this is my 1st twitter dev, and i've been wondering what i've done
wrong with the oauth stuff. as it turns out, only some of the
problems i've faced have been mine!
thanks for the updates and info chinaski007 & Scott
i'd like to add some keywords to this post so others may find it:
Incorrect S
Welcome :)
On Jul 31, 9:59 pm, Doug Williams wrote:
> Hi all --
> We are excited to announce that Chad Etzel has joined our team part-time to
> support the developer community. He is the one man show behind TweetGrid [1]
> amongst other projects [2]. We reached out to Chad to join our team after
Hi Doug,
Is there a timescale for rolling back / making the change to the new
scheme?
We're just putting the finishing touches to moving to OAuth and we're
experiencing the issue when using verify_credentials to get the users
basic details once we've got the token back from the authentication
pr
Hi,
Any reason we can no longer access this page on the wiki?
http://apiwiki.twitter.com/OAuth+Example+-+Ruby
It know it used to be public, and it was very helpful.
Thanks
On Fri, Jul 31, 2009 at 21:02, Bradley S. O'Hearne
wrote:
>
> In conclusion, addressing one last example of ATM cards and pins -- you
> picked the safe example. A credit card is far less safe than all of this,
> because lose one of those, and the finder is on a shopping spree, no ID or
> pin requi
Per the OAuth spec:
"Access Tokens MAY limit access to certain Protected Resources, and MAY have
a limited lifetime." [1]
At this time, I don't believe Twitter expires their access token, but that
doesn't mean you shouldn't take it into account, as they may decide to in
the future.
[1] http://oa
Christopher,
It is good to see that someone understands the bigger picture here.
This conversation suffers from a presumption of a specific use-case
(web application communicating with Twitter), and a particular
presumption of trust, or lack thereof. The particular comments such as:
> Yo
Once an Access Token and Token Secret have been obtained and stored in
the app's database, can the app then access the user's protected
resources until the user revokes access, or is there a certain
timeframe after which the access token automatically expires (and must
be renewed)?
@John Adams
How do you know it will be ok till 58821?
How many new twitter user sign-up each days?
I just do a google and 2^64 =
*1.84467441 × 1019*I don't know how you calculater which days?
We can not know how many news user will register twitter?
2009/8/1 John Adams
>
>
> On Jul 31, 2009, at
On Jul 31, 2009, at 4:04 PM, Andrew Badera wrote:
but why not go with 128 bit decimal/floating point precision
datatypes to begin with, and never have this issue? if anyone says
"overhead" I'm gonna whack 'em like a popup weasel. in this day and
age of CPU cycles and RAM, you might as wel
alternatively, you could of course do something like this:
var token = {};
var parts = theReturnString.split('&');
for (var part in parts) {
var parm = part.split('=');
token[parm[0]] = parm[1] || "";
}
On Fri, Jul 31, 2009 at 17:54, JDG wrote:
> That will never return JSON, per the OAu
That will never return JSON, per the OAuth spec. It will return a token in
the HTTP Query String format. If you are using Dojo, you can use
dojo.queryToObject to convert it to json.
On Fri, Jul 31, 2009 at 14:59, Eric Garside wrote:
>
> Hey all,
>
> I'm working on a Javascript library for full A
On Fri, Jul 31, 2009 at 7:07 PM, Abraham Williams <4bra...@gmail.com> wrote:
> Srew it. Go with 1024 bit unsigned int!
>
>
Hey, if the common frameworks and languages of the day supported it, sure,
why not?
Awesome Chad!
Sent from my iPhone
On Jul 31, 2009, at 2:59 PM, Chad Etzel wrote:
Thanks, Doug!
I really appreciate all the well-wishing tweets and emails. I have
been noticeably silent on the list recently while all of these details
have been worked out. Now that it's official I can get ba
On Fri, Jul 31, 2009 at 3:59 PM, John Adams wrote:
>
> On Jul 31, 2009, at 3:37 PM, Josh Roesslein wrote:
>
> Well 64 bit should last for a while. Curious how long it will be until 128
>> bit will be required.
>>
>
>
>
> Mathematica tells me:
> "Fri 24 Sep 58821 22:55:00"
Darn it - I was plann
Srew it. Go with 1024 bit unsigned int!
Abraham
On Fri, Jul 31, 2009 at 18:04, Andrew Badera wrote:
> On Fri, Jul 31, 2009 at 6:59 PM, John Adams wrote:
>
>>
>> On Jul 31, 2009, at 3:37 PM, Josh Roesslein wrote:
>>
>> Well 64 bit should last for a while. Curious how long it will be until
>>>
On Fri, Jul 31, 2009 at 6:59 PM, John Adams wrote:
>
> On Jul 31, 2009, at 3:37 PM, Josh Roesslein wrote:
>
> Well 64 bit should last for a while. Curious how long it will be until 128
>> bit will be required.
>>
>
>
>
> Mathematica tells me:
> "Fri 24 Sep 58821 22:55:00"
>
> I think you'll be f
On Jul 31, 2009, at 3:37 PM, Josh Roesslein wrote:
Well 64 bit should last for a while. Curious how long it will be
until 128 bit will be required.
Mathematica tells me:
"Fri 24 Sep 58821 22:55:00"
I think you'll be fine for a long time at 64 bit.
-john
---
John Adams
Twitter Operations
Just store everything in strings and give up :-)
Zac Bowling
On Fri, Jul 31, 2009 at 3:37 PM, Josh Roesslein wrote:
> Well 64 bit should last for a while. Curious how long it will be until 128
> bit will be required.
>
Well 64 bit should last for a while. Curious how long it will be until 128
bit will be required.
The first Twitpocalypse involved the tweet ID's moving past the
highest 32-bit *signed* integer (which is 2,147,483,647).
This time around the tweet ID's will move past the highest 32-bit
*un*signed integer (which is 4,294,967,295).
Developers should make sure the code they are using to
store/ma
Huh? I thought this issue was resolved already?
My developer for www.MyTwitterButler.com said he solved this problem
back in June?
Am I missing something?
Cheers,
Dean
-Original Message-
From: twitter-development-talk@googlegroups.com
[mailto:twitter-development-t...@googleg
Thanks, Doug!
I really appreciate all the well-wishing tweets and emails. I have
been noticeably silent on the list recently while all of these details
have been worked out. Now that it's official I can get back to
responding. As always, if you have suggestions about making the lines
of communica
Twitter status ids are fast approaching the maximum 32-bit *unsigned*
integer value (4,294,967,295).
The current estimate is that this will occur in approximately 60 days,
at the end of September. The 60 day window is a best-guess
approximation based on projections. It could conceivably happen
so
Hey all,
I'm working on a Javascript library for full API access with Twitter,
and a current hickup in the system is fetching the oAuth token from
Javascript.
I'm new to the twitter API, so I'm not sure if I'm missing something,
but I can't seem to get my API call to:
http://twitter.com/oauth/r
Well done Chad.
It's nice to see Twitter looking out for some of the developers in the
community. :)
Hi all --
We are excited to announce that Chad Etzel has joined our team part-time to
support the developer community. He is the one man show behind TweetGrid [1]
amongst other projects [2]. We reached out to Chad to join our team after
his continual and valuable participation in the community made
Thanks for the heads-up on this change! Good show.
On Jul 31, 3:06 pm, Isaiah wrote:
> First off, thanks for the heads up and giving us a large lead time.
> It's what I asked for in a previous email, and even if you never read
> that email and this isn't a response to me at all. I'll say t
the former is assuming UTF-8, which is likely the correct assumption to
make. %E9 is the actual unicode codepoint, whereas the %C3%A9 is the UTF-8
encoding of said codepoint. I believe the API wiki says something about
requiring UTF-8 encoding (and if it doesn't, it should).
On Fri, Jul 31, 2009 a
Since you're not including an oauth_callback, i would assume you're using
the oob flow, in which case, i have to ask, where's your oauth_verifier
parameter?
On Fri, Jul 31, 2009 at 13:09, mattarnold1977 wrote:
>
> Please, if anyone can assist I would be grateful. Here is a sample of
> my url I'v
Thanks for the tip, Marcel.
I am trying to build my signed requests using that page, but I found
this weird thing:
The hueniverse page converts "véio" (in Brazil most words have such
marks) to
"v%C3%A9io"
but my C# lib UrlEncode method outputs
"v%E9io"
So does this URL encode example page
http:
Hi,
Since few hours statuses/update return always Internal Server Error!
I work on my own lib for Twitter with OAuth authentification on
Android plateform. Yesterday and this morning, I have no problem.
Now, it always work for all others method that I used : oauth/
request_token, oauth/access_t
Please, if anyone can assist I would be grateful. Here is a sample of
my url I've formed to get the access token:
http://twitter.com/oauth/access_token?oauth_consumer_key=myconsumerkey&oauth_nonce=6475147&oauth_signature=mysignature&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1248981982&oau
First off, thanks for the heads up and giving us a large lead time.
It's what I asked for in a previous email, and even if you never read
that email and this isn't a response to me at all. I'll say thanks
anyway, because it's great. :-)
But, forgive me if I'm off base, but you're sayin
Jesse,
If it is not, then it is a defect. That is the intended functionality.
Thanks,
Doug
On Fri, Jul 31, 2009 at 10:57 AM, Jesse Stay wrote:
> Doug, interesting - I didn't realize that's what Sign on With Twitter did.
> Last I tried that wasn't working though - is that working now?
> Jesse
>
On Jul 31, 9:03 pm, Alex Payne wrote:
> To clarify, since several people have asked: this pending change does
> NOT mean that pagination is required. You can still attempt to
> retrieve all IDs in one call, but be aware that this is likely to time
> out or fail for users with large social graph
To clarify, since several people have asked: this pending change does
NOT mean that pagination is required. You can still attempt to
retrieve all IDs in one call, but be aware that this is likely to time
out or fail for users with large social graphs.
On Fri, Jul 31, 2009 at 10:35, Alex Payne wro
Doug, interesting - I didn't realize that's what Sign on With Twitter did.
Last I tried that wasn't working though - is that working now?
Jesse
On Fri, Jul 31, 2009 at 1:31 PM, Doug Williams wrote:
> Jesse,
> That is not true. With the Sign in with Twitter flow (not the standard
> OAuth flow wh
Alex, thanks for the advance notice, and having notification when you're at
the last page will be a huge improvement and help. Does this mean pagination
is now required for that method?
Jesse
On Fri, Jul 31, 2009 at 1:35 PM, Alex Payne wrote:
>
> The Twitter API currently has two methods for ret
The Twitter API currently has two methods for returning a user's
denormalized "social graph": /friends/ids [1] and /followers/ids [2].
These methods presently allow pagination by use of a "?page=n"
parameter; without that parameter, they attempt to return all user IDs
in the specified set. If you'
Jesse,
That is not true. With the Sign in with Twitter flow (not the standard OAuth
flow which is also available) -- If the user is logged in and has previously
approved the app, they will be immediately redirected back to the
application without ever seeing a Twitter dialog.
Thanks,
Doug
On Fri,
Thanks for the kind words, from the Twitter team.
Cheers,
Doug
On Thu, Jul 30, 2009 at 8:52 PM, MRWILLAN wrote:
>
> I like to take this time to personally THANK Twitter Development for
> the work your doing and fixing in the line of spam follow up and
> tactical problems, I know there must be
The results in english is "fine":
- http://search.twitter.com/search?lang=all&q=307.to
Results in portuguese, simple doesn't return nothing:
- http://search.twitter.com/search?lang=pt&q=307.to
But yes, there is portuguese tweets with "307.to" string:
- http://search.twitter.com/search?lang=pt
One security advantage of oauth with desktop apps is allowing the
application to keep you logged in
without having to store your password in plaintext on the hard disk. This
way if the computer is compromised or stolen later on your password is not
compromised.
I still think the UX with desktop ba
No, Sign in with Twitter doesn't have the same flow as Facebook Connect.
With Facebook Connect, once your sessions are created, they remain for that
user for a given time. The user doesn't have to go through the entire login
process again each time you request a signature for them. With Twitter,
Another way to look at it, from the opposite angle: If I change my Twitter
password on Twitter's site, my app will continue to work without additional
interaction if it's coded with OAuth.
On Fri, Jul 31, 2009 at 08:41, Christopher St John wrote:
>
> On Thu, Jul 30, 2009 at 6:07 PM, Bradley S.
>
On Thu, Jul 30, 2009 at 6:07 PM, Bradley S.
O'Hearne wrote:
>
> I really want to hear stated, or read on a FAQ, is the pre-requisite
> security trust, that in that scenario, it necessarily makes OAuth
> superior to basic authentication.
>
The problem here is that you're paying attention, instead
About the first point, this will just keep happening. The only difference is
that instead of have their credential stolen, they will have their token
stolen. Then, spammers, for example, will use this tokens to send a lot of
spam messages, or do whatever they want. When the user notice it will be t
No, that's wrong!
You can send DMs to any account as long as he is following you! You even
doesn't need to follow him!
2009/7/31 Abraham Williams <4bra...@gmail.com>
> This is incorrect.
>
> Account A can send DMs to any accounts that are following account A.
> Account A does not having to be fo
Hi,
I am unable to get tweets from Twitter API for the query credit cards OR
card when set geocode to "New York,US" within:2500km. Search Link
http://search.twitter.com/search.json?q=credit+cards+OR+card&rpp=100&page=1&geocode=40.756054%2C-73.986951%2C2500.0km
but when i decrease radius from 2
Hi,
I am unable to get tweets from Twitter API for the query credit cards
OR card when set geocode to "New York,US" within:2500km. Search Link
http://search.twitter.com/search.json?q=credit+cards+OR+card&rpp=100&page=1&geocode=40.756054%2C-73.986951%2C2500.0km
but when i decrease radius from
Ah, I see. I was misled by the Twitter.com website.
If go to Twitter.com and select "Direct Messages" on the right, you
are taken to a screen with a dropdown list for selecting the
recipient. That dropdown does -not- have all of my followers in it.
But, I see that if I browse to the profile of
This is incorrect.
Account A can send DMs to any accounts that are following account A. Account
A does not having to be following the accounts receiving the DMs.
Abraham
On Fri, Jul 31, 2009 at 07:25, Duane Roelands wrote:
>
> If I understand correctly, in order to send a direct message to
> an
If I understand correctly, in order to send a direct message to
another user, we must be "mutual followers"; he must be following me
and I must be following him.
Now, I could call friends/ids and then followers/ids and use the
intersection of those two calls. That seems like an awful lot of data
"With basic auth you are aware of the fact you are giving application
credentials, so are able to make thoughtful decision."
This is not supported by the evidence, as thousands of people
"thoughtfully" gave their Twitter credentials to TwitViewer and got
their accounts stolen.
"With OAuth you (or
I am surprised nobody is bringing up these too points:
- people will use the more secure thing once they are educated. you know the
kind of stuff where you tell the people you support that they will not get
tech support any more if they do this.
- the argument about 'having to agree on something'
On Jul 30, 7:40 pm, "Bradley S. O'Hearne"
wrote:
> 2. Passwords being stored locally.
> Comment: The application integrating with Twitter is already
> effectively "trusted", so the concern should not be with the app
> itself. The concern here would be other apps or people being able to
> g
On Jul 31, 4:37 am, Duane Roelands wrote:
> OAuth lets you access the Twitter service without giving your Twitter
> credentials to anyone but Twitter.
> Basic Auth requires you to give your Twitter credentials to someone
> other than Twitter.
> Therefore, OAuth is more secure than Basic Auth.
>
I want to retrieve all tweets that meet a certain criteria, so I tried
using the since_id as a starting point, and incrementing by a
reasonable delta for subsequent calls, and using that value for a
max_id. I was expecting to get different results when I do:
Run 1:
since_id=2815106475
max_id-sinc
Oh yes!!! The methods which didn't work were sent by plain HTTP and
the other methods that work ok were using HTTPS didn't mind!!
Now, all methods are working on HTTPS, and all are working properly!!
Sure, it seams the solution is use HTTPS
Thanks!!
On Jul 30, 10:16 pm, AlbertC wrote:
> I
Oh yes!!! The methods which didn't work were sent by plain HTTP and the
other methods that work ok were using HTTPS didn't mind!!
Now, all methods are working on HTTPS, and all are working properly!! Sure,
it seams the solution is use HTTPS
Thanks!!
On Thu, Jul 30, 2009 at 10:16 PM, AlbertC
Hi,
The changes made with TFJ-187 is fairly trivial.
You can see the change at:
http://yusuke.homeip.net/fisheye/browse/svn/twitter4j/trunk/src/main/java/twitter4j/http/OAuth.java?r2=355&r1=305
Cheers,
--
Yusuke Yamamoto
yus...@mac.com
this email is: [x] bloggable/tweetable [ ] ask first [ ] pri
62 matches
Mail list logo