[twitter-dev] Re: Logging Out of Twitter Through API

Hi , Greg, have you found any solution ? I face the same problem ... :( CG On Thu, Jul 23, 2009 at 2:09 AM, Greg wrote: > > Hello everyone, > > Just a quick question here - I originally though the the 'http:// > twitter.com/account/end_session.xml' API function logs the user out of > Twitter - h

[twitter-dev] Re: Help with my rate limit issue?

You can also take a look at the public /follow method of the Streaming API: http://apiwiki.twitter.com/Streaming-API-Documentation Thanks, Doug On Tue, Jul 28, 2009 at 9:23 PM, chinaski007 wrote: > > > There is no direct way to do this, no. But you might be able to > accomplish the same thing

[twitter-dev] Re: Do the order of the Parameters Posted in the URL matter for the Twitter API with oAuth?

For the creation of the oAuth Base String for creating the signature, yes. They must be in lexographical byte-value order (according to spec). But, for the actual request the order does not matter. -Chad On Wed, Jul 29, 2009 at 1:10 AM, Kevin Mesiab wrote: > No. > > On Tue, Jul 28, 2009 at 4:40 P

[twitter-dev] Re: Do the order of the Parameters Posted in the URL matter for the Twitter API with oAuth?

No. On Tue, Jul 28, 2009 at 4:40 PM, bosher wrote: > > Thanks > -- Kevin Mesiab CEO, Mesiab Labs L.L.C. http://twitter.com/kmesiab http://mesiablabs.com http://retweet.com

[twitter-dev] Do the order of the Parameters Posted in the URL matter for the Twitter API with oAuth?

Thanks

[twitter-dev] Re: error with simple xml load file

The result: bool(false) Thanks jmathai :) On 27 jul, 23:23, jmathai wrote: > JDG is probably correct. > > $ch = curl_init('http://search.twitter.com/search.atom?q=Google'); > curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); > $result = curl_exec($ch); > $sXml = simplexml_load_string($result); > va

[twitter-dev] Re: error with simple xml load file

Yes JDG im used youtube api, yelp api, google api, technorati, and more. and all works correctly, I just happened to twitter :( On 27 jul, 22:17, JDG wrote: > does your hosting service allow remote connections to be made? that is, can > you use similar code to connect to any other sites? > > > >

[twitter-dev] Re: oAuth .NET receiving Unauthorized Error (401)

Can you describe how you fixed your problem? I'm guessings the Sorting my parameters is causing my problems with the Twitter/oAuth connection. Can you give a quick example or before & after, it would help a lot of people. Thanks On Jul 26, 1:50 pm, mattarnold1977 wrote: > Andy, > > That was it!

[twitter-dev] Incorrect signature ERROR on /statuses/update.xml - Help Please....

Request URL: https://twitter.com/statuses/update.xml?STATUS=oauthtestingpleasework&oauth_consumer_key=ConsumerKeyWasHere&oauth_nonce=oauthNonceWasHere&oauth_signature=rP%2FvX8Y2SAzFyMf3HsuRYFmBDe0%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1248841178&oauth_token=oauthTokenWasHere&oauth_ver

[twitter-dev] Re: Whoa There! - Users don't really know whats going on.

I wouldn't mind providing an error callback url which Twitter posts error messages to. Asking users to report a message back to the application owner is only great in theory. Here are my $.02. * Message should include the application which made the invalid request * It doesn't really need to

[twitter-dev] Re: Help with my rate limit issue?

There is no direct way to do this, no. But you might be able to accomplish the same thing in an interesting way. Create a new Twitter account that exclusively follows users of your app. When you request statuses/friends for that new account, you will get current information and most recent twe

[twitter-dev] Re: How to use Twitter to "sign out" ? calling to end_session does not work

hi , thx for reply .. my app will actually do the following thing 1. get a new request token & secret (or should I use the old requeust token ?) 2. redirect user to the authenticate URL (twitter.com/oauth/authenticate?x) with the request token & secret At this moment , Twitter will do the

[twitter-dev] Re: How to use Twitter to "sign out" ? calling to end_session does not work

I'm not familiar with End_Session, but couldn't you just clear the OAuth Token and TokenSecret? That would effectively sign you out because you'd need to reauthenticate. On Jul 28, 11:21 pm, CG wrote: > Hi, I am developing a simple Web App that use "sign in with twitter" , > where the app will

[twitter-dev] How to use Twitter to "sign out" ? calling to end_session does not work

Hi, I am developing a simple Web App that use "sign in with twitter" , where the app will automatically redirect to twitter.com/oauth/authenticate(with request token/secret of course) if user is not authenticated. It works well until I need to add a "sign out" function in my App. I use the "end_

[twitter-dev] Re: Twitter: What did you change in OAuth?

Check this thread for a solution for VB.NET libraries (and perhaps a good starting point for other languages). http://groups.google.com/group/twitter-development-talk/browse_thread/thread/734a29fd71d7fdd9# On Jul 28, 7:50 pm, unVOXT wrote: > other threads suggest resolution by checking and chan

[twitter-dev] Re: Potential Solution To OAuth Problem

Check this thread for a solution for VB.NET libraries (and perhaps a good starting point for other languages). http://groups.google.com/group/twitter-development-talk/browse_thread/thread/734a29fd71d7fdd9# On Jul 28, 8:19 pm, JDG wrote: > You shouldn't use java.net.URLEncoder as it encodes more

[twitter-dev] Re: Twitter counts wrong the number of followers

If I understand your problem correctly, I believe this is already a known issue that Twitter is working on. See here: http://code.google.com/p/twitter-api/issues/detail?id=846&colspec=ID%20Stars%20Type%20Status%20Priority%20Owner%20Summary%20Opened%20Modified%20Component

[twitter-dev] Twitter counts wrong the number of followers

Hi, everybody I'm working on a application! My account has 19648 followers! When using users/show, i get the followers 19648! But when i start to get followers from API! I can just get to 101 pages (the rest page is empty with no users at all)! That says that i just have 101x100=10100 followrs! T

[twitter-dev] Re: Potential Solution To OAuth Problem

You shouldn't use java.net.URLEncoder as it encodes more characters than the OAuth spec specifies should be encoded. On Tue, Jul 28, 2009 at 14:12, ks91 wrote: > > The "+" -> "%20" solution seems to work for me. > I am writing my own OAuth library in Java, and java.net.URLEncoder > encodes > the

[twitter-dev] Re: Twitter: What did you change in OAuth?

other threads suggest resolution by checking and changing the method of url encoding. On Jul 28, 12:27 am, Duane Roelands wrote: > Simply telling developers that "something" changed is not sufficient > information to help us get our applications back online. > > We need specific information conc

[twitter-dev] Re: OAUTH: Basic Auth is simpler/more reliable/more secure/better received than OAuth!?

We had much lower rates. But it is difficult to disentangle if that is due to the extra steps required for OAuth, the OAuth scare screen on Twitter.com, or because of the copy we initially used to invite users to use OAuth. (For example, we had text that read "add your Twitter account via OAuth

[twitter-dev] Re: Avatar returning the same large file for mini, normal, bigger

So I guess that you are not going back and fixing the ones that are incorrect - like this one? Displaying a couple user's avatars like this one really drags down a page. Any other suggestion (anyone) to detect these large images and prevent displaying them? On Jul 16, 11:54 am, Doug Williams w

[twitter-dev] Re: OAUTH: Basic Auth is simpler/more reliable/more secure/better received than OAuth!?

I publish an open source example of using a OAuth in a standalone mac app -- so I'm bought in to the OAuth idea. But it wasn't easy, I had to fight to make it appear even somewhat integrated, and the lack of security around my apps private keys really freaks me out. On the other hand I see

[twitter-dev] Re: OAUTH: Basic Auth is simpler/more reliable/more secure/better received than OAuth!?

Funny, I posted about our high success rate (95% of all users) with OAuth. I'm trying to get a feel for if we're fortunate, have a good flow or everyone has the same rates. http://groups.google.com/group/twitter-development-talk/browse_thread/thread/da46cd261fa13bca?hl=en On Jul 28, 2:13 pm, Ami

[twitter-dev] Re: URI Escape fix for OAuth - correct usage of uri_escape() with Perl

If you are using Net::Twitter in Perl, the developer released a new release today that now correctly handles OAuth and Unicode-related issues. http://search.cpan.org/dist/Net-Twitter/ On Jul 28, 3:21 pm, Scott Carter wrote: > This post is geared toward Perl implementations of OAuth, though it

[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst

I think goodtest is correct. Please see my post at: http://groups.google.com/group/twitter-development-talk/browse_thread/thread/27f991f752786843?hl=en It may be relevant to your Perl problems. - Scott @scott_carter On Jul 28, 3:42 pm, goodtest wrote: > If it works 99.9% of the times and bre

[twitter-dev] Re: Stats on what % of users complete the oauth flow

95% of users who signed up on our site have also started and completed the oauth flow successfully. So if we had 100 users, 95 of them would have allowed us to access at least one of their Twitter accounts. On Jul 28, 1:36 pm, chinaski007 wrote: > When you say 95%, do you derive that percentage

[twitter-dev] URI Escape fix for OAuth - correct usage of uri_escape() with Perl

This post is geared toward Perl implementations of OAuth, though it may shed some light on recent URI escape problems in other languages as well. use Encode qw(encode); use URI::Escape; I previously had been escaping my parameters with a call such as: my $value = uri_escape(encode("UTF-8",$para

[twitter-dev] Twitter + OAuth for iPhone

If anyone is interested, I've implemented Twitter OAuth on iPhone (which includes an iPhone version of the OAuth static lib). It's on GitHub: http://github.com/bengottlieb/Twitter-OAuth-iPhone/tree/master

[twitter-dev] Re: search.twitter.com only returns 30 days of content?

I can see the restriction here: http://apiwiki.twitter.com/Twitter-Search-API-Method%3A-search Ouch -- that's just a silly. What people have said in the past is important. In the future it would be great for twitter to remove this restriction and offer historical data. On Jul 27, 5:38 pm, Doug

[twitter-dev] Re: OAUTH: Basic Auth is simpler/more reliable/more secure/better received than OAuth!?

As a developer who has recent launched Twaller (http:// www.twaller.com) which supports OAuth, I think I should share my perspective on this. I really loved OAuth because: (1) Ease of coding. I could get OAuth working within a couple of days. Saves me any password maintenance, encryption etc. (2

[twitter-dev] Re: Potential Solution To OAuth Problem

The "+" -> "%20" solution seems to work for me. I am writing my own OAuth library in Java, and java.net.URLEncoder encodes the space character to "+". There could be a better way, but replacing the resulted "+" with "%20", status update on Twitter now seems to work.

[twitter-dev] Twitter counts wrong the number of followers

Hi, everybody I'm working on a application! My account has 19648 followers! When using users/show, i get the followers 19648! But when i start to get followers from API! I can just get to 101 pages (the rest page is empty with no users at all)! That says that i just have 101x100=10100 followrs! T

[twitter-dev] Re: Stats on what % of users complete the oauth flow

When you say 95%, do you derive that percentage from the number of people who click on "access via OAuth" (or whatever) and then "Allow" the authorization? Or do you mean 95% of the unauthenticated who visit your particular page authenticate via OAuth? On Jul 28, 1:08 pm, jmathai wrote: > I wa

[twitter-dev] Re: OAUTH: Basic Auth is simpler/more reliable/more secure/better received than OAuth!?

It's only a scare if the development community neglects or refuses to educate the populace at large that only Twitter really needs your password, so why give it to anyone else? On Tue, Jul 28, 2009 at 13:27, jahbini wrote: > > Sorry about your Oauth Implementation, Mine's been working steadily >

[twitter-dev] Stats on what % of users complete the oauth flow

I was surprised to find out that 95% of our users (sample set of a couple hundred) complete the oauth flow and approve access to at least one twitter account. What experiences have other developers had in relation to this? More information: http://publicitweet.wordpress.com/2009/07/28/95-of-pub

[twitter-dev] Re: Status Id question

Guna,Check into the in_reply_to_status_id parameter for the statuses/update method [1]: in_reply_to_status_id. Optional. The ID of an existing status that the update is in reply to. - Note: This parameter will be ignored unless the author of the tweet this parameter references is mentioned

[twitter-dev] Status Id question

Quick question from a a newbie to the API development. Is there a way to connect a reply to a status update to the original message? i.e. if Joe posts - "who has a red car?" many people can reply to this message which is all public. then after 4 hours Mary replies to that post and says - "i d

[twitter-dev] Re: oAuth .NET receiving Unauthorized Error (401)

Matt, Try to register a new application for your development environment. I know it sounds not smart, but I guess it is a simple way to achieve. I think twitter did the same to me , when I tired to change the call back url. regards R On Sun, Jul 26, 2009 at 1:50 PM, mattarnold1977 wrote: > > An

[twitter-dev] Re: ASP .NET Development Issue w/OAuth Callback Parameter

Hello Abraham, Thanks for helping me out. I was using a different code before and then I used your code and it works like a charm. Thanks for making that code so simple. regards R On Mon, Jul 27, 2009 at 4:10 PM, Abraham Williams <4bra...@gmail.com> wrote: > Are you adding oauth_callback to th

[twitter-dev] Re: Potential Solution To OAuth Problem

Sorry, no. I'm using rawurlencode in PHP, which encodes %20 still failing. // snip $key = rawurlencode($this->consumer_secret).'&'.rawurlencode($this- >token_secret); $this->args['oauth_signature'] = base64_encode( hash_hmac( 'sha1', $str, $key, true ) ); // snip

[twitter-dev] Re: ASP .NET Development Issue w/OAuth Callback Parameter

AB, I'm using http://localhost as my call back parameter. But, Twitter just sends me back to my registered application site http://www.populartweets.com -Matt On Jul 27, 8:49 pm, Andrew Badera wrote: > On Mon, Jul 27, 2009 at 6:49 PM, mattarnold1977 > wrote: > > > > > I've been able to creat

[twitter-dev] Re: Twitter: What did you change in OAuth?

I am signing with both secrets too, and have upper case urlencoding. Signing requests with an empty token secret (i.e. when getting original request token) work 100% I am doing the following to obtain the hmac key: $key = rawurlencode($this->consumer_secret).'&'.rawurlencode($this- >token_secret)

[twitter-dev] Re: Failed to validate oauth signature and token

Thanks srikanth. It worked :-)

[twitter-dev] Re: OAUTH: Basic Auth is simpler/more reliable/more secure/better received than OAuth!?

Sorry about your Oauth Implementation, Mine's been working steadily with no hiccups: Lot's of very solid implementations out there. As far as the user sign-up problem, Yeah, I agree, It's a bit of a scare for the user to have to connect to an off-site twitter authority page -- But that's what Fac

[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst

If it works 99.9% of the times and breaks intermittently, its 1000% encoding issue and nothing else - your signature or some-data is having few characters that's not encoded in that particular instance. On Jul 28, 12:36 pm, chinaski007 wrote: > Ugh, terrible situation here.  Things working 99.9

[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst

Ugh, terrible situation here. Things working 99.9% of the time now with Perl. But we continue to get bizarre intermittent errors that span the range of API calls. We are thinking that internal hash re- ordering may invalidate signatures, but that is just speculation.

[twitter-dev] Re: API only shows messages from last 7 days

I don't think that adding more people to the staff at Twitter is the solution. In one startup I saw a thing posted on the refrigerator that had the adage, "Adding more people to a project already behind schedule will only slow it down more". Surely for support and customer service issues having mo

[twitter-dev] Re: OAUTH: Basic Auth is simpler/more reliable/more secure/better received than OAuth!?

> OAuth IS unfamiliar, YES. OAuth DOES ask more of the user, YES. So what's the upside for the third-party developer? In terms of security, we've already seen how OAuth-like applications in, e.g., Facebook have led to massive hacker/phishing/etc problems. While OAuth solves one leg of the secu

[twitter-dev] Re: OAUTH: Basic Auth is simpler/more reliable/more secure/better received than OAuth!?

On Tue, Jul 28, 2009 at 2:49 PM, chinaski007 wrote: > > > I haven't done any comprehensive profiling of them. (As well, my > particular presentation of the OAuth or Basic login options also may > confound the data.) > > That said, the fact that any sub-population of Twitter users shows a > prefe

[twitter-dev] Re: OAUTH: Basic Auth is simpler/more reliable/more secure/better received than OAuth!?

+1. Unfortunately i have to agree. I´m working with mobile twitter applications and oauth is far for been a good solution. I really hope that twitter team provide us a better solutions to work with mobile or embedded environments where the web browser may not be available or have a limited support.

[twitter-dev] Re: OAUTH: Basic Auth is simpler/more reliable/more secure/better received than OAuth!?

I haven't done any comprehensive profiling of them. (As well, my particular presentation of the OAuth or Basic login options also may confound the data.) That said, the fact that any sub-population of Twitter users shows a preference for Basic Auth is surprising. I suggest that linking another

[twitter-dev] Re: Failed to validate oauth signature and token

Hi You might have got the samples along with jscript libraries (eg requestToken.html , authorize.html etc ). They are working fine . Just replace the consumer keys and secrets with yours in consumer.js One more change is add the 'oauth_verifier' field in accessToken.html (make sure you trim the tra

[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst

oh god yes. ESPECIALLY the last one. On Tue, Jul 28, 2009 at 12:22, Cameron Kaiser wrote: > > > @Marcel, > > Thanks for the post. > > Here are my suggestions: > > - Please make 'concrete' API examples(few POSTs and few GETs) with > > actual requests. > > - Make a list common-mistakes that a de

[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst

* We should have, it goes without saying, had more extensive test coverage of our implementation ensuring that we were fully implementing the spec so that the whole situation would have been avoided in the first place. More testing is always a good goal if feasible. However, no spec is

[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst

> @Marcel, > Thanks for the post. > Here are my suggestions: > - Please make 'concrete' API examples(few POSTs and few GETs) with > actual requests. > - Make a list common-mistakes that a developer might make while he > develops twitter appln(you know.. encoding, not-double-encoding, use > addit

[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst

@Marcel, Thanks for the post. Here are my suggestions: - Please make 'concrete' API examples(few POSTs and few GETs) with actual requests. - Make a list common-mistakes that a developer might make while he develops twitter appln(you know.. encoding, not-double-encoding, use additional-params-for

[twitter-dev] Re: OAUTH: Basic Auth is simpler/more reliable/more secure/better received than OAuth!?

That's sort of what I meant, with more references to 419 scammers, my favorite scammers of all. It's hard to imagine ANY app out there to provide a statistically random enough sample to mean anything. If Twitter itself were to perform the survey, I think you'd be more likely to have a random sample

[twitter-dev] Re: OAUTH: Basic Auth is simpler/more reliable/more secure/better received than OAuth!?

On Tue, Jul 28, 2009 at 2:15 PM, JDG wrote: > I think that is the statistical significance to which TjL was referring. At > least, I hope so. > > I think TjL was referring more to raw population factor than biases. Any one single non-large userbase app is not likely to be statistically predictive

[twitter-dev] Re: OAuth URLEncode for VB.NET Libraries

On Tue, Jul 28, 2009 at 2:13 PM, Duane Roelands wrote: > > My application appears to be back in the game, after some corrections > to my url encoding. I've posted the code here (http://dpaste.com/hold/ > 72568/ ) for the benefit of other > VB.NETdevelopers. > >

[twitter-dev] Re: OAUTH: Basic Auth is simpler/more reliable/more secure/better received than OAuth!?

What do you know about your sample, other than they use your app? Are they technically savvy? Mindful of their security? Do they often click on links from Paypal in their email? Do they have "friends" in Nigeria that are willing to send them money? I think that is the statistical significance to w

[twitter-dev] Re: OAUTH: Basic Auth is simpler/more reliable/more secure/better received than OAuth!?

On Tue, Jul 28, 2009 at 2:12 PM, chinaski007 wrote: > I gather you are choosing to receive emails individually. > As are a large number of us on this list.

[twitter-dev] OAuth URLEncode for VB.NET Libraries

My application appears to be back in the game, after some corrections to my url encoding. I've posted the code here (http://dpaste.com/hold/ 72568/) for the benefit of other VB.NET developers. This is a VB.NET port of the URLEncode method found in the Twitter/ OAuth class from Shannon Whitley an

[twitter-dev] Re: OAUTH: Basic Auth is simpler/more reliable/more secure/better received than OAuth!?

Sorry about that... I deleted those threads before posting this one. I gather you are choosing to receive emails individually. The tests were statistically significant at 95% confidence levels. On Jul 28, 8:09 am, TjL wrote: > On Tue, Jul 28, 2009 at 7:27 AM, chinaski007 wrote: > > [the same p

[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst

As many of you have since learned, we deployed an unannounced security fix that has resulted in unexpected failures for quite a few developers using OAuth. A developer reported to us that OAuth signatures were not being verified on our side. The fix was implemented and pushed on Sunday then deploye

[twitter-dev] Re: API only shows messages from last 7 days

I'm sure others feel the same way Dave, but it looks and feels like Twitter is moving in the opposite direction. The load on a server to extract a big dataset once a month would be minimal, and both you and I can see the value in this approach. But I'm not sure the folks at Twitter do, or i

[twitter-dev] How can I upload a profile_image with php?

Hi everyone, I'm trying to upload profile_image with php. And it seems i have uploaded the image successfully and got the response, but the image which I've just uploaded was not shown on the web. Here are the codes and responses:

[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst

If you are encoding properly according to: http://oauth.net/core/1.0a#encoding_parameters and it still fails to update post and update to http://code.google.com/p/twitter-api/issues/entry and make Twitter fix it. I've not double checked to verify but "!" should encode to "%21" and then it should w

[twitter-dev] Failed to validate oauth signature and token

Hello All, I am new to twitter development. I am developing a twitter client for Nokia S60 devices. I wanted to make use of OAuth sign in provided by twitter. I have my customer key and customer secret. However when i try to get the token i receive "Failed to validate oauth signature and token"

[twitter-dev] Application statistics

Is there a way of tracking who and how is using your app? Simple search based on app name (like "from DroidIn") does not yield any results

[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst

Yeah, that's what I'm doing as well. I wish Twitter would give us some answers. I can post a tweet is the text is "test" If I try to post "test!", it fails. Something about the encoding of non-alphanumeric characters is part of the problem. But, because Twitter isn't talking, all we can do is

[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst

I use this implementation: http://www.codingthewheel.com/archives/codingthetweet works flawlessly! On Tue, Jul 28, 2009 at 5:47 PM, Duane Roelands wrote: > > My stuff is based on Shannon Whitley's as well. Do you mind sharing > where specifically you had to make the changes? > > On Jul 28, 11

[twitter-dev] Re: API only shows messages from last 7 days

I would do anything (including paying good amounts of money) to be able to purchase access to older datasets that I could transfer to my database through non-rest-api methods. I'm envisioning being able to download a CSV or SQL file that I could merge with my database easily, but only have to make

[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst

My stuff is based on Shannon Whitley's as well. Do you mind sharing where specifically you had to make the changes? On Jul 28, 11:40 am, Zaudio wrote: > I don't myself think that twitter are doing anything more than > enforcing the standard. I spent 3 hours 'fixing' my code for our > applicatio

[twitter-dev] Re: OAUTH: Basic Auth is simpler/more reliable/more secure/better received than OAuth!?

Although oauth is convoluted and twitter's implementation is buggy, no clear examples and takes time to get it right, I still vote for OAuth. You see people simply don't trust 3rd party apps with their login info as much as they trust the main-application(twitter.com). So at the end of the day, it

[twitter-dev] Re: Twitter: What did you change in OAuth?

Also check out things that broke for me(and their solutions) http://groups.google.com/group/twitter-development-talk/browse_thread/thread/59ed5372f7c1b623 On Jul 28, 6:42 am, Duane Roelands wrote: > Glad things are working for you. ;) > > Still no luck here.  I'm signing the requests with both

[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst

I think the big problem is that twitter's implementation is buggy and given that its relatively convoluted to implement oauth, even our implementation is buggy. Adding to that if we only get 'invalid signature' irrespective of which side the bug resides, frustrating both sides. I think it would b

[twitter-dev] Re: API only shows messages from last 7 days

I agree with you Dave. I have several thought about new services based on searching Twitter's historical data. Unfortunately my ideas appear to be getting less and less practical. Twitter claims to have all its data stored in disk-based databases from what I understand ... yet without acces

[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst

I don't myself think that twitter are doing anything more than enforcing the standard. I spent 3 hours 'fixing' my code for our application (uses Shannon Whitley's c# library as a base); I only found two bugs in thelibrary that caused any problem... the use of httputility.urlencode in place of the

[twitter-dev] Re: API only shows messages from last 7 days

I am a bit concerned. I remember at one point it being between 30-45 days. Now it seems to be getting smaller by about 1-day per month. Last month it was closer to 10 days. Is it basically going to keep getting smaller and smaller until we get V2 of the API, or will we be forced to all use only s

[twitter-dev] Possible tips and solutions if you are getting invalid signature since the latest security patch

I finally found out whats causing problems for me. 1. Make sure you are using token secret(oauth_token_secret) to create signature. I think earlier, twitter was accepting even without token- secret (a security hole) and hence the fix (I think). In javascript api to update a status... var

[twitter-dev] Re: OAUTH: Basic Auth is simpler/more reliable/more secure/better received than OAuth!?

On Tue, Jul 28, 2009 at 7:27 AM, chinaski007 wrote: > [the same post three different times] WE GET IT. YOU DON'T LIKE OAUTH. Your (probably statistically insignificant) tests with Google Optimizer reveal that your users are more likely to sign-up for Basic Auth than OAuth. WE GET IT. Did you

[twitter-dev] Re: OAUTH: Basic Auth is simpler/more reliable/more secure/better received than OAuth!?

On twollo.com I have not seen any issues yet with the changes - no one has ever complained about the "Sign in with Twitter" option. But I am very glad that Twitter implemented OAuth, I don't have to manage the credentials in the same way - Authenticate using Twitter has been a god send for me, and

[twitter-dev] Re: Protected Resources requests need not be signed by the Consumer secret?

I have the same issue with my application. Desktop apps are forced to either embed the consumer keys in source code or construct some sort of elaborate server mechanism. There's no good answer here. When my application approaches 1.0 release, I'll probably use Dotfuscator or something similar t

[twitter-dev] Re: Protected Resources requests need not be signed by the Consumer secret?

I dont think you got my point. Whether you were signing using both secrets or one secret doesnt matter because twitter wasnt verifying signature at all. Now they have fixed this and all your protected service requests must be signed by both secrets. My problem is how to protect the consumer secret.

[twitter-dev] Re: OAUTH: Basic Auth is simpler/more reliable/more secure/better received than OAuth!?

OAuth isn't perfect yet. However, it is better from one stand point: If I sign up for a website or program with my twitter password, and it does bad things, I have to change my password in EVERY twitter program I use. With OAuth, I can just block your app. On Jul 28, 9:08 am, Duane Roelands wr

[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst

I'm the developer who reported this problem to Twitter offline. I had been preparing a test case for them when I noticed this post: http://groups.google.com/group/twitter-development-talk/browse_thread/thread/a195ea9b9952e297?hl=en# I then skipped the preparation of the test case and sent e-mai

[twitter-dev] Re: updating follow/shadow/birddog list of users

In this case it is fairly clear that you aren't trying to work around a limit, but are trying to get around a product limitation in /shadow. Be sure that you are connecting from two accounts. Keep your total connect rate as low as practical while still maintaining an acceptable user experience. C

[twitter-dev] Re: Twitter: What did you change in OAuth?

Glad things are working for you. ;) Still no luck here. I'm signing the requests with both keys and I'm URLEncoding all "%"-values to upper case. On Jul 28, 9:18 am, "thetago...@googlemail.com" wrote: > Apparently two things were changed: > > 1. Setting the Consumer Secret is now a mandatory p

[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst

This is so clown show. On Tue, Jul 28, 2009 at 5:57 AM, soup wrote: > > Indeed very frustrating.. developers also has a life haha.. i hope. > > My day was gone because of this.. > > All my GET's work, only POST is not working... using PHP to generate > the sig. > > Any good ideas yet? >

[twitter-dev] Re: Twitter: What did you change in OAuth?

Apparently two things were changed: 1. Setting the Consumer Secret is now a mandatory part of the signing process, empty consumer secrets don't work anymore. 2. Parameter encoding didn't previously enforce the part of section 5.1 that says that "Hexadecimal characters in encodings MUST be upper c

[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst

Indeed very frustrating.. developers also has a life haha.. i hope. My day was gone because of this.. All my GET's work, only POST is not working... using PHP to generate the sig. Any good ideas yet?

[twitter-dev] Re: streaming API for DM for multiple users ?

On Tue, Jul 28, 2009 at 4:39 AM, Ben Hall wrote: > > Random idea, but wouldn't a streaming API for DMs allow IM style > clients to be implemented on top of the twitter platform? It would.

[twitter-dev] Help with my rate limit issue?

Hi, I'm writing an app that requires semi-live updates from each user. Right now my registered userbase is five, so with a cron job I run the script every two minutes for 150 calls per hour (I'm requesting user Xs updates since last update) with a whitelisted limit of 2/hour though this only

[twitter-dev] Re: Twitter: What did you change in OAuth?

Twitter Status : ... Is adding feature to his app so it can switch between OAuth and Basic for when OAuth breaks again. :-) Well, at least Basic auth's phase-out date has been pushed back another year.

[twitter-dev] Re: OAUTH: Basic Auth is simpler/more reliable/more secure/better received than OAuth!?

To be fair, OAuth is better for the user, security-wise, because they never have to provide their Twitter credentials to your application. Basic Auth also provides no way to know that the application is actually who it says it is. OAuth is far from perfect on this front, but it's light-years ahea

[twitter-dev] Re: Protected Resources requests need not be signed by the Consumer secret?

I've been using both consumer keys to sign all of my requests from day one. I still think the issue is related to URL encoding somehow, because I can successfully post tweets if they don't contain troublesome characters (apostrophe, for example). But, so long as Twitter remains silent, we'll nev

[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst

I've been providing both consumer keys since I started using OAuth for Twitter, and I'm still encountering issues because of this change. This is frustrating beyond words. On Jul 28, 7:03 am, João Pereira wrote: > I'm also frustrated. > > I can't have a consistent behaviour from twitter API. Now

[twitter-dev] Re: Adding tweets with a certain word them them to a feed on your site?

Twitter just recently added a widget to allow this at http://twitter.com/goodies/widget_search. Also, check out a few third party options: http://www.tweetseek.co.uk/ http://tweetgrid.com/widget/ http://tidytweet.com Good luck! Michael -Original Message- From: twitter-development-talk

[twitter-dev] OAUTH: Basic Auth is simpler/more reliable/more secure/better received than OAuth!?

Let's be honest... The end-result for third-party developers using OAuth appears to be fewer sign-ups, less reliability, more complexity, and potentially less security. Google Optimizer reveals that users are more likely to sign-up for Basic Auth than OAuth. That's just fact. Test it for your

  1   2   >