously enforce the part of section
5.1 that says that Hexadecimal characters in encodings MUST be upper
This is so clown show.
On Tue, Jul 28, 2009 at 5:57 AM, soup fritsie2...@gmail.com wrote:
Indeed very frustrating.. developers also has a life haha.. i hope.
My day was gone because of this..
All my GET's work, only POST is not working... using PHP to generate
the sig.
Any good ideas
In this case it is fairly clear that you aren't trying to work around
a limit, but are trying to get around a product limitation in /shadow.
Be sure that you are connecting from two accounts. Keep your total
connect rate as low as practical while still maintaining an acceptable
user experience.
I'm the developer who reported this problem to Twitter offline. I had
been preparing a test case for them when I noticed this post:
http://groups.google.com/group/twitter-development-talk/browse_thread/thread/a195ea9b9952e297?hl=en#
I then skipped the preparation of the test case and sent
OAuth isn't perfect yet. However, it is better from one stand point:
If I sign up for a website or program with my twitter password, and it
does bad things, I have to change my password in EVERY twitter program
I use. With OAuth, I can just block your app.
On Jul 28, 9:08 am, Duane Roelands
I dont think you got my point. Whether you were signing using both secrets
or one secret doesnt matter because twitter wasnt verifying signature at
all. Now they have fixed this and all your protected service requests must
be signed by both secrets.
My problem is how to protect the consumer
I have the same issue with my application. Desktop apps are forced to
either embed the consumer keys in source code or construct some sort
of elaborate server mechanism. There's no good answer here.
When my application approaches 1.0 release, I'll probably use
Dotfuscator or something similar
On twollo.com I have not seen any issues yet with the changes - no one has
ever complained about the Sign in with Twitter option. But I am very glad
that Twitter implemented OAuth, I don't have to manage the credentials in
the same way - Authenticate using Twitter has been a god send for me, and
On Tue, Jul 28, 2009 at 7:27 AM, chinaski007chinaski...@gmail.com wrote:
[the same post three different times]
WE GET IT. YOU DON'T LIKE OAUTH.
Your (probably statistically insignificant) tests with Google
Optimizer reveal that your users are more likely to sign-up for Basic
Auth than OAuth.
I finally found out whats causing problems for me.
1. Make sure you are using token secret(oauth_token_secret) to create
signature. I think earlier, twitter was accepting even without token-
secret (a security hole) and hence the fix (I think).
In javascript api to update a status...
I am a bit concerned. I remember at one point it being between 30-45
days. Now it seems to be getting smaller by about 1-day per month.
Last month it was closer to 10 days.
Is it basically going to keep getting smaller and smaller until we get
V2 of the API, or will we be forced to all use only
I don't myself think that twitter are doing anything more than
enforcing the standard. I spent 3 hours 'fixing' my code for our
application (uses Shannon Whitley's c# library as a base); I only
found two bugs in thelibrary that caused any problem... the use of
httputility.urlencode in place of
I agree with you Dave. I have several thought about new
services based on searching Twitter's historical data.
Unfortunately my ideas appear to be getting less and less
practical.
Twitter claims to have all its data stored in disk-based
databases from what I understand ... yet without
I think the big problem is that twitter's implementation is buggy and
given that its relatively convoluted to implement oauth, even our
implementation is buggy. Adding to that if we only get 'invalid
signature' irrespective of which side the bug resides, frustrating
both sides.
I think it would
Also check out things that broke for me(and their solutions)
http://groups.google.com/group/twitter-development-talk/browse_thread/thread/59ed5372f7c1b623
On Jul 28, 6:42 am, Duane Roelands duane.roela...@gmail.com wrote:
Glad things are working for you. ;)
Still no luck here. I'm signing
Although oauth is convoluted and twitter's implementation is buggy, no
clear examples and takes time to get it right, I still vote for OAuth.
You see people simply don't trust 3rd party apps with their login info
as much as they trust the main-application(twitter.com). So at the end
of the day,
My stuff is based on Shannon Whitley's as well. Do you mind sharing
where specifically you had to make the changes?
On Jul 28, 11:40 am, Zaudio si...@z-audio.co.uk wrote:
I don't myself think that twitter are doing anything more than
enforcing the standard. I spent 3 hours 'fixing' my code
I use this implementation:
http://www.codingthewheel.com/archives/codingthetweet
works flawlessly!
On Tue, Jul 28, 2009 at 5:47 PM, Duane Roelands duane.roela...@gmail.comwrote:
My stuff is based on Shannon Whitley's as well. Do you mind sharing
where specifically you had to make the
I would do anything (including paying good amounts of money) to be
able to purchase access to older datasets that I could transfer to my
database through non-rest-api methods. I'm envisioning being able to
download a CSV or SQL file that I could merge with my database easily,
but only have to
Is there a way of tracking who and how is using your app? Simple
search based on app name (like from DroidIn) does not yield any
results
If you are encoding properly according to:
http://oauth.net/core/1.0a#encoding_parameters and it still fails to update
post and update to http://code.google.com/p/twitter-api/issues/entry and
make Twitter fix it.
I've not double checked to verify but ! should encode to %21 and then it
should
Hi everyone,
I'm trying to upload profile_image with php.
And it seems i have uploaded the image successfully and got the
response, but the image which I've just uploaded was not shown on the
web.
Here are the codes and responses:
I'm sure others feel the same way Dave, but it looks and
feels like Twitter is moving in the opposite direction.
The load on a server to extract a big dataset once a month
would be minimal, and both you and I can see the value in
this approach. But I'm not sure the folks at Twitter do, or
As many of you have since learned, we deployed an unannounced security fix
that has resulted in unexpected failures for quite a few developers using
OAuth. A developer reported to us that OAuth signatures were not being
verified on our side. The fix was implemented and pushed on Sunday then
Sorry about that... I deleted those threads before posting this one.
I gather you are choosing to receive emails individually.
The tests were statistically significant at 95% confidence levels.
On Jul 28, 8:09 am, TjL luo...@gmail.com wrote:
On Tue, Jul 28, 2009 at 7:27 AM,
My application appears to be back in the game, after some corrections
to my url encoding. I've posted the code here (http://dpaste.com/hold/
72568/) for the benefit of other VB.NET developers.
This is a VB.NET port of the URLEncode method found in the Twitter/
OAuth class from Shannon Whitley
What do you know about your sample, other than they use your app? Are they
technically savvy? Mindful of their security? Do they often click on links
from Paypal in their email? Do they have friends in Nigeria that are
willing to send them money?
I think that is the statistical significance to
On Tue, Jul 28, 2009 at 2:13 PM, Duane Roelands duane.roela...@gmail.comwrote:
My application appears to be back in the game, after some corrections
to my url encoding. I've posted the code here (http://dpaste.com/hold/
72568/ http://dpaste.com/hold/%0A72568/) for the benefit of other
On Tue, Jul 28, 2009 at 2:15 PM, JDG ghil...@gmail.com wrote:
I think that is the statistical significance to which TjL was referring. At
least, I hope so.
I think TjL was referring more to raw population factor than biases. Any one
single non-large userbase app is not likely to be
That's sort of what I meant, with more references to 419 scammers, my
favorite scammers of all. It's hard to imagine ANY app out there to provide
a statistically random enough sample to mean anything. If Twitter itself
were to perform the survey, I think you'd be more likely to have a random
@Marcel,
Thanks for the post.
Here are my suggestions:
- Please make 'concrete' API examples(few POSTs and few GETs) with
actual requests.
- Make a list common-mistakes that a developer might make while he
develops twitter appln(you know.. encoding, not-double-encoding, use
@Marcel,
Thanks for the post.
Here are my suggestions:
- Please make 'concrete' API examples(few POSTs and few GETs) with
actual requests.
- Make a list common-mistakes that a developer might make while he
develops twitter appln(you know.. encoding, not-double-encoding, use
* We should have, it goes without saying, had more extensive test
coverage of our implementation ensuring that we were fully
implementing the spec so that the whole situation would have been
avoided in the first place.
More testing is always a good goal if feasible. However, no spec is
oh god yes. ESPECIALLY the last one.
On Tue, Jul 28, 2009 at 12:22, Cameron Kaiser spec...@floodgap.com wrote:
@Marcel,
Thanks for the post.
Here are my suggestions:
- Please make 'concrete' API examples(few POSTs and few GETs) with
actual requests.
- Make a list common-mistakes
Hi
You might have got the samples along with jscript libraries (eg
requestToken.html , authorize.html etc ). They are working fine .
Just replace the consumer keys and secrets with yours in consumer.js
One more change is add the 'oauth_verifier' field in accessToken.html (make
sure you trim the
I haven't done any comprehensive profiling of them. (As well, my
particular presentation of the OAuth or Basic login options also may
confound the data.)
That said, the fact that any sub-population of Twitter users shows a
preference for Basic Auth is surprising. I suggest that linking
+1.
Unfortunately i have to agree. I´m working with mobile twitter applications
and oauth is far for been a good solution. I really hope that twitter team
provide us a better solutions to work with mobile or embedded environments
where the web browser may not be available or have a limited
On Tue, Jul 28, 2009 at 2:49 PM, chinaski007 chinaski...@gmail.com wrote:
I haven't done any comprehensive profiling of them. (As well, my
particular presentation of the OAuth or Basic login options also may
confound the data.)
That said, the fact that any sub-population of Twitter users
OAuth IS unfamiliar, YES. OAuth DOES ask more of the user, YES.
So what's the upside for the third-party developer?
In terms of security, we've already seen how OAuth-like applications
in, e.g., Facebook have led to massive hacker/phishing/etc problems.
While OAuth solves one leg of the
I don't think that adding more people to the staff at Twitter is the
solution. In one startup I saw a thing posted on the refrigerator that
had the adage, Adding more people to a project already behind
schedule will only slow it down more. Surely for support and customer
service issues having
Ugh, terrible situation here. Things working 99.9% of the time now
with Perl. But we continue to get bizarre intermittent errors that
span the range of API calls. We are thinking that internal hash re-
ordering may invalidate signatures, but that is just speculation.
If it works 99.9% of the times and breaks intermittently, its 1000%
encoding issue and nothing else - your signature or some-data is
having few characters that's not encoded in that particular instance.
On Jul 28, 12:36 pm, chinaski007 chinaski...@gmail.com wrote:
Ugh, terrible situation here.
Sorry about your Oauth Implementation, Mine's been working steadily
with no hiccups: Lot's of very solid implementations out there.
As far as the user sign-up problem, Yeah, I agree, It's a bit of a
scare for the user to have to connect to an off-site twitter authority
page -- But that's what
Thanks srikanth. It worked :-)
I am signing with both secrets too, and have upper case urlencoding.
Signing requests with an empty token secret (i.e. when getting
original request token) work 100%
I am doing the following to obtain the hmac key:
$key = rawurlencode($this-consumer_secret).''.rawurlencode($this-
token_secret);
AB,
I'm using http://localhost as my call back parameter. But, Twitter
just sends me back to my registered application site
http://www.populartweets.com
-Matt
On Jul 27, 8:49 pm, Andrew Badera and...@badera.us wrote:
On Mon, Jul 27, 2009 at 6:49 PM, mattarnold1977
Sorry, no.
I'm using rawurlencode in PHP, which encodes %20
still failing.
// snip
$key = rawurlencode($this-consumer_secret).''.rawurlencode($this-
token_secret);
$this-args['oauth_signature'] = base64_encode( hash_hmac( 'sha1',
$str, $key, true ) );
// snip
Hello Abraham,
Thanks for helping me out. I was using a different code before and then I
used your code and it works like a charm.
Thanks for making that code so simple.
regards
R
On Mon, Jul 27, 2009 at 4:10 PM, Abraham Williams 4bra...@gmail.com wrote:
Are you adding oauth_callback to the
Matt,
Try to register a new application for your development environment. I know
it sounds not smart, but I guess it is a simple way to achieve. I think
twitter did the same to me , when I tired to change the call back url.
regards
R
On Sun, Jul 26, 2009 at 1:50 PM, mattarnold1977
Quick question from a a newbie to the API development.
Is there a way to connect a reply to a status update to the original
message?
i.e.
if Joe posts - who has a red car?
many people can reply to this message which is all public.
then after 4 hours Mary replies to that post and says - i
Guna,Check into the in_reply_to_status_id parameter for the statuses/update
method [1]:
in_reply_to_status_id. Optional. The ID of an existing status that the
update is in reply to.
- Note: This parameter will be ignored unless the author of the tweet
this parameter references is
It's only a scare if the development community neglects or refuses to
educate the populace at large that only Twitter really needs your password,
so why give it to anyone else?
On Tue, Jul 28, 2009 at 13:27, jahbini jahb...@celarien.com wrote:
Sorry about your Oauth Implementation, Mine's been
When you say 95%, do you derive that percentage from the number of
people who click on access via OAuth (or whatever) and then Allow
the authorization? Or do you mean 95% of the unauthenticated who
visit your particular page authenticate via OAuth?
On Jul 28, 1:08 pm, jmathai jmat...@gmail.com
Hi, everybody
I'm working on a application!
My account has 19648 followers!
When using users/show, i get the followers 19648!
But when i start to get followers from API! I can just get to 101 pages
(the rest page is empty with no users at all)! That says that i just
have 101x100=10100 followrs!
The + - %20 solution seems to work for me.
I am writing my own OAuth library in Java, and java.net.URLEncoder
encodes
the space character to +.
There could be a better way, but replacing the resulted + with
%20,
status update on Twitter now seems to work.
As a developer who has recent launched Twaller (http://
www.twaller.com) which supports OAuth, I think I should share my
perspective on this.
I really loved OAuth because:
(1) Ease of coding. I could get OAuth working within a couple of days.
Saves me any password maintenance, encryption etc.
I can see the restriction here:
http://apiwiki.twitter.com/Twitter-Search-API-Method%3A-search
Ouch -- that's just a silly. What people have said in the past is
important.
In the future it would be great for twitter to remove this restriction
and offer historical data.
On Jul 27, 5:38 pm,
If anyone is interested, I've implemented Twitter OAuth on iPhone
(which includes an iPhone version of the OAuth static lib). It's on
GitHub: http://github.com/bengottlieb/Twitter-OAuth-iPhone/tree/master
This post is geared toward Perl implementations of OAuth, though it
may shed some light on recent URI escape problems in other languages
as well.
use Encode qw(encode);
use URI::Escape;
I previously had been escaping my parameters with a call such as:
my $value =
I think goodtest is correct.
Please see my post at:
http://groups.google.com/group/twitter-development-talk/browse_thread/thread/27f991f752786843?hl=en
It may be relevant to your Perl problems.
- Scott
@scott_carter
On Jul 28, 3:42 pm, goodtest goodtest...@gmail.com wrote:
If it works 99.9%
If you are using Net::Twitter in Perl, the developer released a new
release today that now correctly handles OAuth and Unicode-related
issues.
http://search.cpan.org/dist/Net-Twitter/
On Jul 28, 3:21 pm, Scott Carter scarter28m-goo...@yahoo.com wrote:
This post is geared toward Perl
Funny, I posted about our high success rate (95% of all users) with
OAuth.
I'm trying to get a feel for if we're fortunate, have a good flow or
everyone has the same rates.
http://groups.google.com/group/twitter-development-talk/browse_thread/thread/da46cd261fa13bca?hl=en
On Jul 28, 2:13 pm,
I publish an open source example of using a OAuth in a standalone mac
app -- so I'm bought in to the OAuth idea. But it wasn't easy, I had
to fight to make it appear even somewhat integrated, and the lack of
security around my apps private keys really freaks me out.
On the other hand I
So I guess that you are not going back and fixing the ones that are
incorrect - like this one? Displaying a couple user's avatars like
this one really drags down a page. Any other suggestion (anyone) to
detect these large images and prevent displaying them?
On Jul 16, 11:54 am, Doug Williams
We had much lower rates. But it is difficult to disentangle if that
is due to the extra steps required for OAuth, the OAuth scare screen
on Twitter.com, or because of the copy we initially used to invite
users to use OAuth. (For example, we had text that read add your
Twitter account via OAuth
other threads suggest resolution by checking and changing the method
of url encoding.
On Jul 28, 12:27 am, Duane Roelands duane.roela...@gmail.com wrote:
Simply telling developers that something changed is not sufficient
information to help us get our applications back online.
We need
1 - 100 of 115 matches
Mail list logo