[twitter-dev] Re: Logging Out of Twitter Through API
Hi , Greg, have you found any solution ? I face the same problem ... :( CG On Thu, Jul 23, 2009 at 2:09 AM, Greggregory.av...@gmail.com wrote: Hello everyone, Just a quick question here - I originally though the the 'http:// twitter.com/account/end_session.xml' API function logs the user out of Twitter - however that doesn't appear to be the case with my application. Every time that I run that function - it doesn't log them out of Twitter (i.e basically the session variables with Twitter are not destroyed). Is that the way the function is supposed to be used? It is meant to completely log the user out of Twitter? Thanks, Greg
[twitter-dev] Android + OAuth
If you are interested on how to implement Twitter authentication with OAuth n Android - I have the write-up in my blog http://is.gd/1S6XP
[twitter-dev] Re: Twitter + OAuth for iPhone
Is this currently working? I'm using OAuthConsumer as well in my iPhone app and it stopped working after the last update... On Jul 28, 2:32 pm, Ben Gottlieb saibengottl...@gmail.com wrote: If anyone is interested, I've implemented Twitter OAuth on iPhone (which includes an iPhone version of the OAuth static lib). It's on GitHub:http://github.com/bengottlieb/Twitter-OAuth-iPhone/tree/master
[twitter-dev] Re: Failed to validate oauth signature and token
Hi Srikanth, I am able to get the PIN from twitter. Now as you mentioned above i need to add oauth_verifier in accessToken.html. I have added that field and entered the PIN i got from twitter. However it is not working. Can you please explain a bit on changes that need to be done in accessToken.html Thanks
[twitter-dev] Re: Twitter + OAuth for iPhone
Does this currently work? I'm using OAuthConsumer as well and my app stopped working after the last update. On Jul 28, 2:32 pm, Ben Gottlieb saibengottl...@gmail.com wrote: If anyone is interested, I've implemented Twitter OAuth on iPhone (which includes an iPhone version of the OAuth static lib). It's on GitHub:http://github.com/bengottlieb/Twitter-OAuth-iPhone/tree/master
[twitter-dev] Re: OAUTH: Basic Auth is simpler/more reliable/more secure/better received than OAuth!?
It would not surprise me at all if using OAuth resulted in fewer signups. Potential technical advantages of OAuth aside, every additional click that you add in the conversion process adds an addition leakage point where some users can and will abandon the signup process.
[twitter-dev] Re: OAUTH: Basic Auth is simpler/more reliable/more secure/better received than OAuth!?
First, let me state from the start that I am no fan of OAuth, Twitter's implementation of it, or the way that they've behaved with regard to it. Now, with all that being said. If your website expects me to hand over my Twitter password, I'm not using your web site. Just yesterday, another scam site (TwitViewer) managed to steal thousands of accounts, and convince other people to hand over their information because it was posting tweets from the stolen accounts. OAuth is not perfect, but it provides individual users and Twitter with a way to identify bad actors and lock them out of the ecosystem. OAuth works. There are examples out there. There are developers who are willing to help you. Implementing OAuth tells your customers that the security of their account is important to you, and shutting down Basic Auth trains your users to stop giving away their password. If your product has value, and you clearly communicate what that value is, the users will use OAuth. On Jul 29, 9:10 am, Dewald Pretorius dpr...@gmail.com wrote: It would not surprise me at all if using OAuth resulted in fewer signups. Potential technical advantages of OAuth aside, every additional click that you add in the conversion process adds an addition leakage point where some users can and will abandon the signup process.
[twitter-dev] Re: Twitter counts wrong the number of followers
This is more like Issue 547: statuses/friends followers - page bug http://code.google.com/p/twitter-api/issues/detail?id=547q=statuses%2Ffriendscolspec=ID%20Stars%20Type%20Status%20Priority%20Owner%20Summary%20Opened%20Modified%20Component -Steve On Jul 28, 6:53 pm, chinaski007 chinaski...@gmail.com wrote: If I understand your problem correctly, I believe this is already a known issue that Twitter is working on. See here: http://code.google.com/p/twitter-api/issues/detail?id=846colspec=ID%...
[twitter-dev] Re: Incorrect signature ERROR on /statuses/update.xml - Help Please....
I am having the exact same problem! On Jul 29, 5:22 am, Brett Hellman bhellm...@gmail.com wrote: Request URL:https://twitter.com/statuses/update.xml?STATUS=oauthtestingpleasework... ?xml version=1.0 encoding=UTF-8? hash request/statuses/update.xml?STATUS=oauthtestingpleaseworkamp;oauth_consumer_key=ConsumerKeyWasHereamp;oauth_nonce=oauthNonceWasHereamp;oauth_signature=rP%2FvX8Y2SAzFyMf3HsuRYFmBDe0%3Damp;oauth_signature_method=HMAC-SHA1amp;oauth_timestamp=1248841178amp;oauth_token=oauthTokenWasHereamp;oauth_version=1.0amp;oauth_token_secret=oauthTokenSecretWasHERE/request * errorIncorrect signature/error* /hash Any ideas on what I can do to get this request working? Thanks!
[twitter-dev] Re: Twitter counts wrong the number of followers
Thank for your replies! This is realy an know issues! But why Twitter still don't fix it! 2009/7/29 st...@implu.com st...@implu.com This is more like Issue 547: statuses/friends followers - page bug http://code.google.com/p/twitter-api/issues/detail?id=547q=statuses%2Ffriendscolspec=ID%20Stars%20Type%20Status%20Priority%20Owner%20Summary%20Opened%20Modified%20Component -Steve On Jul 28, 6:53 pm, chinaski007 chinaski...@gmail.com wrote: If I understand your problem correctly, I believe this is already a known issue that Twitter is working on. See here: http://code.google.com/p/twitter-api/issues/detail?id=846colspec=ID%...
[twitter-dev] Trying to retreieve all 'Qwest' messages
Hi, I am a summer intern for Qwest Communications. They have a twitter page (TALKTOQWEST) where they offer customer service. I am creating a system that retrieves the messages and stores them in a oracle 10G database. From there I am going to retrieve it to a java application. I was wondering if you could help me on how I can connect my database to Qwest's twitter account. I am new to SQL since I do not know how to write queries. However, it does not seem too hard so if you can tell me what API to use and how to call it in SQL plus, it would be much appreciated! Thanks Aman Bhansali
[twitter-dev] Re: Twitter + OAuth for iPhone
I just re-tested the code this morning, and it still works. On Jul 29, 6:03 am, chloros akc1...@gmail.com wrote: Does this currently work? I'm using OAuthConsumer as well and my app stopped working after the last update. On Jul 28, 2:32 pm, Ben Gottlieb saibengottl...@gmail.com wrote: If anyone is interested, I've implemented Twitter OAuth on iPhone (which includes an iPhone version of the OAuth static lib). It's on GitHub:http://github.com/bengottlieb/Twitter-OAuth-iPhone/tree/master
[twitter-dev] Re: Twitter counts wrong the number of followers
I was actually wondering about raising a feature request to remove all follower and following counts from all twitter pages and the API :) to help prevent spam. Paul 2009/7/29 Vincent Nguyen kureik...@gmail.com Thank for your replies! This is realy an know issues! But why Twitter still don't fix it! 2009/7/29 st...@implu.com st...@implu.com This is more like Issue 547: statuses/friends followers - page bug http://code.google.com/p/twitter-api/issues/detail?id=547q=statuses%2Ffriendscolspec=ID%20Stars%20Type%20Status%20Priority%20Owner%20Summary%20Opened%20Modified%20Component -Steve On Jul 28, 6:53 pm, chinaski007 chinaski...@gmail.com wrote: If I understand your problem correctly, I believe this is already a known issue that Twitter is working on. See here: http://code.google.com/p/twitter-api/issues/detail?id=846colspec=ID%. ..
[twitter-dev] Re: API only shows messages from last 7 days
You're probably correct when you say that throwing more programmers at the problem is not the solution. That's not what I was suggesting ... My thought is that there may be no one at Twitter actually planning or developing a plan for historical data access, and if this is true then hiring someone with the skills and the desire to implement this in a practical manner would go a very long way towards providing people like us with a workable solution now. Having said this, I agree that in the absence of enough people in the company who can be trusted to make wise decisions and accomplish a wide variety of projects all at the same time, it ends up becoming a priority issue. When there are too few people available to actually take charge and make progress on projects like the one we've been discussing in this thread, it all comes down to priorities -- and when those priorities focus on things we do not need, the things we really want are set aside and ignored, with no progress being made. In other companies money is a significant limiting factor, but I tend to question this at Twitter given all the reports of their financial condition, so I really think it's a priority issue in Twitter's case. Now, if only someone at Twitter could see how important historical data access can be to real businesses, and how these businesses might be willing to pay for this data, then all it would take is to hire the right person to implement it. Twitter simply needs the money, the current ability to recognize the future value of such a project, and the commitment to make it happen ... and then they hire a leader who gets it done. Easier said than done of course, but there are excellent people available who can accomplish such goals when given the chance -- and the support they need from within the company of course. Then again, if these people are already working on it (as you may have suggested) then it's going to happen one of these days anyways ... :) Owkaye I don't think that adding more people to the staff at Twitter is the solution. In one startup I saw a thing posted on the refrigerator that had the adage, Adding more people to a project already behind schedule will only slow it down more. Surely for support and customer service issues having more people on the team to deal with growth is good, but I doubt throwing more programmers at it will help fix most issues. It just never seems to work that way. While many startups do tend toward younger employees (I personally think because being younger normally means that you can work a lot with minimal life impact), I'm sure that someone with a strong background would be able to get a job at Twitter if they were local to the company (or willing to move). A lot of this surely comes down to priorities inside the company. While Doug and Team want to support us developers as much as possible, much of our initial 'value' that we've offered in helping push twitter to the masses has already happened. We aren't the core business strategy, and with a fixed amount of resources and focus they aren't working to push mainly for developer access, but for standard user access. This 100% makes sense. Users are what is going to make twitter happen, not 3rd party developers. They want to provide a stable experience on both fronts, but users come first. In my private discussions with some team members, I've gotten the sense that they have good stuff in the pipeline for us and that they are working hard to make it happen. However we're only a small part of the overall strategy of a quickly growing company that is still dealing with massive growing pains which is no fault of theirs and something they are dealing with as best they can. david On Jul 28, 1:46 pm, owkaye owk...@gmail.com wrote: I'm sure others feel the same way Dave, but it looks and feels like Twitter is moving in the opposite direction. The load on a server to extract a big dataset once a month would be minimal, and both you and I can see the value in this approach. But I'm not sure the folks at Twitter do, or if they do maybe they just don't have the people who can (and will) get things like this implemented. Is a shortage of competent staff the cause of this type of problem? Even though I have the capabilities I do not have the 'resume' to get a job there and help them deal with some of this stuff, nor do I have the contacts within the Twitter organization to put a good word in for me and help me get hired so I could do good things for them. I'm 52 years old too, and my age seems to be a negative to most of the Web 2.x companies hiring these days. This is kind of a shame considering that people like me frequently have broader-based experience and insights that are sometimes lacking in younger people, and because of this we can add a lot more value in the areas of planning and structural
[twitter-dev] Re: OAUTH: Basic Auth is simpler/more reliable/more secure/better received than OAuth!?
Well said, Duane. Thanks, Doug On Wed, Jul 29, 2009 at 7:18 AM, Duane Roelands duane.roela...@gmail.comwrote: First, let me state from the start that I am no fan of OAuth, Twitter's implementation of it, or the way that they've behaved with regard to it. Now, with all that being said. If your website expects me to hand over my Twitter password, I'm not using your web site. Just yesterday, another scam site (TwitViewer) managed to steal thousands of accounts, and convince other people to hand over their information because it was posting tweets from the stolen accounts. OAuth is not perfect, but it provides individual users and Twitter with a way to identify bad actors and lock them out of the ecosystem. OAuth works. There are examples out there. There are developers who are willing to help you. Implementing OAuth tells your customers that the security of their account is important to you, and shutting down Basic Auth trains your users to stop giving away their password. If your product has value, and you clearly communicate what that value is, the users will use OAuth. On Jul 29, 9:10 am, Dewald Pretorius dpr...@gmail.com wrote: It would not surprise me at all if using OAuth resulted in fewer signups. Potential technical advantages of OAuth aside, every additional click that you add in the conversion process adds an addition leakage point where some users can and will abandon the signup process.
[twitter-dev] Re: Updating the APIs authentication limiting policy
Doug, I'm in a similar situation as that voiced by TinBlue. This change has affected our iPhone App. We also want to encourage you to rollback this change ASAP. When you say This approach is what we are going to take., do you mean rolling back the fix so as not to affect multiple, successful, authorized logins? I'm hopeful that this approach means that our apps will not be affected yet again by changing to a new auth approach. I appreciate you all keeping this thread informed. Ray On Jul 27, 11:23 am, Doug Williams d...@twitter.com wrote: Thanks to everyone who has contributed feedback. This approach is what we are going to take. Alex will be making this change shortly. I will update this thread when there is timeframe to share. Thanks, Doug On Mon, Jul 27, 2009 at 7:52 AM, TinBlue tinb...@gmail.com wrote: What is happening? This rollback is taking far too long for something that has affected a lot of people! On Jul 25, 2:32 pm, Dewald Pretorius dpr...@gmail.com wrote: Doug, I would prefer to adopt OAuth instead of writing code for Basic Auth. So, you guys need to move OAuth out of public beta into full production sooner rather than later. :-) I manage 100,000+ Twitter accounts, and I simply cannot take on the support workload of answering user tickets when there's a snag with OAuth beta. I monitor these forums and the API Issues and still see too many OAuth issues being reported to give me a level of comfort that I can safely switch over to OAuth. On Jul 24, 5:46 pm, Doug Williams d...@twitter.com wrote: Well said Joshua. Dewald, you have identified the risk of using basic authentication. If your users being locked out due to malicious behavior, you should either implement further user-level rate limiting on your side or adopt OAuth. Are there any other glaring omissions in our thinking or should we proceed with this as our solution? Thanks, Doug On Fri, Jul 24, 2009 at 11:08 AM, Joshua Perryj...@6bit.com wrote: Jim's concern is valid, fortunately OAuth is immune to brute-force attacks once the access key has been issued to an application. For this reason alone I would urge people to switch to OAuth if at all possible. I would hope (and assume) that if login attempts for an account are locked out that a user would still be able to successfully use an already authorized OAuth driven application. Unfortunately allowing a successful un/pw login while an account is locked out even when the correct password is presented effectively bypasses the whole reason for a lockout in the first place, preventing brute-force password attempts. If an attacker used a dictionary or brute-force attack and the account was locked out after 15 attempts, then they could continue trying even though the system replied locked out; if they eventually sent the correct password it would just bypass the lockout and they would then know the correct password. Perhaps Twitter could implement a selective captcha, I know they are annoying but if executed properly it could be effective protection against brute-force and dictionary attacks. Say after 3 or 4 failed attempts without a captch the API would then include a captcha image URL in it's response that the application would then need to show to the person and include the user's response with the next authentication attempt as a header or POST variable. The site stackoverflow.com does this to great effect, if you create posts quicker than a certain threshold which a person would not exceed then they pop a captcha up, in the normal use of the site you will never see one; I've only hit two captchas in the last in the last 8 months using the site. Josh Dewald Pretorius wrote: Jim raised a huge weakness with the authentication rate limiting that could essentially break third-party apps. Anybody can try to add anybody else's Twitter account to a third-party app using an invalid password. If they do that 15 times with a Twitter account, the real owner of that Twitter account, who may have added his account a long time ago with the correct password, is locked out from using that app for an hour. I believe you will absolutely have to reset / remove the lock as soon as the Twitter account uses the correct password. On Jul 22, 4:58 pm, jim.renkel james.ren...@gmail.com wrote: My concern with this proposal is that it opens up denials of service, not to twitter.com, but to associated sites such as twitpic, or my site twxlate, among others For example, Lance Armstrong is a heavy user of twitpic. It is very easy for anyone to find Lance's twitter ID (@lancearmstrong), view his status updates, and see that he is a
[twitter-dev] Re: OAuth URLEncode for VB.NET Libraries
Any chance you can post your oAuth.vb I made this change to no avail. Then I noticed that I was passing the Token Secret into the sig. base. But still nothing! I am going nuts! On Jul 28, 2:15 pm, Andrew Badera and...@badera.us wrote: On Tue, Jul 28, 2009 at 2:13 PM, Duane Roelands duane.roela...@gmail.comwrote: My application appears to be back in the game, after some corrections to my url encoding. I've posted the code here (http://dpaste.com/hold/ 72568/ http://dpaste.com/hold/%0A72568/) for the benefit of other VB.NETdevelopers. This is a VB.NET port of the URLEncode method found in the Twitter/ OAuth class from Shannon Whitley and Eran Sandler. They rock. Hopefully, this gets you guys back in the game as well. Good stuff Duane, I may refactor this into C#. --ab
[twitter-dev] Re: OAUTH: Basic Auth is simpler/more reliable/more secure/better received than OAuth!?
On Jul 28, 4:16 pm, Isaiah supp...@yourhead.com wrote: I publish an open source example of using a OAuth in a standalone mac app -- so I'm bought in to the OAuth idea. But it wasn't easy, I had to fight to make it appear even somewhat integrated, and the lack of security around my apps private keys really freaks me out. On the other hand I see a lot of posts like this where I tilt my head and say, what are you talking about? Because I just don't get where you're coming from. It's like there's some hidden assumption someone forgot to tell me. So, please don't take offense, I'd just like to play devil's advocate and ask you to back up these reasons with some more info. I'll try to be specific about what seems odd, or at least odd to me: I really loved OAuth because: (1) Ease of coding. I could get OAuth working within a couple of days. You're saying that OAuth was easier to implement than basic auth? How so? Basic auth just places the authorization info into the request -- oauth requires the entire token request, token exchange, token inclusion dance. At best I could see someone arguing that it's roughly the same because you can use a nice library either way, but saying OAuth is actually easier seems a bit far fetched. I was merely advocating about OAuth here. I didn't play around with BasicAuth since OAuth was available when I started developing twaller.com. I wanted to respond to comments which said, OAuth is hard to code etc., by saying I didn't feel that way, mainly because I used the library Twitter4J. Saves me any password maintenance, encryption etc. But how do you maintain the user's auth tokens? Since they're basically as powerful as a password (so long as the user has not turned them off) they need to be given the same care, right? In my implementation I save them just like passwords. Are other developers not doing this? If not why not? I think there is a difference. I find passwords messy because if someone wants to misuse them, they can potentially misuse them for other websites beyond twitter. Many people including myself have similar usernames and exactly the same password in multiple websites. So if I accidently leak a password, and someone uses that to login a bank website and make a financial transaction, that will not look very good. Oauth token's are limited to Twitter use. At the moment, i am not encrypting it in my database. (2) Integration with Twitter Branding. With the OAuth scheme, I believe my website is more integrated with Twitter. It would also be nicer if Twitter would maintain their own list of websites they trust with Oauth, just to give users the added confidence that Twitter trusts me. I'm sure if Twitter decided that tomorrow that OAuth was out, and that PAuth or QAuth were the new black, then those would be more integrated. My point being that this is not an advantage intrinsic to OAuth, just an advantage of using the currently blessed standard. I'll give you that one, if you also agree if that if tomorrow Twitter decided Basic Auth was the way forward, Basic Auth would then be more integrated than OAuth. I meant the process of going to Twitter for a login makes me feel that my application is integrated with them. As oppossed to merely saying, please supply your Twitter name and password to my website. (3) Saves me worrying about SSL. A lot of people are finicky about HTTPS/SSL. This was I can just ytell them that if Twitter wants Oauth that way in future, we will simple provide it. But doesn't that mean that people sniffing on the network where you host your app could potentially grab the authentication tokens of your users as they fly by? Or even just your application tokens if they were interested in spoofing you? I don't mean to be paranoid, but my rather tiny little site was attacked and compromised once a week by evil folks in June -- 4 different attacks by four separate security holes (note to self, don't run a wiki on the same host as my web store). That is a very valuable suggestion. I was thinking of hosting multiple things on the same host, I will avoid that now. These jerks are everywhere now, and they're the real deal. They have a lot of cash and a lot of patience to think of new ways to exploit your resources to their own end. The part I hate about OAuth is that the OAUth page is extremely slow to load and sometimes does not load at all. I see this issue with the Twitter website in general as well, sometime postst from the web just don't go through. I would much appreciate if people at Twitter can address scalability problems to OAUTH, because that I believe is the biggest user turnoff. I've noticed this too. From an outsider layperson's point of view is seems as though we're pushing every authorization request through a single doorway. My hope is that it's more a lack of my
[twitter-dev] Re: Twitter + OAuth for iPhone
Update: it's not working if you have %-escaped characters in your update status string. It appears that there may be some double- escaping going on, and that may be confusing things. Not sure if this is my code or something else (this was working over the weekend, but something else may have changed before I committed to GitHub.). In progress. B On Jul 29, 8:31 am, Ben Gottlieb saibengottl...@gmail.com wrote: I just re-tested the code this morning, and it still works. On Jul 29, 6:03 am, chloros akc1...@gmail.com wrote: Does this currently work? I'm using OAuthConsumer as well and my app stopped working after the last update. On Jul 28, 2:32 pm, Ben Gottlieb saibengottl...@gmail.com wrote: If anyone is interested, I've implemented Twitter OAuth on iPhone (which includes an iPhone version of the OAuth static lib). It's on GitHub:http://github.com/bengottlieb/Twitter-OAuth-iPhone/tree/master
[twitter-dev] Re: Logging Out of Twitter Through API
I have not - hopefully someone has an answer. On Jul 29, 2:23 am, CG learn@gmail.com wrote: Hi , Greg, have you found any solution ? I face the same problem ... :( CG On Thu, Jul 23, 2009 at 2:09 AM, Greggregory.av...@gmail.com wrote: Hello everyone, Just a quick question here - I originally though the the 'http:// twitter.com/account/end_session.xml' API function logs the useroutof Twitter - however that doesn't appear to be the case with my application. Every time that I run that function - it doesn'tlogthemoutof Twitter (i.e basically the session variables with Twitter are not destroyed). Is that the way the function is supposed to be used? It is meant to completelylogthe useroutof Twitter? Thanks, Greg
[twitter-dev] Re: Updating the APIs authentication limiting policy
Ray,For clarity, we will roll back the current restriction of 15 calls per user per hour to account/verify_credentials, and implement the proposed scheme: ... we will limit the total number of unsuccessful attempts to access authenticated resources to 15 an hour per user per IP address. If a single IP address makes 15 attempts to access a protected resource unsuccessfully for a given user (as indicated by an HTTP 401), then the user will be locked out of authenticated resources from that IP address for 1 hour. Thanks, Doug On Wed, Jul 29, 2009 at 9:51 AM, Ray rvizz...@testlabs.com wrote: Doug, I'm in a similar situation as that voiced by TinBlue. This change has affected our iPhone App. We also want to encourage you to rollback this change ASAP. When you say This approach is what we are going to take., do you mean rolling back the fix so as not to affect multiple, successful, authorized logins? I'm hopeful that this approach means that our apps will not be affected yet again by changing to a new auth approach. I appreciate you all keeping this thread informed. Ray On Jul 27, 11:23 am, Doug Williams d...@twitter.com wrote: Thanks to everyone who has contributed feedback. This approach is what we are going to take. Alex will be making this change shortly. I will update this thread when there is timeframe to share. Thanks, Doug On Mon, Jul 27, 2009 at 7:52 AM, TinBlue tinb...@gmail.com wrote: What is happening? This rollback is taking far too long for something that has affected a lot of people! On Jul 25, 2:32 pm, Dewald Pretorius dpr...@gmail.com wrote: Doug, I would prefer to adopt OAuth instead of writing code for Basic Auth. So, you guys need to move OAuth out of public beta into full production sooner rather than later. :-) I manage 100,000+ Twitter accounts, and I simply cannot take on the support workload of answering user tickets when there's a snag with OAuth beta. I monitor these forums and the API Issues and still see too many OAuth issues being reported to give me a level of comfort that I can safely switch over to OAuth. On Jul 24, 5:46 pm, Doug Williams d...@twitter.com wrote: Well said Joshua. Dewald, you have identified the risk of using basic authentication. If your users being locked out due to malicious behavior, you should either implement further user-level rate limiting on your side or adopt OAuth. Are there any other glaring omissions in our thinking or should we proceed with this as our solution? Thanks, Doug On Fri, Jul 24, 2009 at 11:08 AM, Joshua Perryj...@6bit.com wrote: Jim's concern is valid, fortunately OAuth is immune to brute-force attacks once the access key has been issued to an application. For this reason alone I would urge people to switch to OAuth if at all possible. I would hope (and assume) that if login attempts for an account are locked out that a user would still be able to successfully use an already authorized OAuth driven application. Unfortunately allowing a successful un/pw login while an account is locked out even when the correct password is presented effectively bypasses the whole reason for a lockout in the first place, preventing brute-force password attempts. If an attacker used a dictionary or brute-force attack and the account was locked out after 15 attempts, then they could continue trying even though the system replied locked out; if they eventually sent the correct password it would just bypass the lockout and they would then know the correct password. Perhaps Twitter could implement a selective captcha, I know they are annoying but if executed properly it could be effective protection against brute-force and dictionary attacks. Say after 3 or 4 failed attempts without a captch the API would then include a captcha image URL in it's response that the application would then need to show to the person and include the user's response with the next authentication attempt as a header or POST variable. The site stackoverflow.com does this to great effect, if you create posts quicker than a certain threshold which a person would not exceed then they pop a captcha up, in the normal use of the site you will never see one; I've only hit two captchas in the last in the last 8 months using the site. Josh Dewald Pretorius wrote: Jim raised a huge weakness with the authentication rate limiting that could essentially break third-party apps. Anybody can try to add anybody else's Twitter account to a third-party app using an invalid password. If they do that 15 times with a Twitter account,
[twitter-dev] Re: Logging Out of Twitter Through API
2009/7/29 Greg gregory.av...@gmail.com: I have not - hopefully someone has an answer. I've found that it's enough to simply forgets the token and secret. Why do you need anything more than that? The API does not maintain a session for users, so there's nothing to log out from except your site. -Stuart On Jul 29, 2:23 am, CG learn@gmail.com wrote: Hi , Greg, have you found any solution ? I face the same problem ... :( CG On Thu, Jul 23, 2009 at 2:09 AM, Greggregory.av...@gmail.com wrote: Hello everyone, Just a quick question here - I originally though the the 'http:// twitter.com/account/end_session.xml' API function logs the useroutof Twitter - however that doesn't appear to be the case with my application. Every time that I run that function - it doesn'tlogthemoutof Twitter (i.e basically the session variables with Twitter are not destroyed). Is that the way the function is supposed to be used? It is meant to completelylogthe useroutof Twitter? Thanks, Greg
[twitter-dev] Re: Twitter + OAuth for iPhone
Okay, sendUpdate is now working with spaces again. On Jul 29, 10:41 am, Ben Gottlieb saibengottl...@gmail.com wrote: Update: it's not working if you have %-escaped characters in your update status string. It appears that there may be some double- escaping going on, and that may be confusing things. Not sure if this is my code or something else (this was working over the weekend, but something else may have changed before I committed to GitHub.). In progress. B On Jul 29, 8:31 am, Ben Gottlieb saibengottl...@gmail.com wrote: I just re-tested the code this morning, and it still works. On Jul 29, 6:03 am, chloros akc1...@gmail.com wrote: Does this currently work? I'm using OAuthConsumer as well and my app stopped working after the last update. On Jul 28, 2:32 pm, Ben Gottlieb saibengottl...@gmail.com wrote: If anyone is interested, I've implemented Twitter OAuth on iPhone (which includes an iPhone version of the OAuth static lib). It's on GitHub:http://github.com/bengottlieb/Twitter-OAuth-iPhone/tree/master
[twitter-dev] Fetch multiple statuses by ID
Greetings. Is there any way to fetch multiple statuses in a single request, by passing in all the status IDs? As in: http://twitter.com/statuses/show/123,456,789.json returning tweets 123, 456, 789. Use case: I run http://listoftweets.com, where users can build up a list of tweets from search results. There's no persistence right now, but I would like to make a new feature, letting people save a list of tweets on my server. It would be redundant for my site to capture the full details of all the tweets in the list, when that information is already in Twitter; I'd like to just save a list of IDs and make a single call on Twitter to pull them out. As it stands, AFAICT, I'd have to make a unique call for every tweet in the list, which is obviously not practical.
[twitter-dev] Twitter JS implementation
Can anyone recommend a javascript api implementation (anything that already has a jquery plugin would be a bonus but not necessary) The few I've seen don't allow statuses.update which is a nessecity for me. Thanks
[twitter-dev] Re: Twitter JS implementation
http://code.google.com/p/oauth/source/browse/code/javascript/ will get you started -- the oauth stuff is probably the meat of what you need to do to get statuses/update working. JS isn't a great language for this, because of the XSS issues that arise. On Wed, Jul 29, 2009 at 11:29, Bob Fishel bobfis...@gmail.com wrote: Can anyone recommend a javascript api implementation (anything that already has a jquery plugin would be a bonus but not necessary) The few I've seen don't allow statuses.update which is a nessecity for me. Thanks -- Internets. Serious business.
[twitter-dev] Re: OAUTH: Basic Auth is simpler/more reliable/more secure/better received than OAuth!?
I really appreciate your responses. And I definitely understand your point of view now. Paraphrasing: 1. unrelated to basic, oauth is not difficult to implement. i agree. while non-trivial on the desktop simply because no one had done it yet (and released it as OSS), i would agree that it was not especially difficult. 2. passwords can sometime be misused in a cross-site cross-app way. i agree. point taken. especially for the web app world. 3. having twitter included as part of the sign up process feels more integrated. i agree for a web app. and since facebook and flickr do it too, the idiom is well understood. however for a desktop client this is a very abnormal (hopefully just novile?) process -- so i think i would still tend to disagree. thanks again for posting. Isaiah YourHead Software supp...@yourhead.com http://www.yourhead.com On Jul 29, 2009, at 8:42 AM, Amitab wrote: On Jul 28, 4:16 pm, Isaiah supp...@yourhead.com wrote: I publish an open source example of using a OAuth in a standalone mac app -- so I'm bought in to the OAuth idea. But it wasn't easy, I had to fight to make it appear even somewhat integrated, and the lack of security around my apps private keys really freaks me out. On the other hand I see a lot of posts like this where I tilt my head and say, what are you talking about? Because I just don't get where you're coming from. It's like there's some hidden assumption someone forgot to tell me. So, please don't take offense, I'd just like to play devil's advocate and ask you to back up these reasons with some more info. I'll try to be specific about what seems odd, or at least odd to me: I really loved OAuth because: (1) Ease of coding. I could get OAuth working within a couple of days. You're saying that OAuth was easier to implement than basic auth? How so? Basic auth just places the authorization info into the request -- oauth requires the entire token request, token exchange, token inclusion dance. At best I could see someone arguing that it's roughly the same because you can use a nice library either way, but saying OAuth is actually easier seems a bit far fetched. I was merely advocating about OAuth here. I didn't play around with BasicAuth since OAuth was available when I started developing twaller.com. I wanted to respond to comments which said, OAuth is hard to code etc., by saying I didn't feel that way, mainly because I used the library Twitter4J. Saves me any password maintenance, encryption etc. But how do you maintain the user's auth tokens? Since they're basically as powerful as a password (so long as the user has not turned them off) they need to be given the same care, right? In my implementation I save them just like passwords. Are other developers not doing this? If not why not? I think there is a difference. I find passwords messy because if someone wants to misuse them, they can potentially misuse them for other websites beyond twitter. Many people including myself have similar usernames and exactly the same password in multiple websites. So if I accidently leak a password, and someone uses that to login a bank website and make a financial transaction, that will not look very good. Oauth token's are limited to Twitter use. At the moment, i am not encrypting it in my database. (2) Integration with Twitter Branding. With the OAuth scheme, I believe my website is more integrated with Twitter. It would also be nicer if Twitter would maintain their own list of websites they trust with Oauth, just to give users the added confidence that Twitter trusts me. I'm sure if Twitter decided that tomorrow that OAuth was out, and that PAuth or QAuth were the new black, then those would be more integrated. My point being that this is not an advantage intrinsic to OAuth, just an advantage of using the currently blessed standard. I'll give you that one, if you also agree if that if tomorrow Twitter decided Basic Auth was the way forward, Basic Auth would then be more integrated than OAuth. I meant the process of going to Twitter for a login makes me feel that my application is integrated with them. As oppossed to merely saying, please supply your Twitter name and password to my website. (3) Saves me worrying about SSL. A lot of people are finicky about HTTPS/SSL. This was I can just ytell them that if Twitter wants Oauth that way in future, we will simple provide it. But doesn't that mean that people sniffing on the network where you host your app could potentially grab the authentication tokens of your users as they fly by? Or even just your application tokens if they were interested in spoofing you? I don't mean to be paranoid, but my rather tiny little site was attacked and compromised once a week by evil folks in June -- 4 different attacks by four separate security holes (note to self, don't run a wiki on the same host as my web store). That is a very valuable
[twitter-dev] Re: id field is missing in status from streaming API frequently
Fixed. http://yusuke.homeip.net/hudson/job/Twitter4J/296/ Please try the latest build. http://yusuke.homeip.net/maven2/net/homeip/yusuke/twitter4j/2.0.9-SNAPSHOT/ Now T4J ignores deleted tweets. Cheers, -- Yusuke Yamamoto yus...@mac.com this email is: [x] bloggable/twittable [ ] ask first [ ] private follow me on : http://twitter.com/yusukeyamamoto subscribe me at : http://yusuke.homeip.net/blog/ On 7月24日, 午後9:15, AJ Chen cano...@gmail.com wrote: John, thanks. Yusuke, it may be a good idea for twitter4j library to exclude the deleted statuses as they are received. currently, twitter4j throws an exception for them, which is less informative. thanks. -aj On Fri, Jul 24, 2009 at 3:20 PM, John Kalucki jkalu...@gmail.com wrote: It appears that you are treating status deletions as statuses. -John Kalucki http://twitter.com/jkalucki Services, Twitter Inc. On Jul 24, 3:18 pm, AJ Chen cano...@gmail.com wrote: twitter streaming api has lots of statuses missing id? the following exception appears almost continuously in my log. it indicates the id field is missing in status from streaming API. twitter4j.TwitterException: JSONObject[id] not found.:{delete:{status:{id:2813410502,user_id:47157439}}} twitter4j.TwitterException: JSONObject[id] not found.:{delete:{status:{id:2812385903,user_id:54420955}}} thanks, -aj -- AJ Chen, PhD Co-Chair, Semantic Web SIG, sdforum.orghttp://web2express.org Palo Alto, CA -- AJ Chen, PhD Co-Chair, Semantic Web SIG, sdforum.orghttp://web2express.org Palo Alto, CA
[twitter-dev] JS API implementation
Can anyone recommend a javascript api implementation (anything that already has a jquery plugin would be a bonus but not necessary) The few I've seen don't allow statuses.update which is a nessecity for me. Thanks
[twitter-dev] Re: Adding tweets with a certain word them them to a feed on your site?
How about a much more easy way? I combined Elgg (was an open source platform for social networks) with RSS (any RSS to HTML is fine too). A live example you can find here: http://www.otd.to/iran/weblog/ and the RSS from twitter would be: http://search.twitter.com/search.rss?q=iran Now you notice on OTD the LINK to twitter real status, as you wouldn`t take credit for something someone else sayd. And remember that Twitter dosen`t take credential for what ppl say. It`s up to them (twitter users) to give access or set private. Hope this helps you. Sincerly, Cristian. On Jul 28, 3:49 pm, Michael Paladino paladinomich...@gmail.com wrote: Twitter just recently added a widget to allow this athttp://twitter.com/goodies/widget_search. Also, check out a few third party options: http://www.tweetseek.co.uk/http://tweetgrid.com/widget/http://tidytweet.com Good luck! Michael -Original Message- From: twitter-development-talk@googlegroups.com [mailto:twitter-development-t...@googlegroups.com] On Behalf Of DougMellon Sent: Sunday, July 26, 2009 4:48 AM To: Twitter Development Talk Subject: [twitter-dev] Adding tweets with a certain word them them to a feed on your site? Does anyone know of a way I could add tweets with a certain word in them to a feed on my site? For example if there are tweets that have say #somethinghere in them. If I search twitter for #somethinghere (#somethinghere) the list of tweets comes up. Is it possible to get that list of tweets posted on my site? This may be really confusing and if so let me know and ill try to word it another way. Thanks in advance, Doug
[twitter-dev] Re: OAUTH: Basic Auth is simpler/more reliable/more secure/better received than OAuth!?
On Wed, Jul 29, 2009 at 3:54 PM, oshells oshe...@gmail.com wrote: I used Abraham examples to implement OAuth into Elgg v0.9.2 (last version of an open source social network platform). It`s working as it should be, but I also made further thinking (if by any chance OAuth gets down) and the first time users join our website they must complete a one time signup process, allowing us to have the missing parts from theyr account (email - any email they might choose) and also let them set theyr username/password . Now, even if theyr password is the same as for twitter it`s md5 encripted and no-one, neither the admins can use it in a non-right way. You realize of course that MD5 is compromised and relatively worthless, right? SHA512 baby. Thanks- - Andy Badera - and...@badera.us - Google me: http://www.google.com/search?q=andrew+badera - This email is: [ ] bloggable [x] ask first [ ] private
[twitter-dev] Re: OAUTH: Basic Auth is simpler/more reliable/more secure/better received than OAuth!?
I used Abraham examples to implement OAuth into Elgg v0.9.2 (last version of an open source social network platform). It`s working as it should be, but I also made further thinking (if by any chance OAuth gets down) and the first time users join our website they must complete a one time signup process, allowing us to have the missing parts from theyr account (email - any email they might choose) and also let them set theyr username/password . Now, even if theyr password is the same as for twitter it`s md5 encripted and no-one, neither the admins can use it in a non-right way. The signup process is by-passed (from the 2nd time they join our website using twitter authentication) by saving the twitter ID into our database linked to the user account (the very 1st time they join), so everytime the user joins using OAuth a session will be created for that unique account (ID), but remember that he can also use username/ password to authenticate into our website. I`ll advice anyone using OAuth to setup this one-time account creation on theyr website (database) too, just in case something bad could ever happen to OAuth. If I`m pleased with OAuth? Hell ya, I do..I love it! Sincerly, Cristian. On Jul 29, 6:42 pm, Amitab hiamita...@gmail.com wrote: On Jul 28, 4:16 pm, Isaiah supp...@yourhead.com wrote: I publish an open source example of using a OAuth in a standalone mac app -- so I'm bought in to the OAuth idea. But it wasn't easy, I had to fight to make it appear even somewhat integrated, and the lack of security around my apps private keys really freaks me out. On the other hand I see a lot of posts like this where I tilt my head and say, what are you talking about? Because I just don't get where you're coming from. It's like there's some hidden assumption someone forgot to tell me. So, please don't take offense, I'd just like to play devil's advocate and ask you to back up these reasons with some more info. I'll try to be specific about what seems odd, or at least odd to me: I really loved OAuth because: (1) Ease of coding. I could get OAuth working within a couple of days. You're saying that OAuth was easier to implement than basic auth? How so? Basic auth just places the authorization info into the request -- oauth requires the entire token request, token exchange, token inclusion dance. At best I could see someone arguing that it's roughly the same because you can use a nice library either way, but saying OAuth is actually easier seems a bit far fetched. I was merely advocating about OAuth here. I didn't play around with BasicAuth since OAuth was available when I started developing twaller.com. I wanted to respond to comments which said, OAuth is hard to code etc., by saying I didn't feel that way, mainly because I used the library Twitter4J. Saves me any password maintenance, encryption etc. But how do you maintain the user's auth tokens? Since they're basically as powerful as a password (so long as the user has not turned them off) they need to be given the same care, right? In my implementation I save them just like passwords. Are other developers not doing this? If not why not? I think there is a difference. I find passwords messy because if someone wants to misuse them, they can potentially misuse them for other websites beyond twitter. Many people including myself have similar usernames and exactly the same password in multiple websites. So if I accidently leak a password, and someone uses that to login a bank website and make a financial transaction, that will not look very good. Oauth token's are limited to Twitter use. At the moment, i am not encrypting it in my database. (2) Integration with Twitter Branding. With the OAuth scheme, I believe my website is more integrated with Twitter. It would also be nicer if Twitter would maintain their own list of websites they trust with Oauth, just to give users the added confidence that Twitter trusts me. I'm sure if Twitter decided that tomorrow that OAuth was out, and that PAuth or QAuth were the new black, then those would be more integrated. My point being that this is not an advantage intrinsic to OAuth, just an advantage of using the currently blessed standard. I'll give you that one, if you also agree if that if tomorrow Twitter decided Basic Auth was the way forward, Basic Auth would then be more integrated than OAuth. I meant the process of going to Twitter for a login makes me feel that my application is integrated with them. As oppossed to merely saying, please supply your Twitter name and password to my website. (3) Saves me worrying about SSL. A lot of people are finicky about HTTPS/SSL. This was I can just ytell them that if Twitter wants Oauth that way in future, we will simple provide it. But doesn't that mean that people sniffing on the network where you
[twitter-dev] Re: Too Many Requests for a specific user ....
ok, so I'll optimize my calls to verify_credentials. Would be good if this was documented someplace. Also, does the same limit exist for other APIs? -fs On Jul 27, 10:39 am, TinBlue tinb...@gmail.com wrote: Twitter in their infinite wisdom decided to implement a limit on the verify_credentials API call. I believe its 15 calls per hour. They have since come to their senses and said they will be rolling back to the previous behavior. However, as yet they still haven't done it. But personally, I wish they would hurry up! On Jul 27, 3:07 am, Francis Shanahan francisshana...@gmail.com wrote: Sorry that's 403 Forbidden errors I'm gietting. On Jul 26, 10:06 pm, Francis Shanahan francisshana...@gmail.com wrote: I realise there are limits on the number of times an application can call into Twitter in a given time period. In the course of my testing though I tend to fire off a lot of requests, nothing crazy just probably 1 per minute as I'm clicking through my tests. Sometimes when I'm testing oAuth Login and logging in/out of the application, and going back and forth with the Grant/Deny page I am experiencing 403 Unauthorized errors with the following data in the response ?xml version=1.0 encoding=UTF-8? hash request/account/ verify_credentials.xml?oauth_consumer_key=[removed] amp;oauth_nonce=7959883amp;oauth_signature_method=HMAC- SHA1amp;oauth_timestamp=1248659818amp;oauth_token=[removed] amp;oauth_version=1.0amp;oauth_signature=TH %2bFof7ErcFdH6XgVgPeou174yI%3d/request errorToo many requests in this time period. Try again later./error /hash This error is just given for my account, other users don't get this error. I can log in from the site with another user without issue. So given that I'm not making that many requests and can trigger this with just manual clicking, how many are allowed for a given user?
[twitter-dev] Re: Too Many Requests for a specific user ....
It is going to be changed soon (see another thread in the group, but I'm not going to bother looking it up for you) to 15 INVALID requests/hr. Valid requests will not count towards the total. On Wed, Jul 29, 2009 at 15:14, Francis Shanahan francisshana...@gmail.comwrote: ok, so I'll optimize my calls to verify_credentials. Would be good if this was documented someplace. Also, does the same limit exist for other APIs? -fs On Jul 27, 10:39 am, TinBlue tinb...@gmail.com wrote: Twitter in their infinite wisdom decided to implement a limit on the verify_credentials API call. I believe its 15 calls per hour. They have since come to their senses and said they will be rolling back to the previous behavior. However, as yet they still haven't done it. But personally, I wish they would hurry up! On Jul 27, 3:07 am, Francis Shanahan francisshana...@gmail.com wrote: Sorry that's 403 Forbidden errors I'm gietting. On Jul 26, 10:06 pm, Francis Shanahan francisshana...@gmail.com wrote: I realise there are limits on the number of times an application can call into Twitter in a given time period. In the course of my testing though I tend to fire off a lot of requests, nothing crazy just probably 1 per minute as I'm clicking through my tests. Sometimes when I'm testing oAuth Login and logging in/out of the application, and going back and forth with the Grant/Deny page I am experiencing 403 Unauthorized errors with the following data in the response ?xml version=1.0 encoding=UTF-8? hash request/account/ verify_credentials.xml?oauth_consumer_key=[removed] amp;oauth_nonce=7959883amp;oauth_signature_method=HMAC- SHA1amp;oauth_timestamp=1248659818amp;oauth_token=[removed] amp;oauth_version=1.0amp;oauth_signature=TH %2bFof7ErcFdH6XgVgPeou174yI%3d/request errorToo many requests in this time period. Try again later./error /hash This error is just given for my account, other users don't get this error. I can log in from the site with another user without issue. So given that I'm not making that many requests and can trigger this with just manual clicking, how many are allowed for a given user? -- Internets. Serious business.
[twitter-dev] Re: How to use Twitter to sign out ? calling to end_session does not work
account/end_session will not do anything with the user on your site. It should log them out of twitter.com but the use case is very limited and I don't think it gets used/tested very often. To log someone out of your own site you have to delete the sessions/cookies/etc that you are using to keep them logged in. For example in PHP session_destroy(); will accomplish this. If the account 1) has already approved your application and 2) is currently signed into twitter.com since you are using oauth/authenticate they will not even appear to visit twitter.com. They will just automagically get logged in. Abraham On Tue, Jul 28, 2009 at 22:21, CG learn@gmail.com wrote: Hi, I am developing a simple Web App that use sign in with twitter , where the app will automatically redirect to twitter.com/oauth/authenticate(with request token/secret of course) if user is not authenticated. It works well until I need to add a sign out function in my App. I use the end_session API and I get an error Logged out. which I think actually is loggout successfully (I came across a ticket mentioning about this) I thought that after signing out from my app, when I revisit the same page , I supposed to be redirect to the sign in page but unfortunately , it seems like successfully authenticate me and redirect back to my app without required any authentication. I did a test on this by calling to end_session , and go to another browser tab , to access www.twitter.com , it seems like I am still not sign out from Twitter .. Anybody face this problem ? what is the solution for this ? without this function , my app is useless , because user can only sign out at twitter.com or clear the cache/cookie in browser. Cheers . CG -- Abraham Williams | Community Evangelist | http://web608.org Hacker | http://abrah.am | http://twitter.com/abraham Project | http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private.
[twitter-dev] Re: How to use Twitter to sign out ? calling to end_session does not work
I think the question refers to the force_login oauth parameter. What I think CG wants it to log users out of Twitter, so when the app asks for authentication, the user is forced to log in TO TWITTER again. If that is the case: http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-oauth-authenticate G'luck, Andres B @andresb On Jul 28, 11:19 pm, CG learn@gmail.com wrote: hi , thx for reply .. my app will actually do the following thing 1. get a new request token secret (or should I use the old requeust token ?) 2. redirect user to the authenticate URL (twitter.com/oauth/authenticate?x) with the request token secret At this moment , Twitter will do the authentication , and successfully authenticate me (even I hv call the end_session) .. I do not even pass any oauth token and secret at this stage .. CG On Wed, Jul 29, 2009 at 11:41 AM, Duane Roelandsduane.roela...@gmail.com wrote: I'm not familiar with End_Session, but couldn't you just clear the OAuth Token and TokenSecret? That would effectively sign you out because you'd need to reauthenticate. On Jul 28, 11:21 pm, CG learn@gmail.com wrote: Hi, I am developing a simple Web App that use sign in with twitter , where the app will automatically redirect to twitter.com/oauth/authenticate(with request token/secret of course) if user is not authenticated. It works well until I need to add a sign out function in my App. I use the end_session API and I get an error Logged out. which I think actually is loggout successfully (I came across a ticket mentioning about this) I thought that after signing out from my app, when I revisit the same page , I supposed to be redirect to the sign in page but unfortunately , it seems like successfully authenticate me and redirect back to my app without required any authentication. I did a test on this by calling to end_session , and go to another browser tab , to accesswww.twitter.com, it seems like I am still not sign out from Twitter .. Anybody face this problem ? what is the solution for this ? without this function , my app is useless , because user can only sign out at twitter.com or clear the cache/cookie in browser. Cheers . CG
[twitter-dev] Re: Application statistics
Is this monitored by the Twitter team? If you guys have no solution for this - just tell, I'll code something On Jul 28, 10:22 am, droidin.net bost...@gmail.com wrote: Is there a way of tracking who and how is using your app? Simple search based on app name (like from DroidIn) does not yield any results
[twitter-dev] name in full is too long
Hallo, I've got a really big problem. My name is Male Gottschlich and I'm from Germany. First of all I have to apologize for my spelling mistakes; my English isn't stunning. I'd like to take MalteGottschlich as username but it's too long. Only one character to long :-( I have already tried to chose my nicknames or things like MalteG but all of them are taken by others... So my question: Is it possible for one of You to give me the name I'd like to have ? It would be grateful to hear from You Yours Malte Gottschlich
[twitter-dev] Re: Twitter JS implementation
No decent implementation of the twitter API exists in js. Sorry. Had to say it. If you're developing a js/xhtml application under the air environment, you may be interested in using our js wrapper for the API. We will be open sourcing it after our release. Let me know. On Wed, Jul 29, 2009 at 9:25 AM, JDG ghil...@gmail.com wrote: http://code.google.com/p/oauth/source/browse/code/javascript/ will get you started -- the oauth stuff is probably the meat of what you need to do to get statuses/update working. JS isn't a great language for this, because of the XSS issues that arise. On Wed, Jul 29, 2009 at 11:29, Bob Fishel bobfis...@gmail.com wrote: Can anyone recommend a javascript api implementation (anything that already has a jquery plugin would be a bonus but not necessary) The few I've seen don't allow statuses.update which is a nessecity for me. Thanks -- Internets. Serious business. -- Kevin Mesiab CEO, Mesiab Labs L.L.C. http://twitter.com/kmesiab http://mesiablabs.com http://retweet.com
[twitter-dev] Re: Twitter JS implementation
Workin on it now. Details in a bit. On Wed, Jul 29, 2009 at 8:01 PM, shiplushiplu@gmail.com wrote: Why not start building one if there is not any. :P -- A K M Mokaddim http://talk.cmyweb.net http://twitter.com/shiplu Stop Top Posting !! বাংলিশ লেখার চাইতে বাংলা লেখা অনেক ভাল Sent from Dhaka, Bangladesh
[twitter-dev] Re: name in full is too long
If a Twitter username has been idle for (6? 9?) months, you can request that Twitter let you take it over. However please note that these are considered low priority requests and can take a LONG time for anyone to respond. And this list isn't the place to do it. http://help.twitter.com/portal is probably the right place to start. I'd recommend finding another name for the time being. TjL ps - with all the one post wonders out there, I hope that Twitter will eventually go through and purge accounts that haven't been used in a year.
[twitter-dev] Re: Logging Out of Twitter Through API
The account/end_session method does not log the user out of Twitter.com. It simply invalidates the session token that is created with the current API session. There is no method that will log a user out of Twitter.com. Thanks, Doug On Wed, Jul 29, 2009 at 10:53 AM, Stuart stut...@gmail.com wrote: 2009/7/29 Greg gregory.av...@gmail.com: I have not - hopefully someone has an answer. I've found that it's enough to simply forgets the token and secret. Why do you need anything more than that? The API does not maintain a session for users, so there's nothing to log out from except your site. -Stuart On Jul 29, 2:23 am, CG learn@gmail.com wrote: Hi , Greg, have you found any solution ? I face the same problem ... :( CG On Thu, Jul 23, 2009 at 2:09 AM, Greggregory.av...@gmail.com wrote: Hello everyone, Just a quick question here - I originally though the the 'http:// twitter.com/account/end_session.xml' API function logs the useroutof Twitter - however that doesn't appear to be the case with my application. Every time that I run that function - it doesn'tlogthemoutof Twitter (i.e basically the session variables with Twitter are not destroyed). Is that the way the function is supposed to be used? It is meant to completelylogthe useroutof Twitter? Thanks, Greg
[twitter-dev] Re: id field is missing in status from streaming API frequently
thank you for the fix. you rock. -aj 2009/7/29 H12山本 裕介 yus...@mac.com Fixed. http://yusuke.homeip.net/hudson/job/Twitter4J/296/ Please try the latest build. http://yusuke.homeip.net/maven2/net/homeip/yusuke/twitter4j/2.0.9-SNAPSHOT/ Now T4J ignores deleted tweets. Cheers, -- Yusuke Yamamoto yus...@mac.com this email is: [x] bloggable/twittable [ ] ask first [ ] private follow me on : http://twitter.com/yusukeyamamoto subscribe me at : http://yusuke.homeip.net/blog/ On 7月24日, 午後9:15, AJ Chen cano...@gmail.com wrote: John, thanks. Yusuke, it may be a good idea for twitter4j library to exclude the deleted statuses as they are received. currently, twitter4j throws an exception for them, which is less informative. thanks. -aj On Fri, Jul 24, 2009 at 3:20 PM, John Kalucki jkalu...@gmail.com wrote: It appears that you are treating status deletions as statuses. -John Kalucki http://twitter.com/jkalucki Services, Twitter Inc. On Jul 24, 3:18 pm, AJ Chen cano...@gmail.com wrote: twitter streaming api has lots of statuses missing id? the following exception appears almost continuously in my log. it indicates the id field is missing in status from streaming API. twitter4j.TwitterException: JSONObject[id] not found.:{delete:{status:{id:2813410502,user_id:47157439}}} twitter4j.TwitterException: JSONObject[id] not found.:{delete:{status:{id:2812385903,user_id:54420955}}} thanks, -aj -- AJ Chen, PhD Co-Chair, Semantic Web SIG, sdforum.orghttp://web2express.org Palo Alto, CA -- AJ Chen, PhD Co-Chair, Semantic Web SIG, sdforum.orghttp://web2express.org Palo Alto, CA -- AJ Chen, PhD Co-Chair, Semantic Web SIG, sdforum.org http://web2express.org Palo Alto, CA
[twitter-dev] JSON id order reversed
I have come to realize that sometime between 3pm and 6pm PDT on 7/21 the JSON order of following ids reversed from oldest=youngest to youngest=oldest and has been in the latter order since then. Did I miss an announcement that this was going to happen? More importantly, is this the way the array order will be maintained from here on? It has raised some havoc figuring out which direction to go for older or more recent following when holding an id that was followed some time in the past. I only work with the JSON format and so I have no insight into the xml side of this question. Thanks for your help.
[twitter-dev] Re: Application statistics
Thanks but that doesn't really work for me 1. There's no wildcard so you can only go by search term 2. I wasn't able to see results from say a week ago 3. I don't really want to see WHAT people are posting but rather how often and how many I'm guessing that I'm on my own here. Alas, I think this would be a killer feature for Twitter apps Bo On Jul 29, 3:16 pm, Abraham Williams 4bra...@gmail.com wrote: You can use source:appname to search twitter:http://search.twitter.com/search?q=source%3Aapi+test Of course if your application is posting your updates they most accurate method would be to collect the statistics as you interact with the api. Abraham 2009/7/29 droidin.net bost...@gmail.com Is this monitored by the Twitter team? If you guys have no solution for this - just tell, I'll code something On Jul 28, 10:22 am, droidin.net bost...@gmail.com wrote: Is there a way of tracking who and how is using your app? Simple search based on app name (like from DroidIn) does not yield any results -- Abraham Williams | Community Evangelist |http://web608.org Hacker |http://abrah.am|http://twitter.com/abraham Project |http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private.
[twitter-dev] Re: Application statistics
Oh yes - and if you do something like source:droidin the it not surprisingly kills the search app We're sorry, but something went wrong. On Jul 29, 3:16 pm, Abraham Williams 4bra...@gmail.com wrote: You can use source:appname to search twitter:http://search.twitter.com/search?q=source%3Aapi+test Of course if your application is posting your updates they most accurate method would be to collect the statistics as you interact with the api. Abraham 2009/7/29 droidin.net bost...@gmail.com Is this monitored by the Twitter team? If you guys have no solution for this - just tell, I'll code something On Jul 28, 10:22 am, droidin.net bost...@gmail.com wrote: Is there a way of tracking who and how is using your app? Simple search based on app name (like from DroidIn) does not yield any results -- Abraham Williams | Community Evangelist |http://web608.org Hacker |http://abrah.am|http://twitter.com/abraham Project |http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private.
[twitter-dev] Re: Application statistics
You can also use the Spritzer alpha for a sampling of public statuses. http://apiwiki.twitter.com/Streaming-API-Documentation#spritzer On Wed, Jul 29, 2009 at 23:01, droidin.net bost...@gmail.com wrote: Oh yes - and if you do something like source:droidin the it not surprisingly kills the search app We're sorry, but something went wrong. On Jul 29, 3:16 pm, Abraham Williams 4bra...@gmail.com wrote: You can use source:appname to search twitter: http://search.twitter.com/search?q=source%3Aapi+test Of course if your application is posting your updates they most accurate method would be to collect the statistics as you interact with the api. Abraham 2009/7/29 droidin.net bost...@gmail.com Is this monitored by the Twitter team? If you guys have no solution for this - just tell, I'll code something On Jul 28, 10:22 am, droidin.net bost...@gmail.com wrote: Is there a way of tracking who and how is using your app? Simple search based on app name (like from DroidIn) does not yield any results -- Abraham Williams | Community Evangelist |http://web608.org Hacker |http://abrah.am|http://twitter.com/abraham Project |http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private. -- Abraham Williams | Community Evangelist | http://web608.org Hacker | http://abrah.am | http://twitter.com/abraham Project | http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private.