Re: [twitter-dev] Access Token updating on App page
You can track the issue report (created June 2009) here: http://code.google.com/p/twitter-api/issues/detail?id=669 Abraham - Abraham Williams | Hacker Advocate | http://abrah.am @abraham | http://projects.abrah.am | http://blog.abrah.am This email is: [ ] shareable [x] ask first [ ] private. On Mon, Aug 16, 2010 at 09:49, Taylor Singletary taylorsinglet...@twitter.com wrote: Good point, Evan. In the mean time -- if you go and explicitly reject your access token on http://twitter.com/settings/connections and then re-negotiate it on the my token feature on dev.twitter.com, you should be able to get around this limitation. Taylor On Mon, Aug 16, 2010 at 9:29 AM, Evan Anderson ejdander...@gmail.comwrote: I've seen that read, read + write access is based on access tokens, and you can request new access tokens if you update your settings. However, It seems that the access tokens Twitter gives you explicitly on an app's settings page don't update to reflect this when you update your app's access settings. I was just curious if the twitter dev team was aware of this and any indication if they will update the access tokens in the future to reflect an app's access setting. Best, Evan Anderson
Re: [twitter-dev] oauth_signature
My library handles all the OAuth signatures automatically. If you read the documentation for TwitterOAuth it will get you started with using the library. Abraham - Abraham Williams | Hacker Advocate | http://abrah.am @abraham | http://projects.abrah.am | http://blog.abrah.am This email is: [ ] shareable [x] ask first [ ] private. On Mon, Aug 16, 2010 at 03:36, alex aakba...@gmail.com wrote: still confused about oauth_signature. what is oauth_signature? who generate oauth_signature? If it is consumer, how to generate oauth_signature ? Im using Abraham's PHP library TwitterOAuth
[twitter-dev] Re: Open Source Android/Twitter Application
http://code.google.com/p/twitter-for-android/ is blocked and can't be accessed But I find this light-weight open source Android project. It seems like it covers OAuth. http://code.google.com/p/andtweet/ On Aug 16, 12:04 pm, Abraham Williams 4bra...@gmail.com wrote: I've been asking about the Twitter for Android code for months. I guess priorities have changed. You can find the locked down code repository on Google Code:http://code.google.com/p/twitter-for-android/ Abraham - Abraham Williams | Hacker Advocate |http://abrah.am @abraham |http://projects.abrah.am|http://blog.abrah.am This email is: [ ] shareable [x] ask first [ ] private. On Sun, Aug 15, 2010 at 23:52, Bess bess...@gmail.com wrote: I have written a book chapter on how to integrate Twitter4J OAuth Java lib with code example in Android last month. It has the bare minimal but the Twitter Java lib would support all Twitter APIs. I am not sure I could release the chapter prior before the book. If the book dies then I may be free to publish it. I am not quite sure if Twitter has official Android app that Twitter is going to open source the code. On Aug 14, 4:39 pm, Clay Graham claytan...@sightlyinc.com wrote: Brad, The reason I am interested in it is not only because I am doing a ton of Twitter work for Android, but also because that app was supposed be their reference implementation for UI patterns and best practices for Android. I am revising my Android app now and would love to see how they did many of the things they do in that app. What I really wish is someone from google or twitter would respond. Clay On Aug 13, 7:16 pm, Brad Bosley brad.bos...@gmail.com wrote: Clay, I've been waiting for it too! Hopefully they don't back out of the promise. Regards, Brad Bosley On Fri, Aug 13, 2010 at 6:07 PM, Clay Graham claytan...@sightlyinc.com wrote: Ed, Thanks for the advice. I have emailed Tim directly, no reply. Will keep trying. Can I be the only one who is hungry for this? Clay
[twitter-dev] user:statuses/friends and the following field - feature request
I'm looking for clarification on the call to user:statuses/friends. I noticed that in the returned results there is a following field. It appears as though this field indicates whether or not the screen_name supplied in the request is following the given user. This information, to me, seems quite obvious. We're making a request to retrieve friends after all; it is automatically assumed we're grabbing Mr. screen_name's friends The functionality I would like to see, and I believe would be beneficial meta-data for numerous applications, is that the following field feeds you a boolean value as to whether the user result is following the user associated to screen_name. If I have misinterpreted the field, my apologies. In the API Console, all returned results for my own personal screen_name returned following as TRUE, and I know a number of those individuals off the top of my head are not following me. Could we get this meta-data implemented in the response? I'd be willing to discuss in more detail, I need the information without making additional API calls in order to further improve a weighting/ ranking algorithm I am using.
[twitter-dev] nonce error when doing 'generated token' OAuth
I ran into an issue when authenticating via OAuth, using the
token/secret pair offered for one of my apps, on the dev site (example)
http://dev.twitter.com/apps/12345/my_token
we use the perl OAuth::Lite::Consumer module and have no difficulty
authenticating using the typical dance for our user facing web app, but
when migrating a cron job from basic to OAuth, using the generated token
pair as above, we now consistently get the following error:
401 Unauthorized
{request:/1/account/verify_credentials.json,error:Invalid / used
nonce}
the passed OAuth Parameters are (consumer key redacted):
$VAR1 = {
'oauth_signature' = 'uHd1S9mCVG/dGNaHCFbl8vLHh2s=',
'oauth_timestamp' = 1282000377,
'oauth_consumer_key' = 'xxx',
'oauth_nonce' = '95881ba3c50fa67a54fb',
'oauth_version' = '1.0',
'oauth_signature_method' = 'HMAC-SHA1'
};
I'm reasonably sure that this all worked when I wrote and tested it
three weeks back, but when I went to roll it into our cron job this
afternoon, authentication consistently fails. I wonder if anyone on the
list has seen a similar change in behavior, and/or could offer some
advice as to what might generate this error. Thanks.
-- Colin
[twitter-dev] Re: anywhere back button bug in IE
Wanted to add that I've found this specific to use cases where document.domain is set in config. The issue can be easily reproduced in any IE browser with a simple test such as: http://gist.github.com/528661. This one generates 2 extra history states, more can be created by adding more iframe calls (ie, tweetBoxes).
[twitter-dev] Over 3 weeks waiting on whitelist approval
Greetings, I applied for whitelist approval for the account @evidencebot back on 7/23 and am still waiting for a reply. I read in the archives that whitelist approval was suspended until the end of the World Cup but that was a while ago. Are there still a lot of requests in the pipeline, or has my application slipped through the cracks somehow? Thank you for your time, Eric Nichols Tohoku University
Re: [twitter-dev] Mombo.com API
I'm interested ! :) On Mon, Aug 16, 2010 at 11:13 PM, Peter Denton petermden...@gmail.comwrote: Hey everyone, I work on a project called Mombo.com which does sentiment analysis on box-office movies. We have an API but wanted to know if other developers would be interested in consuming the data. It would allow you to do things like show lists of popular movies, get the scores of independent movies, etc. Not trying to self-promote here as much as just generally interested to see if other developers would like to consume. Thanks Peter -- Peter Denton Co-Founder, Product Marketing www.mombo.com cell: (206) 427-3866 twitter @Mombo_movies twitter - personal: @petermdenton -- Romain Pouclet http://www.palleas.com
[twitter-dev] Twitter button with custom URL shortener
Hi everyone! I'm developer for a French News TV Channel, and as we already own a bit.ly Pro Entreprise account to have our own URL shortener with our domain, I just wanted to know if it were possible to deactivate t.co shortening on tweet buttons to keep our custom shortened URLs? Thanks! Regards, Romain
[twitter-dev] Auto tweeting - guidelines and reporting bad practice
Is there anything in the terms of use about best practice for auto- tweeting? I refer to the irritating practice an app automatically tweeting a viral message from your account when you authenticate. e.g. I just got 50% somethingfactor on somelameapp.com, what's yours? It should be against the terms of use to do this without the *minimum* of a warning message, e.g. logging in will send a tweet from your account - best practice would be an opt-in checkbox or some such UI. There needs to be a way for applications to be reported for doing this.
[twitter-dev] STATUS update after getting the Auth token using by using X-auth.
can any one help in updating the status of my twitter account by using auth token and secret. am getting 401 error while doing this.. can any one give me code for updating the status.
[twitter-dev] Re: OAuth authentication issuse
hey am getting the same error like UnAuthorized
here is my code..
if anything wrong plz replay its urgent
private void StatusUpdate() throws CryptoTokenException,
CryptoUnsupportedOperationException, IOException {
String oauth_signature_method = HMAC-SHA1;
String oauth_timestamp = String.valueOf(timestamp());
String oauth_nonce = createNonce(oauth_timestamp);
String oauth_version = 1.0;
String postBody = status=
+ URLUTF8Encoder.encode(Finally i got
success);
String baseString = POST
+ URLUTF8Encoder
.encode(https://twitter.com/statuses/update.json;)
+ oauth_consumer_key%3D + my consumer
Secret
+ %26oauth_nonce%3D + oauth_nonce
+ %26oauth_signature_method%3D +
oauth_signature_method
+ %26oauth_token%3D + token.getToken()
+ %26oauth_timestamp%3D + oauth_timestamp
+ %26oauth_version%3D + oauth_version + %26
+ URLUTF8Encoder.encode(postBody);
String signingSecret = URLUTF8Encoder
.encode(RU49YpOoPLaIfasdfasdf53245fsdfssdfas)
+ +
URLUTF8Encoder.encode(token.getSecret());
String signature = hmacsha1(signingSecret, baseString);
Dialog.alert(signature);
String header = new StringBuffer(OAuth oauth_nonce=\).append(
URLUTF8Encoder.encode(oauth_nonce)).append(
\, oauth_signature_method=\).append(
URLUTF8Encoder.encode(oauth_signature_method)).append(
\, oauth_timestamp=\).append(
URLUTF8Encoder.encode(oauth_timestamp)).append(
\, oauth_consumer_key=\).append(my
consumer Secret)
.append(\,oauth_token=\).append(
URLUTF8Encoder.encode(token.getToken())).append(
\,
oauth_signature=\).append(
URLUTF8Encoder.encode(signature)).append(
\,
oauth_version=\).append(oauth_version).append(
\).toString();
UpdateMyNewStatus(header, postBody);
}
public static void UpdateMyNewStatus(String auth_header, String body)
{
String url = https://twitter.com/statuses/update.json;;
HttpConnection httpConn = null;
InputStream input = null;
OutputStream os = null;
try {
httpConn = (HttpConnection) Connector.open(url
+
ConnectionUtils.getConnectionPerameter());
httpConn.setRequestMethod(HttpConnection.POST);
httpConn.setRequestProperty(WWW-Authenticate,
OAuth realm=http://twitter.com/;);
httpConn.setRequestProperty(Content-Type,
application/x-www-form-urlencoded);
String authHeader = auth_header;
httpConn.setRequestProperty(Authorization,
authHeader);
// write post body
String postBody = body;
httpConn.setRequestProperty(Content-Length, Integer
.toString(postBody.getBytes().length));
os = httpConn.openOutputStream();
os.write(postBody.getBytes());
os.close();
os = null;
input = httpConn.openInputStream();
int resp = httpConn.getResponseCode();
Dialog.alert(httpConn.getResponseMessage());
if (resp == HttpConnection.HTTP_OK) {
StringBuffer buffer = new StringBuffer();
int ch;
while ((ch = input.read()) != -1) {
buffer.append((char) ch);
}
String content = buffer.toString();
Dialog.alert(content);
}
} catch (Exception e) {
} finally {
try {
httpConn.close();
Re: [twitter-dev] nonce error when doing 'generated token' OAuth
On 8/17/10 5:35 AM, Colin Hill wrote:
I ran into an issue when authenticating via OAuth, using the
token/secret pair offered for one of my apps, on the dev site (example)
http://dev.twitter.com/apps/12345/my_token
we use the perl OAuth::Lite::Consumer module and have no difficulty
authenticating using the typical dance for our user facing web app, but
when migrating a cron job from basic to OAuth, using the generated token
pair as above, we now consistently get the following error:
401 Unauthorized
{request:/1/account/verify_credentials.json,error:Invalid / used
nonce}
the passed OAuth Parameters are (consumer key redacted):
$VAR1 = {
'oauth_signature' = 'uHd1S9mCVG/dGNaHCFbl8vLHh2s=',
'oauth_timestamp' = 1282000377,
'oauth_consumer_key' = 'xxx',
'oauth_nonce' = '95881ba3c50fa67a54fb',
'oauth_version' = '1.0',
'oauth_signature_method' = 'HMAC-SHA1'
};
I'm reasonably sure that this all worked when I wrote and tested it
three weeks back, but when I went to roll it into our cron job this
afternoon, authentication consistently fails. I wonder if anyone on the
list has seen a similar change in behavior, and/or could offer some
advice as to what might generate this error. Thanks.
-- Colin
Hi Colin,
Quoting RFC 5849 (OAuth 1.0) :
A nonce is a random string, uniquely generated by the client to allow
the server to verify that a request has never been made before and
helps prevent replay attacks when requests are made over a non-secure
channel. The nonce value MUST be unique across all requests with the
same timestamp, client credentials, and token combinations.
In other words, it has to be unique.
I'm not entirely sure, but I *think* that Twitter's implementation of
this says that it has to be unique, but you can re-use it after 10
minutes. That might explain why it worked before.
Tom
Re: [twitter-dev] Auto tweeting - guidelines and reporting bad practice
Is there anything in the terms of use about best practice for auto- tweeting? Go find out? http://twitter.com/tos I refer to the irritating practice an app automatically tweeting a viral message from your account when you authenticate. e.g. I just got 50% somethingfactor on somelameapp.com, what's yours? As far as I know, that is not forbidden, as long as the application explicitly mentions that the application will post a tweet. It should be against the terms of use to do this without the *minimum* of a warning message, e.g. logging in will send a tweet from your account - best practice would be an opt-in checkbox or some such UI. Like I said There needs to be a way for applications to be reported for doing this. I agree. Tom
Re: [twitter-dev] STATUS update after getting the Auth token using by using X-auth.
On 8/17/10 1:47 PM, LINUXGEEK wrote: can any one help in updating the status of my twitter account by using auth token and secret. am getting 401 error while doing this.. can any one give me code for updating the status. I could give you pseudocode, yes, but that will most likely be useless to you. Assuming that you know how to program a HTTP socket, what is the request you make to twitter before getting this 401 error, and what is the base string you use to generate the signature? Tom PS: People have said that I never mention the existence of libraries. So, here I go: http://dev.twitter.com/pages/oauth_libraries PPS: I dislike libraries.
Re: [twitter-dev] Auto tweeting - guidelines and reporting bad practice
Principle #1 of the Twitter Platform is: Don't Surprise Users. -- And this type of activity does exactly that and is therefore against the spirit of the developer guidelines. http://dev.twitter.com/api_terms You can report misbehaving applications at: http://twitter.com/help/escalate Taylor On Tue, Aug 17, 2010 at 7:21 AM, Tom van der Woerdt i...@tvdw.eu wrote: Is there anything in the terms of use about best practice for auto- tweeting? Go find out? http://twitter.com/tos I refer to the irritating practice an app automatically tweeting a viral message from your account when you authenticate. e.g. I just got 50% somethingfactor on somelameapp.com, what's yours? As far as I know, that is not forbidden, as long as the application explicitly mentions that the application will post a tweet. It should be against the terms of use to do this without the *minimum* of a warning message, e.g. logging in will send a tweet from your account - best practice would be an opt-in checkbox or some such UI. Like I said There needs to be a way for applications to be reported for doing this. I agree. Tom
Re: [twitter-dev] Re: OAuth authentication issuse
Hi,
According to the guide How To Ask Questions The Smart Way
http://catb.org/esr/faqs/smart-questions.html#asking, it is unwise to
flag your question as urgent. ;-)
Anyway, to answer your question: That's a lot of code, but I prefer to
know what it is doing over the actual code. So: can you post a request
which you make to Twitter, and can you give the Base String which you
use for generating the signature?
Tom
On 8/17/10 1:58 PM, LINUXGEEK wrote:
hey am getting the same error like UnAuthorized
here is my code..
if anything wrong plz replay its urgent
private void StatusUpdate() throws CryptoTokenException,
CryptoUnsupportedOperationException, IOException {
String oauth_signature_method = HMAC-SHA1;
String oauth_timestamp = String.valueOf(timestamp());
String oauth_nonce = createNonce(oauth_timestamp);
String oauth_version = 1.0;
String postBody = status=
+ URLUTF8Encoder.encode(Finally i got
success);
String baseString = POST
+ URLUTF8Encoder
.encode(https://twitter.com/statuses/update.json;)
+ oauth_consumer_key%3D + my consumer
Secret
+ %26oauth_nonce%3D + oauth_nonce
+ %26oauth_signature_method%3D +
oauth_signature_method
+ %26oauth_token%3D + token.getToken()
+ %26oauth_timestamp%3D + oauth_timestamp
+ %26oauth_version%3D + oauth_version + %26
+ URLUTF8Encoder.encode(postBody);
String signingSecret = URLUTF8Encoder
.encode(RU49YpOoPLaIfasdfasdf53245fsdfssdfas)
+ +
URLUTF8Encoder.encode(token.getSecret());
String signature = hmacsha1(signingSecret, baseString);
Dialog.alert(signature);
String header = new StringBuffer(OAuth oauth_nonce=\).append(
URLUTF8Encoder.encode(oauth_nonce)).append(
\, oauth_signature_method=\).append(
URLUTF8Encoder.encode(oauth_signature_method)).append(
\, oauth_timestamp=\).append(
URLUTF8Encoder.encode(oauth_timestamp)).append(
\, oauth_consumer_key=\).append(my
consumer Secret)
.append(\,oauth_token=\).append(
URLUTF8Encoder.encode(token.getToken())).append(
\,
oauth_signature=\).append(
URLUTF8Encoder.encode(signature)).append(
\,
oauth_version=\).append(oauth_version).append(
\).toString();
UpdateMyNewStatus(header, postBody);
}
public static void UpdateMyNewStatus(String auth_header, String body)
{
String url = https://twitter.com/statuses/update.json;;
HttpConnection httpConn = null;
InputStream input = null;
OutputStream os = null;
try {
httpConn = (HttpConnection) Connector.open(url
+
ConnectionUtils.getConnectionPerameter());
httpConn.setRequestMethod(HttpConnection.POST);
httpConn.setRequestProperty(WWW-Authenticate,
OAuth realm=http://twitter.com/;);
httpConn.setRequestProperty(Content-Type,
application/x-www-form-urlencoded);
String authHeader = auth_header;
httpConn.setRequestProperty(Authorization,
authHeader);
// write post body
String postBody = body;
httpConn.setRequestProperty(Content-Length, Integer
.toString(postBody.getBytes().length));
os = httpConn.openOutputStream();
os.write(postBody.getBytes());
os.close();
os = null;
input = httpConn.openInputStream();
int resp = httpConn.getResponseCode();
Dialog.alert(httpConn.getResponseMessage());
if (resp == HttpConnection.HTTP_OK) {
StringBuffer buffer = new StringBuffer();
int ch;
while ((ch = input.read()) != -1) {
Re: [twitter-dev] Twitter button with custom URL shortener
On 8/17/10 3:37 PM, romainst wrote: Hi everyone! I'm developer for a French News TV Channel, and as we already own a bit.ly Pro Entreprise account to have our own URL shortener with our domain, I just wanted to know if it were possible to deactivate t.co shortening on tweet buttons to keep our custom shortened URLs? Thanks! Regards, Romain You can't deactivate it but you can work around it by using the data-url attribute on your button and putting your URL in it. Tom
Re: [twitter-dev] Over 3 weeks waiting on whitelist approval
We're still pretty backed up and taking a divide and conquer strategy, processing recent ones and older ones to gradually meet in the middle. The scale of requests is large. Feel free to resubmit your request and drop a note in this thread with your Twitter screen name and we can look into them for you. Just as a general reminder: whitelisting is a privilege and you should always be working within the bounds of the basic limits provided to you by Twitter rather than counting on a whitelisted scenario being in your future. Taylor On Mon, Aug 16, 2010 at 11:26 PM, Eric Nichols ericnichol...@gmail.comwrote: Greetings, I applied for whitelist approval for the account @evidencebot back on 7/23 and am still waiting for a reply. I read in the archives that whitelist approval was suspended until the end of the World Cup but that was a while ago. Are there still a lot of requests in the pipeline, or has my application slipped through the cracks somehow? Thank you for your time, Eric Nichols Tohoku University
[twitter-dev] Twiter send 401 when image upload
hello! I've registered a desktop app on twitter. Using standard Oauth Library for generating signatures http:// oauth.googlecode.com/svn/code/csharp/OAuthBase.cs I've get token, secret token and gave extended permissions to my app using generated PIN. - there wasn;t problems Now i'm trying to upload picture using this blog http://blogs.southworks.net/jpgarcia/2010/07/31/using-twitpic-api-20-oauth-echo-from-a-c-client-to-upload-pictures/#comments All seems fine, but i've got 401 error in response. If i'm checking credentials in separate response, i've also got 401 error. But if put credential link in the browser, after entering in popup window my login/password i've got JSON credentials file. Have anybody the solution of this problem with uploading?
Re: [twitter-dev] nonce error when doing 'generated token' OAuth
Hi Colin,
Right now we report nonce errors in a few cases -- not all of them having
much to do with nonces unfortunately.
Check that the clock on the machines you are executing this on are within 5
minutes of the clock on api.twitter.com -- one easy way to do this before
you even start making OAuth-based requests is to send a HTTP HEAD request to
http://api.twitter.com/1/help/test.xml -- you'll get a Date HTTP header,
which you can consume and compare against the system clock in your
environment, adjusting the time as necessary when creating your
oauth_timestamp such that it's as close to as in sync with our systems as
possible.
Additionally, you'll want to avoid oauth_nonce values with any kind of
non-alpha-numeric characters, and generally strive to keep them globally
unique across all possible instances of your application.
If you adjust your clock and ensure these truths about your oauth_nonce, and
are still having issues -- we'll explore other reasons it might be invalid.
Taylor
On Tue, Aug 17, 2010 at 7:19 AM, Tom van der Woerdt i...@tvdw.eu wrote:
On 8/17/10 5:35 AM, Colin Hill wrote:
I ran into an issue when authenticating via OAuth, using the
token/secret pair offered for one of my apps, on the dev site (example)
http://dev.twitter.com/apps/12345/my_token
we use the perl OAuth::Lite::Consumer module and have no difficulty
authenticating using the typical dance for our user facing web app, but
when migrating a cron job from basic to OAuth, using the generated token
pair as above, we now consistently get the following error:
401 Unauthorized
{request:/1/account/verify_credentials.json,error:Invalid / used
nonce}
the passed OAuth Parameters are (consumer key redacted):
$VAR1 = {
'oauth_signature' = 'uHd1S9mCVG/dGNaHCFbl8vLHh2s=',
'oauth_timestamp' = 1282000377,
'oauth_consumer_key' = 'xxx',
'oauth_nonce' = '95881ba3c50fa67a54fb',
'oauth_version' = '1.0',
'oauth_signature_method' = 'HMAC-SHA1'
};
I'm reasonably sure that this all worked when I wrote and tested it
three weeks back, but when I went to roll it into our cron job this
afternoon, authentication consistently fails. I wonder if anyone on the
list has seen a similar change in behavior, and/or could offer some
advice as to what might generate this error. Thanks.
-- Colin
Hi Colin,
Quoting RFC 5849 (OAuth 1.0) :
A nonce is a random string, uniquely generated by the client to allow
the server to verify that a request has never been made before and
helps prevent replay attacks when requests are made over a non-secure
channel. The nonce value MUST be unique across all requests with the
same timestamp, client credentials, and token combinations.
In other words, it has to be unique.
I'm not entirely sure, but I *think* that Twitter's implementation of
this says that it has to be unique, but you can re-use it after 10
minutes. That might explain why it worked before.
Tom
Re: [twitter-dev] nonce error when doing 'generated token' OAuth
Tom,
That was my first thought as well, but in that case, I would expect
the request failures to be randomly distributed and relatively
infrequent. In this case it fails every time (tested over a period of 6
hours yesterday). I've also not encountered this issue with any of the
other OAuth profiders we use: Google, Yahoo or LinkedIn. In the case of
Twitter, every request using the standard user facing auth dance
succeeds as well. That said, I can certainly introduce an additional
factor to enhance the uniqueness of generated nonce values to test this
further.
With regard to Nonce uniqueness:
The nonce value MUST be unique across all requests with the same
timestamp, client credentials, and token combinations.
Tom,
Do you mean that Twitter is requiring global uniqueness within the
window of the previous 10 minutes, rather than uniqueness over the very
restricted subset of queries defined in the RFC? If that's the case,
then the issue I've encountered here will only become more pervasive as
more developers switch their implementations to OAuth over the next 13
days. This should be interesting...
Thanks,
Colin
On 8/17/10 10:19 AM, Tom van der Woerdt wrote:
On 8/17/10 5:35 AM, Colin Hill wrote:
I ran into an issue when authenticating via OAuth, using the
token/secret pair offered for one of my apps, on the dev site (example)
http://dev.twitter.com/apps/12345/my_token
we use the perl OAuth::Lite::Consumer module and have no difficulty
authenticating using the typical dance for our user facing web app, but
when migrating a cron job from basic to OAuth, using the generated token
pair as above, we now consistently get the following error:
401 Unauthorized
{request:/1/account/verify_credentials.json,error:Invalid / used
nonce}
the passed OAuth Parameters are (consumer key redacted):
$VAR1 = {
'oauth_signature' = 'uHd1S9mCVG/dGNaHCFbl8vLHh2s=',
'oauth_timestamp' = 1282000377,
'oauth_consumer_key' = 'xxx',
'oauth_nonce' = '95881ba3c50fa67a54fb',
'oauth_version' = '1.0',
'oauth_signature_method' = 'HMAC-SHA1'
};
I'm reasonably sure that this all worked when I wrote and tested it
three weeks back, but when I went to roll it into our cron job this
afternoon, authentication consistently fails. I wonder if anyone on the
list has seen a similar change in behavior, and/or could offer some
advice as to what might generate this error. Thanks.
-- Colin
Hi Colin,
Quoting RFC 5849 (OAuth 1.0) :
A nonce is a random string, uniquely generated by the client to allow
the server to verify that a request has never been made before and
helps prevent replay attacks when requests are made over a non-secure
channel. The nonce value MUST be unique across all requests with the
same timestamp, client credentials, and token combinations.
In other words, it has to be unique.
I'm not entirely sure, but I *think* that Twitter's implementation of
this says that it has to be unique, but you can re-use it after 10
minutes. That might explain why it worked before.
Tom
Re: [twitter-dev] nonce error when doing 'generated token' OAuth
That was my first thought as well, but in that case, I would expect the request failures to be randomly distributed and relatively infrequent. In this case it fails every time (tested over a period of 6 hours yesterday). I've also not encountered this issue with any of the other OAuth profiders we use: Google, Yahoo or LinkedIn. In the case of Twitter, every request using the standard user facing auth dance succeeds as well. That said, I can certainly introduce an additional factor to enhance the uniqueness of generated nonce values to test this further. Why not just incorporate the current time into your random nonce? That's the easiest way. If you are already doing that, the only thing I can suggest is either using higher resolution timers or more bits of entropy. -- personal: http://www.cameronkaiser.com/ -- Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com -- /etc/motd: /earth is 98% full. please delete anyone you can. ---
Re: [twitter-dev] nonce error when doing 'generated token' OAuth
I'll quote some more :
To avoid the need to retain an infinite number of nonce values for
future checks, servers MAY choose to restrict the time period after
which a request with an old timestamp is rejected. Note that this
restriction implies a level of synchronization between the client's
and server's clocks. Servers applying such a restriction MAY provide
a way for the client to sync with the server's clock; alternatively,
both systems could synchronize with a trusted time service. Details
of clock synchronization strategies are beyond the scope of this
specification.
That's what I meant ;-)
And no, the nonce values are per app per user, like the specification
says :-) I personally prefer PHP's uniqid() to generate nonces.
Also, like Taylor said, check your timestamp etc. ;-)
Tom
On 8/17/10 4:59 PM, Colin Hill wrote:
Tom,
That was my first thought as well, but in that case, I would expect
the request failures to be randomly distributed and relatively
infrequent. In this case it fails every time (tested over a period of 6
hours yesterday). I've also not encountered this issue with any of the
other OAuth profiders we use: Google, Yahoo or LinkedIn. In the case of
Twitter, every request using the standard user facing auth dance
succeeds as well. That said, I can certainly introduce an additional
factor to enhance the uniqueness of generated nonce values to test this
further.
With regard to Nonce uniqueness:
The nonce value MUST be unique across all requests with the same
timestamp, client credentials, and token combinations.
Tom,
Do you mean that Twitter is requiring global uniqueness within the
window of the previous 10 minutes, rather than uniqueness over the very
restricted subset of queries defined in the RFC? If that's the case,
then the issue I've encountered here will only become more pervasive as
more developers switch their implementations to OAuth over the next 13
days. This should be interesting...
Thanks,
Colin
On 8/17/10 10:19 AM, Tom van der Woerdt wrote:
On 8/17/10 5:35 AM, Colin Hill wrote:
I ran into an issue when authenticating via OAuth, using the
token/secret pair offered for one of my apps, on the dev site (example)
http://dev.twitter.com/apps/12345/my_token
we use the perl OAuth::Lite::Consumer module and have no difficulty
authenticating using the typical dance for our user facing web app, but
when migrating a cron job from basic to OAuth, using the generated token
pair as above, we now consistently get the following error:
401 Unauthorized
{request:/1/account/verify_credentials.json,error:Invalid / used
nonce}
the passed OAuth Parameters are (consumer key redacted):
$VAR1 = {
'oauth_signature' = 'uHd1S9mCVG/dGNaHCFbl8vLHh2s=',
'oauth_timestamp' = 1282000377,
'oauth_consumer_key' = 'xxx',
'oauth_nonce' = '95881ba3c50fa67a54fb',
'oauth_version' = '1.0',
'oauth_signature_method' = 'HMAC-SHA1'
};
I'm reasonably sure that this all worked when I wrote and tested it
three weeks back, but when I went to roll it into our cron job this
afternoon, authentication consistently fails. I wonder if anyone on the
list has seen a similar change in behavior, and/or could offer some
advice as to what might generate this error. Thanks.
-- Colin
Hi Colin,
Quoting RFC 5849 (OAuth 1.0) :
A nonce is a random string, uniquely generated by the client to allow
the server to verify that a request has never been made before and
helps prevent replay attacks when requests are made over a non-secure
channel. The nonce value MUST be unique across all requests with the
same timestamp, client credentials, and token combinations.
In other words, it has to be unique.
I'm not entirely sure, but I *think* that Twitter's implementation of
this says that it has to be unique, but you can re-use it after 10
minutes. That might explain why it worked before.
Tom
Re: [twitter-dev] nonce error when doing 'generated token' OAuth
Taylor,
Good catch. Thanks. It was in fact a timestamp issue. The virtual
server I was using to test our twitter code hadn't been fired up in a
few weeks so before conducting yesterday's work, I updated the system
packages which included the kernel, but failed to rebuild the guest
tools which among other things handles system clock syncing to the host
server, which would have brought it in line with tock.usno.navy.mil and
without that it was way off, so that was the issue. Once corrected,
requests are succeeding once again.
Thanks all for your help.
-- Colin
On 8/17/10 10:47 AM, Taylor Singletary wrote:
Hi Colin,
Right now we report nonce errors in a few cases -- not all of them
having much to do with nonces unfortunately.
Check that the clock on the machines you are executing this on are
within 5 minutes of the clock on api.twitter.com
http://api.twitter.com -- one easy way to do this before you even
start making OAuth-based requests is to send a HTTP HEAD request to
http://api.twitter.com/1/help/test.xml -- you'll get a Date HTTP
header, which you can consume and compare against the system clock in
your environment, adjusting the time as necessary when creating your
oauth_timestamp such that it's as close to as in sync with our systems
as possible.
Additionally, you'll want to avoid oauth_nonce values with any kind of
non-alpha-numeric characters, and generally strive to keep them globally
unique across all possible instances of your application.
If you adjust your clock and ensure these truths about your oauth_nonce,
and are still having issues -- we'll explore other reasons it might be
invalid.
Taylor
On Tue, Aug 17, 2010 at 7:19 AM, Tom van der Woerdt i...@tvdw.eu
mailto:i...@tvdw.eu wrote:
On 8/17/10 5:35 AM, Colin Hill wrote:
I ran into an issue when authenticating via OAuth, using the
token/secret pair offered for one of my apps, on the dev site
(example)
http://dev.twitter.com/apps/12345/my_token
we use the perl OAuth::Lite::Consumer module and have no difficulty
authenticating using the typical dance for our user facing web
app, but
when migrating a cron job from basic to OAuth, using the generated
token
pair as above, we now consistently get the following error:
401 Unauthorized
{request:/1/account/verify_credentials.json,error:Invalid /
used
nonce}
the passed OAuth Parameters are (consumer key redacted):
$VAR1 = {
'oauth_signature' = 'uHd1S9mCVG/dGNaHCFbl8vLHh2s=',
'oauth_timestamp' = 1282000377,
'oauth_consumer_key' = 'xxx',
'oauth_nonce' = '95881ba3c50fa67a54fb',
'oauth_version' = '1.0',
'oauth_signature_method' = 'HMAC-SHA1'
};
I'm reasonably sure that this all worked when I wrote and tested it
three weeks back, but when I went to roll it into our cron job this
afternoon, authentication consistently fails. I wonder if anyone
on the
list has seen a similar change in behavior, and/or could offer some
advice as to what might generate this error. Thanks.
-- Colin
Hi Colin,
Quoting RFC 5849 (OAuth 1.0) :
A nonce is a random string, uniquely generated by the client to allow
the server to verify that a request has never been made before and
helps prevent replay attacks when requests are made over a non-secure
channel. The nonce value MUST be unique across all requests with the
same timestamp, client credentials, and token combinations.
In other words, it has to be unique.
I'm not entirely sure, but I *think* that Twitter's implementation of
this says that it has to be unique, but you can re-use it after 10
minutes. That might explain why it worked before.
Tom
Re: [twitter-dev] user:statuses/friends and the following field - feature request
The following element was deprecated in May 2009 as it was unreliable. Maybe the deprecation has seen been deprecated... http://groups.google.com/group/twitter-development-talk/browse_thread/thread/42ba883b9f8e3c6e?tvc=2 Abraham - Abraham Williams | Hacker Advocate | http://abrah.am @abraham | http://projects.abrah.am | http://blog.abrah.am This email is: [ ] shareable [x] ask first [ ] private. On Tue, Aug 17, 2010 at 06:24, cballou ball...@gmail.com wrote: I'm looking for clarification on the call to user:statuses/friends. I noticed that in the returned results there is a following field. It appears as though this field indicates whether or not the screen_name supplied in the request is following the given user. This information, to me, seems quite obvious. We're making a request to retrieve friends after all; it is automatically assumed we're grabbing Mr. screen_name's friends The functionality I would like to see, and I believe would be beneficial meta-data for numerous applications, is that the following field feeds you a boolean value as to whether the user result is following the user associated to screen_name. If I have misinterpreted the field, my apologies. In the API Console, all returned results for my own personal screen_name returned following as TRUE, and I know a number of those individuals off the top of my head are not following me. Could we get this meta-data implemented in the response? I'd be willing to discuss in more detail, I need the information without making additional API calls in order to further improve a weighting/ ranking algorithm I am using.
Re: [twitter-dev] Auto tweeting - guidelines and reporting bad practice
Yeah, that thing bit me too - I deleted the tweet it sent. There *is* a warning on the page that it will send the tweet, though. I think the Twitterverse will jump on him and he'll pull it down. -- M. Edward (Ed) Borasky http://borasky-research.net http://twitter.com/znmeb A mathematician is a device for turning coffee into theorems. - Paul Erdos Quoting Taylor Singletary taylorsinglet...@twitter.com: Principle #1 of the Twitter Platform is: Don't Surprise Users. -- And this type of activity does exactly that and is therefore against the spirit of the developer guidelines. http://dev.twitter.com/api_terms You can report misbehaving applications at: http://twitter.com/help/escalate Taylor On Tue, Aug 17, 2010 at 7:21 AM, Tom van der Woerdt i...@tvdw.eu wrote: Is there anything in the terms of use about best practice for auto- tweeting? Go find out? http://twitter.com/tos I refer to the irritating practice an app automatically tweeting a viral message from your account when you authenticate. e.g. I just got 50% somethingfactor on somelameapp.com, what's yours? As far as I know, that is not forbidden, as long as the application explicitly mentions that the application will post a tweet. It should be against the terms of use to do this without the *minimum* of a warning message, e.g. logging in will send a tweet from your account - best practice would be an opt-in checkbox or some such UI. Like I said There needs to be a way for applications to be reported for doing this. I agree. Tom
Re: [twitter-dev] Auto tweeting - guidelines and reporting bad practice
I have a feeling that I know which app you are talking about - my timeline is also flooded with tweets from that app. Tom On 8/17/10 8:28 PM, M. Edward (Ed) Borasky wrote: Yeah, that thing bit me too - I deleted the tweet it sent. There *is* a warning on the page that it will send the tweet, though. I think the Twitterverse will jump on him and he'll pull it down. -- M. Edward (Ed) Borasky http://borasky-research.net http://twitter.com/znmeb A mathematician is a device for turning coffee into theorems. - Paul Erdos Quoting Taylor Singletary taylorsinglet...@twitter.com: Principle #1 of the Twitter Platform is: Don't Surprise Users. -- And this type of activity does exactly that and is therefore against the spirit of the developer guidelines. http://dev.twitter.com/api_terms You can report misbehaving applications at: http://twitter.com/help/escalate Taylor On Tue, Aug 17, 2010 at 7:21 AM, Tom van der Woerdt i...@tvdw.eu wrote: Is there anything in the terms of use about best practice for auto- tweeting? Go find out? http://twitter.com/tos I refer to the irritating practice an app automatically tweeting a viral message from your account when you authenticate. e.g. I just got 50% somethingfactor on somelameapp.com, what's yours? As far as I know, that is not forbidden, as long as the application explicitly mentions that the application will post a tweet. It should be against the terms of use to do this without the *minimum* of a warning message, e.g. logging in will send a tweet from your account - best practice would be an opt-in checkbox or some such UI. Like I said There needs to be a way for applications to be reported for doing this. I agree. Tom
Re: [twitter-dev] Auto tweeting - guidelines and reporting bad practice
I'm seriously considering a blog post about it - someone talk me out of it! -- M. Edward (Ed) Borasky http://borasky-research.net http://twitter.com/znmeb A mathematician is a device for turning coffee into theorems. - Paul Erdos Quoting Tom van der Woerdt i...@tvdw.eu: I have a feeling that I know which app you are talking about - my timeline is also flooded with tweets from that app. Tom On 8/17/10 8:28 PM, M. Edward (Ed) Borasky wrote: Yeah, that thing bit me too - I deleted the tweet it sent. There *is* a warning on the page that it will send the tweet, though. I think the Twitterverse will jump on him and he'll pull it down. -- M. Edward (Ed) Borasky http://borasky-research.net http://twitter.com/znmeb A mathematician is a device for turning coffee into theorems. - Paul Erdos Quoting Taylor Singletary taylorsinglet...@twitter.com: Principle #1 of the Twitter Platform is: Don't Surprise Users. -- And this type of activity does exactly that and is therefore against the spirit of the developer guidelines. http://dev.twitter.com/api_terms You can report misbehaving applications at: http://twitter.com/help/escalate Taylor On Tue, Aug 17, 2010 at 7:21 AM, Tom van der Woerdt i...@tvdw.eu wrote: Is there anything in the terms of use about best practice for auto- tweeting? Go find out? http://twitter.com/tos I refer to the irritating practice an app automatically tweeting a viral message from your account when you authenticate. e.g. I just got 50% somethingfactor on somelameapp.com, what's yours? As far as I know, that is not forbidden, as long as the application explicitly mentions that the application will post a tweet. It should be against the terms of use to do this without the *minimum* of a warning message, e.g. logging in will send a tweet from your account - best practice would be an opt-in checkbox or some such UI. Like I said There needs to be a way for applications to be reported for doing this. I agree. Tom
Re: [twitter-dev] Auto tweeting - guidelines and reporting bad practice
Do it, do it, do it! teehee! On 17 Aug 2010, at 19:42, M. Edward (Ed) Borasky wrote: I'm seriously considering a blog post about it - someone talk me out of it! -- M. Edward (Ed) Borasky http://borasky-research.net http://twitter.com/znmeb A mathematician is a device for turning coffee into theorems. - Paul Erdos Quoting Tom van der Woerdt i...@tvdw.eu: I have a feeling that I know which app you are talking about - my timeline is also flooded with tweets from that app. Tom On 8/17/10 8:28 PM, M. Edward (Ed) Borasky wrote: Yeah, that thing bit me too - I deleted the tweet it sent. There *is* a warning on the page that it will send the tweet, though. I think the Twitterverse will jump on him and he'll pull it down. -- M. Edward (Ed) Borasky http://borasky-research.net http://twitter.com/znmeb A mathematician is a device for turning coffee into theorems. - Paul Erdos Quoting Taylor Singletary taylorsinglet...@twitter.com: Principle #1 of the Twitter Platform is: Don't Surprise Users. -- And this type of activity does exactly that and is therefore against the spirit of the developer guidelines. http://dev.twitter.com/api_terms You can report misbehaving applications at: http://twitter.com/help/escalate Taylor On Tue, Aug 17, 2010 at 7:21 AM, Tom van der Woerdt i...@tvdw.eu wrote: Is there anything in the terms of use about best practice for auto- tweeting? Go find out? http://twitter.com/tos I refer to the irritating practice an app automatically tweeting a viral message from your account when you authenticate. e.g. I just got 50% somethingfactor on somelameapp.com, what's yours? As far as I know, that is not forbidden, as long as the application explicitly mentions that the application will post a tweet. It should be against the terms of use to do this without the *minimum* of a warning message, e.g. logging in will send a tweet from your account - best practice would be an opt-in checkbox or some such UI. Like I said There needs to be a way for applications to be reported for doing this. I agree. smime.p7s Description: S/MIME cryptographic signature
Re: [twitter-dev] Auto tweeting - guidelines and reporting bad practice
I'm in the middle of a release push for the Social Media Analytics Research Toolkit. If the thing is still around when I get that done, I'll take up cudgels and pitchforks and torches, assuming RWW, Mashable and Techcrunch haven't ground it into the soil by then. ;-) -- M. Edward (Ed) Borasky http://borasky-research.net http://twitter.com/znmeb A mathematician is a device for turning coffee into theorems. - Paul Erdos Quoting Scott Wilcox sc...@dor.ky: Do it, do it, do it! teehee! On 17 Aug 2010, at 19:42, M. Edward (Ed) Borasky wrote: I'm seriously considering a blog post about it - someone talk me out of it! -- M. Edward (Ed) Borasky http://borasky-research.net http://twitter.com/znmeb A mathematician is a device for turning coffee into theorems. - Paul Erdos Quoting Tom van der Woerdt i...@tvdw.eu: I have a feeling that I know which app you are talking about - my timeline is also flooded with tweets from that app. Tom On 8/17/10 8:28 PM, M. Edward (Ed) Borasky wrote: Yeah, that thing bit me too - I deleted the tweet it sent. There *is* a warning on the page that it will send the tweet, though. I think the Twitterverse will jump on him and he'll pull it down. -- M. Edward (Ed) Borasky http://borasky-research.net http://twitter.com/znmeb A mathematician is a device for turning coffee into theorems. - Paul Erdos Quoting Taylor Singletary taylorsinglet...@twitter.com: Principle #1 of the Twitter Platform is: Don't Surprise Users. -- And this type of activity does exactly that and is therefore against the spirit of the developer guidelines. http://dev.twitter.com/api_terms You can report misbehaving applications at: http://twitter.com/help/escalate Taylor On Tue, Aug 17, 2010 at 7:21 AM, Tom van der Woerdt i...@tvdw.eu wrote: Is there anything in the terms of use about best practice for auto- tweeting? Go find out? http://twitter.com/tos I refer to the irritating practice an app automatically tweeting a viral message from your account when you authenticate. e.g. I just got 50% somethingfactor on somelameapp.com, what's yours? As far as I know, that is not forbidden, as long as the application explicitly mentions that the application will post a tweet. It should be against the terms of use to do this without the *minimum* of a warning message, e.g. logging in will send a tweet from your account - best practice would be an opt-in checkbox or some such UI. Like I said There needs to be a way for applications to be reported for doing this. I agree.
[twitter-dev] Ogilvy's NetVibes - anyone have a contact there?
The NetVibes Twitter widget seems to have some Oauth troubles and I have no idea how to contact the folks at Ogilvy Global PR. This is the site that's affected http://thedailyinfluence.netvibesbusiness.com/#Social_Media_%26_WOM It's been broke for 36 hours now.
[twitter-dev] Is it possible to have a filter.json Stream that uses both Track and Follow arguments?
If so, what would the curl command line look like? Thanks, Guillermo
[twitter-dev] xauth nonce and token secret
I'm trying to implement Twitter XAuth for my application. My
application has already been registered and approved for XAuth
privileges. However, the documentation mentions that I need to include
a nonce or token secret when authenticating. What is this? I have
no idea what the nonce or token secret is and how to generate/get
one.
Also, if anyone else can verify how if the code I'm writing to
generate the signing secret is correct.
$signature = base64_encode(hash_hmac('sha1', $baseString,
$oauth_consumer_secret.''.$token_secret, true));
where $baseString is the signature base, $oauth_consumer_secret is
self-explanatory and $token_secret is the token secret(whatever that
is).
I'm actually able to send a request to twitter but I always get the
same response Failed to validate oauth signature and token.
My php code is below. It'll be helpful if someone can help me out with
this as I've been trying to get this to work for a while now. Thanks!
?
$oauth_consumer_key = XXX;
$oauth_consumer_secret = YYY;
$oauth_nonce = ???;
$oauth_signature_method = HMAC-SHA1;
$oauth_timestamp = time();
$oauth_version = 1.0;
$x_auth_mode = client_auth;
$x_auth_password = ;
$x_auth_username = ;
$token_secret = ;
$baseString = https://api.twitter.com/oauth/access_token; .
oauth_consumer_key= .urlencode($oauth_consumer_key) .
oauth_nonce= . urlencode($oauth_nonce) .
oauth_signature_method= . urlencode($oauth_signature_method) .
oauth_timestamp= . urlencode($oauth_timestamp) .
oauth_version= . urlencode($oauth_version) . x_auth_mode= .
urlencode($x_auth_mode) . x_auth_password= .
urlencode($x_auth_password) . x_auth_username= .
urlencode($x_auth_username);
$baseString = POST . urlencode($a);
$post = x_auth_mode=client_authx_auth_password= .
urlencode($x_auth_password) . x_auth_username= .
urlencode(x_auth_username);
$signature = base64_encode(hash_hmac('sha1', $baseString,
$oauth_consumer_secret.''.$token_secret, true));
$auth = OAuth oauth_nonce=\ . $oauth_nonce . \,
oauth_signature_method=\ . $oauth_signature_method . \,
oauth_timestamp=\ . $oauth_timestamp . \, oauth_consumer_key=\ .
$oauth_consumer_key . \, oauth_signature=\ .
urlencode($signature) .\, oauth_version=\ . $oauth_version . \;
$ch = curl_init(https://api.twitter.com/oauth/access_token;);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(Expect: , Authorization:
$auth));
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
$b = curl_exec($ch);
var_dump($b);
curl_close($ch);
?
Re: [twitter-dev] xauth nonce and token secret
On 8/18/10 12:11 AM, Olu wrote:
I'm trying to implement Twitter XAuth for my application. My
application has already been registered and approved for XAuth
privileges. However, the documentation mentions that I need to include
a nonce or token secret when authenticating. What is this? I have
no idea what the nonce or token secret is and how to generate/get
one.
Also, if anyone else can verify how if the code I'm writing to
generate the signing secret is correct.
$signature = base64_encode(hash_hmac('sha1', $baseString,
$oauth_consumer_secret.''.$token_secret, true));
where $baseString is the signature base, $oauth_consumer_secret is
self-explanatory and $token_secret is the token secret(whatever that
is).
I'm actually able to send a request to twitter but I always get the
same response Failed to validate oauth signature and token.
My php code is below. It'll be helpful if someone can help me out with
this as I've been trying to get this to work for a while now. Thanks!
?
$oauth_consumer_key = XXX;
$oauth_consumer_secret = YYY;
$oauth_nonce = ???;
$oauth_signature_method = HMAC-SHA1;
$oauth_timestamp = time();
$oauth_version = 1.0;
$x_auth_mode = client_auth;
$x_auth_password = ;
$x_auth_username = ;
$token_secret = ;
$baseString = https://api.twitter.com/oauth/access_token; .
oauth_consumer_key= .urlencode($oauth_consumer_key) .
oauth_nonce= . urlencode($oauth_nonce) .
oauth_signature_method= . urlencode($oauth_signature_method) .
oauth_timestamp= . urlencode($oauth_timestamp) .
oauth_version= . urlencode($oauth_version) . x_auth_mode= .
urlencode($x_auth_mode) . x_auth_password= .
urlencode($x_auth_password) . x_auth_username= .
urlencode($x_auth_username);
$baseString = POST . urlencode($a);
$post = x_auth_mode=client_authx_auth_password= .
urlencode($x_auth_password) . x_auth_username= .
urlencode(x_auth_username);
$signature = base64_encode(hash_hmac('sha1', $baseString,
$oauth_consumer_secret.''.$token_secret, true));
$auth = OAuth oauth_nonce=\ . $oauth_nonce . \,
oauth_signature_method=\ . $oauth_signature_method . \,
oauth_timestamp=\ . $oauth_timestamp . \, oauth_consumer_key=\ .
$oauth_consumer_key . \, oauth_signature=\ .
urlencode($signature) .\, oauth_version=\ . $oauth_version . \;
$ch = curl_init(https://api.twitter.com/oauth/access_token;);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(Expect: , Authorization:
$auth));
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
$b = curl_exec($ch);
var_dump($b);
curl_close($ch);
?
Hi,
I love quoting the OAuth RFC, so here I go :
A nonce is a random string, uniquely generated by the client to allow
the server to verify that a request has never been made before and
helps prevent replay attacks when requests are made over a non-secure
channel. The nonce value MUST be unique across all requests with the
same timestamp, client credentials, and token combinations.
Your code to generate the signature is fine.
As far as I know, the PHP urlencode() is not sufficient. You should use
rawurlencode() and then decode the ~ (and some other character, but to
be honest, I forgot).
The URL in your base string must not include query parameters. The query
parameters go in the third part of the Base String, together with the
post body.
The token/secret are not needed for xAuth. Simply leave them blank.
Tom
Re: [twitter-dev] POST geo/place : place is not in a whitelisted container
Hi Clay,
There isn't a whitelist for applications to create places using the geo API
and I agree the error message returned isn't clear about what has happened.
The reason you have received the error is because the UK is currently
read-only. This is to help us avoid import and duplication errors whilst we
populated the database with the geo data from our providers.
The team already has a patch in the queue which will change the message
from:
Invalid geo argument: place is not in a whitelisted container
to:
Invalid geo argument: the container for this place is currently read-only
I hope that helps explain the error you received. When we are ready to
receive places we'll send a note to the mailing list.
Best,
Matt
On Mon, Aug 16, 2010 at 10:35 PM, Clay Graham claytan...@sightlyinc.comwrote:
When trying to add a new place called Dishoom contained within
Covent Garden, London whose id is: af9c4064cc79391a I received the
following error:
{errors:[{code:41,message:Invalid geo argument: place is not in
a whitelisted container}]}
Can anyone give me insight into this error? Do I have to get my app
whitelisted in order to save places?
http://dev.twitter.com/pages/rate-limiting#whitelisting does not
mention anything about the Geo api.
Clay
http://ratecred.com
--
Matt Harris
Developer Advocate, Twitter
http://twitter.com/themattharris
Re: [twitter-dev] Is it possible to have a filter.json Stream that uses both Track and Follow arguments?
Hey Guillermo, Absolutely. The way filter works is all terms are ORd together. So if you follow a user and wish to track keywords you would get the users tweets OR keyword matches. For example, to follow my account themattharris (id 777925), and track Tweets with the keywords twitter OR twitterapi OR twitter AND api I would use the following curl command: curl -u username http://stream.twitter.com/1/statuses/filter.json -d follow=777925 -d track=twitter,twitterapi,twitter api You can read more about the filter method in our developer docs: http://dev.twitter.com/pages/streaming_api_methods#statuses-filter Best, Matt On Tue, Aug 17, 2010 at 2:35 PM, Guillermo gppro...@gmail.com wrote: If so, what would the curl command line look like? Thanks, Guillermo -- Matt Harris Developer Advocate, Twitter http://twitter.com/themattharris
[twitter-dev] Re: POST geo/place : place is not in a whitelisted container
Matt,
Thank you. That is a clear answer. It must also explain why there are
no places yet in cities such as Marseilles, France. As you can
probably guess I found this out because I plan to launch
internationally. In fact I hope http://ratecred.com is one of those
providers that adds great quality content to your places database.
Here are a couple of follow ups if I can have them:
Is there a way that I can get a schedule or RSS feed of these data
migrations, as well as the availability of places in international
locations? (Such as France, Germany, Spain , Italy, Israel)? It would
also be good to know well as what areas are not read only now if
possible.
We are doing a *very strong* twitter integration, and think we will be
a great partner.
Clay
http://ratecred.com
On Aug 17:25 pm, Matt Harris thematthar...@twitter.com wrote:
Hi Clay,
There isn't a whitelist for applications to create places using the geo API
and I agree the error message returned isn't clear about what has happened.
The reason you have received the error is because the UK is currently
read-only. This is to help us avoid import and duplication errors whilst we
populated the database with the geo data from our providers.
The team already has a patch in the queue which will change the message
from:
Invalid geo argument: place is not in a whitelisted container
to:
Invalid geo argument: the container for this place is currently read-only
I hope that helps explain the error you received. When we are ready to
receive places we'll send a note to the mailing list.
Best,
Matt
On Mon, Aug 16, 2010 at 10:35 PM, Clay Graham
claytan...@sightlyinc.comwrote:
When trying to add a new place called Dishoom contained within
Covent Garden, London whose id is: af9c4064cc79391a I received the
following error:
{errors:[{code:41,message:Invalid geo argument: place is not in
a whitelisted container}]}
Can anyone give me insight into this error? Do I have to get my app
whitelisted in order to save places?
http://dev.twitter.com/pages/rate-limiting#whitelistingdoes not
mention anything about the Geo api.
Clay
http://ratecred.com
--
Matt Harris
Developer Advocate, Twitterhttp://twitter.com/themattharris
[twitter-dev] Tweet Button Encoded URL but PHP entry array permalink
It clearly says on the developer page for the button that you need to encode the URL but my php requests the url from a permalink entry array. Is there a work around I'm not familiar with? Slightly novice here and thanks!
Re: [twitter-dev] Tweet Button Encoded URL but PHP entry array permalink
Am 18.08.2010 um 02:11 schrieb Tv_Miller: It clearly says on the developer page for the button that you need to encode the URL but my php requests the url from a permalink entry array. Is there a work around I'm not familiar with? Slightly novice here and thanks! http://de3.php.net/manual/en/function.rawurlencode.php Simply use it when echo'ing your Buttons Code Gruß, Felix Kunsmann - fe...@kunsmann.eu -- Blog: http://felix-kunsmann.de/ Galerie: http://galerie.kunsmann.eu/
[twitter-dev] Re: WordPress
There are now a number of WP plugins for the tweet button. But, I like to think mine is the best ;-) http://wordpress.org/extend/plugins/tweet-button-with-shortening/ -- Jonathan Strauss, Co-Founder http://snowballfactory.com Campaign tracking for social media - http://awe.sm A smarter way to update Facebook from Twitter - http://tweetpo.st Sharecount button for Facebook - http://www.fbshare.me On Aug 12, 1:07 pm, Matt Harris thematthar...@twitter.com wrote: Until a Tweet Button plugin is released you could add a button by either visiting our Tweet Button page [1] and coping the code, or follow our developer documentation [2]. Best, Matt 1.http://twitter.com/tweetbutton 2.http://dev.twitter.com/pages/tweet_button On Thu, Aug 12, 2010 at 12:15 PM, Tom van der Woerdt i...@tvdw.eu wrote: On 8/12/10 8:52 PM, ClaudioLessa wrote: Is there a step-by-step set of instructions on how to apply the tweet button to a WordPress blog? Thanks! Hi, If you host your blog at wordpress.com : http://thenextweb.com/socialmedia/2010/08/12/the-new-tweet-button-lau... If you host your own blog, then I don't know - you will most likely have to wait until an addon is released, or write your own. Tom -- Matt Harris Developer Advocate, Twitterhttp://twitter.com/themattharris
