[twitter-dev] Re: abraham / twitteroauth
The direction you'll want to be heading is letting the users allow your app access once. You can then store the user's oAuth token and oAuth token secret with their account. (instead of their username and password) These won't change unless the user revokes your website's access. jarón On Feb 1, 11:51 am, Archia wrote: > I have a web application to allow clients to update information for their > recordings (music) which are then listed on another site. I'd like to > include an area to allow them to update their Twitter status. Given that > each client already signs in to the current application, and (some of) their > Twitter usernames and passwords are already in a database, it would be good > if they did not need to log in to Twitter as well and select 'Allow' each > time they visit that area of the application. Is it possible to bypass the > Sign in with Twitter step on connect.php and somehow send their username and > password, or at least only require this once and store their credentials in > the database to be used thereafter? > > Thanks! -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] Retweets_of_me: how many retweets?
My app offers users the feature to see their tweets, retweeted (using retweets_of_me - http://dev.twitter.com/doc/get/statuses/retweets_of_me). However, I would also like to show how many times a particular tweet has been retweeted, but the response does not offer that data. I could call http://dev.twitter.com/doc/get/statuses/:id/retweeted_by (as suggested in this thread: http://groups.google.com/group/twitter-development-talk/browse_thread/thread/38aa19e2fc117c36/fdba18c2870fa76d), but that would mean making 50 extra calls per page. It would be great if retweets_of_me's response would include the number of retweets and, for example, the user data of the last retweeter. Is there a simple way to find out how many times a retweets_of_me - tweet has been retweeted? Thanks, jarón -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] Re: Storing multiple tokens in cookie: can I use ampersand?
Ok, thanks! I'm going to try that. jarón On 12 dec, 20:14, Tom van der Woerdt wrote: > The "best" way is to urlencode() the key and secret separately, and then > separating them with a space. > > Tom > > On 12/12/10 8:07 PM, jaronbarends wrote: > > > I have a webapp in php without any database associated with it. I'm > > just saving the user's (encrypted) oAuth token and token secret in two > > separate cookies. Now I want to build in multi-user support, and I'm > > wondering what would be the best way to store the multiple tokens and > > secrets. > > > My idea is to keep two cookies: oauth_tokens and token_secrets. I > > would then take the two oauth tokens, concatenate them with an > > ampersand, encrypt them and put them in a cookie (and the same for the > > secrets). > > > As far as I know, oauth tokens and secrets can not contain any > > ampersands, but I'm not sure. so: > > 1) Does anyone know if ampersands can occur in tokens or secrets? > > 2) Do you think this is a good idea, or would you tackle it otherwise? > > > Thanks! -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] Storing multiple tokens in cookie: can I use ampersand?
I have a webapp in php without any database associated with it. I'm just saving the user's (encrypted) oAuth token and token secret in two separate cookies. Now I want to build in multi-user support, and I'm wondering what would be the best way to store the multiple tokens and secrets. My idea is to keep two cookies: oauth_tokens and token_secrets. I would then take the two oauth tokens, concatenate them with an ampersand, encrypt them and put them in a cookie (and the same for the secrets). As far as I know, oauth tokens and secrets can not contain any ampersands, but I'm not sure. so: 1) Does anyone know if ampersands can occur in tokens or secrets? 2) Do you think this is a good idea, or would you tackle it otherwise? Thanks! -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] Re: @Anywhere Typo (Minor)
"don't" refers to "look and feel", not to "button", so don't is correct. On Sep 29, 2:45 am, Mike wrote: > Under Users login & signup > Custom "Connect with Twitter" Button it > reads: > > "If the default look and feel of the "Connect with Twitter" button > don't meet your needs, @Anywhere makes it easy to build a custom > button." > > I believe it should be "buttons don't" or "button doesn't". :) -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] Re: Behavior when user "denies" access from application
You can go further than making a reasonable assumption. If you hover over the link back to your app, you'll see it looks something like this: http://yourapp.com/callbackurl?denied=q3vuR41XYa. So, Twitter sends a get-var called "denied" to your callback url. If you check for the presence of that variable, you'll know the user denied access. On Sep 29, 1:55 am, K wrote: > This was the exact info I needed. Thanks! > > On Sep 27, 9:47 pm, Taylor Singletary > wrote: > > > Hi Kutsumi, > > > You are correct in assessing the current behavior -- we'll return to your > > callback URL if they hit deny. In that case, we'll also NOT be sending you > > an oauth_verifier and other information you'd need on the callback URL to > > properly execute the "exchange request token for access token" negotiation > > step of OAuth. > > > If your callback function is executed and does not contain the necessary > > paramaters to further consume an access token, you can make a reasonable > > assumption that the user denied the access without your application needing > > to make API calls to verify_credentials (you also wouldn't have any > > credentials to "verify" in this case. > > > Taylor > > > On Mon, Sep 27, 2010 at 9:36 PM, K wrote: > > > Hi > > > sorry for bringing up the issue that has been discussed in the past... > > > I found this issue tracking from other posts about the same issue. > > > >http://groups.google.com/group/twitter-development-talk/browse_thread... > > > > So it says here the issue is solved, but just wanted to get > > > clarification on how the issue is solved, and how I should implement > > > my program. > > > > So I believe, now after user click "deny", they will go to the page > > > which has link and if user clicks on it he/she goes back to the > > > callback_url. Is that correct? > > > > Is there any parameter that is attached when callback url is called > > > that will tell me if user has clicked on "deny"? > > > If not, do I need to call verify credentials everytime callback url is > > > accessed just to find out if user has allowed or denied? > > > > Thanks for your help! > > > Kate > > > > -- > > > Twitter developer documentation and resources:http://dev.twitter.com/doc > > > API updates via Twitter:http://twitter.com/twitterapi > > > Issues/Enhancements Tracker: > > >http://code.google.com/p/twitter-api/issues/list > > > Change your membership to this group: > > >http://groups.google.com/group/twitter-development-talk-Hide quoted text - > > > - Show quoted text - -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] Re: What happens after twitter user denied access to the application?
When a user denies your app access, it says something like "you denied YourAppName access..." The text "YourAppName" is a link, and when the users clicks that, he gets redirected to your callback url, with an additional parameter denied=someLongVariable. So you can catch this scenario easily by looking for the denied getvar, but it will only work if the user decides to click the link back to your app. On Sep 7, 6:49 am, K wrote: > Hi, > When twitter user denies access to my application, it just gets > redirected to the "denied" page and callback URL never gets called. I > would like to handle the situation better when access is denied..I > saw bunch of similar posts in 2009, just wondering if this feature > ever got implemented, and if so, if I can find a relevant > documentation on how to implement this... > > Thank you for your help! > K -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
[twitter-dev] Insufficient feedback with read only @anywhere apps
I just spent some time figuring out why I was getting a 401 - Unauthorized error when trying to post tweets from an @anywhere tweetBox. Turns out I had forgotten to check the "Read & Write" radio button in my app settings. (And it even says "Note: @Anywhere applications require read & write access.") The tweetbox didn't give me any feedback - the only thing I saw was the spinner that kept on spinning. Apperently, if your app is Readonly, @anywhere will let you include write-components anyhow. It would be nice if the @anywhere api would display a message telling you that your app needs to be Read & Write, instead of showing a non-working component. Or, at the least, show some kind of error when you're trying to post a tweet. -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
[twitter-dev] Revoked @anywhere access automatically re-granted?
Hi, I'm using the @anywhere tweetbox, and I am confused by the revoking / re-granting access is handled. This is the scenario: 0) I type a tweet in the @anywhere tweetbox and hit "Tweet" 1) In the popup screen, I allow the app to connect to my account 2) I post a tweet. All is well. 3) I revoke my app's access (as expected, when I revisit the my Connections tab, my app is gone) 4) I go back to the app, and try post a new Tweet. Above the tweetbox, the spinner keeps spinning, but the tweet does not get posted 5) I revisit my Connections tab, and my app is now in the list of allowed apps again. 6) when I refresh my app's page, I can tweet as before. I would have expected to have to connect again after revoking access. Is this a bug (the one tweet that never gets posted certainly seems to be), or is hitting "Tweet" again considered an implicit granting of access? -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
[twitter-dev] Re: Revoked Access
And as an addition to what D. Smith said: you're probably storing your users' token and token_secret somewhere. So if you do have a tokens are present, you know they have granted access before. Also, you can check the message in the headers. Twitter sends a 401 when access has been revoked, and last time I checked, the accompanying message was "Could not authenticate with OAuth." However, these error messages are not set in stone, and afaik they are not officially documented by Twitter.
[twitter-dev] Re: Twitter Error codes/statements?
Twitter also sends an error message in the response. These errors are
a quite descriptive, but afaik they're not fixed and could change in
the future. In my app I'm currently catching and handling a few of
these in a special way; with others I'm showing a general error
message. To be able to easily adopt my code to possible changes to
Twitter's error messages, I have defined all errors as constants.
Below is the part of my php code, where I am defining the errors. The
second parameter in every define statement is the error message
Twitter is sending.
//401 Not authorized
define("TWITTER_ERROR_ACCESS_REVOKED", "Could not authenticate
you.");//user revoked app's access
define("TWITTER_ERROR_INCORRECT_SIGNATURE", "Incorrect signature");//
wrong oAuth tokens
define("TWITTER_ERROR_PROTECTED_USER", "Not authorized");
//403 Forbidden
define("TWITTER_ERROR_ALREADY_FAVORITED","You have already favorited
this status.");
//following is special case: it contains a username, so split it in
parts before and after username (full string: "Could not follow user:
[username] is already on your list.")
define("TWITTER_ERROR_ALREADY_FOLLOWING", "Already following");//use
this in code; function isError will check for _START and _END variants
define("TWITTER_ERROR_ALREADY_FOLLOWING_START", "Could not follow
user:");
define("TWITTER_ERROR_ALREADY_FOLLOWING_END", "is already on your
list.");
define("TWITTER_ERROR_DUPLICATE","Status is a duplicate.");
define("TWITTER_ERROR_NOT_FOLLOWING", "You are not friends with the
specified user.");
define("TWITTER_ERROR_RATE_LIMIT_EXCEEDED", "Rate limit exceeded.
Clients may not make more than 350 requests per hour.");//rate limit
exceede
On May 28, 5:03 pm, Michael Cameron wrote:
> Yeah i have only seen a response , I would hope that we could
> get a tabularized list of those responses. it would make
> debuging so much easier.
>
> On May 28, 1:53 am, wibblefish wrote:
>
> > Only info I have found so far
> > ishttp://apiwiki.twitter.com/HTTP-Response-Codes-and-Errors
>
> > On May 28, 1:02 am, Michael Cameron wrote:
>
> > > So i am writing my catch expressions for twitter when parsing the
> > > response from twitter is there any error codes or definite strings for
> > > certain reasons. example "not following user", or other errors?
>
> > > Thank you!
[twitter-dev] Re: parsing out entities from tweets (a.k.a. parsing out hashtags is hard!)
Yes, this would be very cool. Any ideas on when this would be rolled out? 1) It would be nice to have the profile_image_url in it as well. I can imagine a lot of nice visual enhancements with that. 2) +1 for making it optional. A lot of people are suggesting additional stuff, so maybe it would even be nicer to not just have a include/don't include param, but to be able to specify which data you would like to have included... jarón On May 14, 6:29 am, Rich wrote: > +1 for it being optional as well. Whilst I will probably use it, it's > nice to be able to keep the bandwidth download to a minimum for > scenarios where it's not needed > > On May 14, 1:52 am, Naveen Ayyagari wrote: > > > +1 on the additional parameter to optionally request the data. Every > > byte counts for mobile device battery life and download time. > > > --Naveen Ayyagari > > @knight9 > > > On May 13, 8:13 pm, Dewald Pretorius wrote: > > > > Raffi, > > > > This is all good, but can you please make the inclusion in the tweet > > > payload optional? Meaning, only include it if it is requested by an > > > additional parameter? > > > > I, and I'm sure a lot of others, are already parsing the tweet text. > > > This is just going to consume additional bandwidth and not add any > > > value for us. It will add value for folks who are not already doing > > > the parsing or don't know how. So, they can just request this > > > additional payload.
[twitter-dev] Re: can't post same message more than 1 time Getting error: The remote server returned an error: (403) Forbidden.
Twitter uses this error not only for stuff that you would excpet to be forbidden, but als for other actions that are probably unintended. Other examples are favoriting a tweet you already favorited, trying to follow a user you're already following, etc. The error is usually also accompanied by an error message, which will tell you why you are getting the error. On May 11, 6:34 am, manjunath hindupur wrote: > Scenario like : > > i want post same message twice in a same account, if i Try to send > same message twice by using API.. getting error Like below : The > remote server returned an error: (403) Forbidden. > > its right behavior or Bug?
[twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse
@Dave Thanks for your suggestion. I do indeed have a mysql, but haven't seen the need to implement it in my app (http://twimply.com) since it basicly only offers an alternative web interface for using twitter. The only mentioned using a database as a possible solution: creating a desktop app that let's my users allow permission through xAuth, Then I would have to access the the same database from the web app, and re- use those tokens. Another problem with that is that the tokens will be bound to the desktop app, and not to the web app. So to make that work, Twitter would have to make it possible to link the tokens of a desktop app and a web app. For me this is purely hypothetical, since I do not have the skills nor the resources to create a desktop app. jarón On Apr 27, 9:11 am, Dave Sherohman wrote: > On Mon, Apr 26, 2010 at 11:09:38AM -0400, Dean Collins wrote: > > Yeh but John, who is going to install MySQL for a desktop client? > > 1) John was responding to someone who said a database "wouldn't work for > [him] since I do not have a desktop app, end I do not store anything in > a database". If he doesn't have a desktop app, then he's talking about > a web app and, as John said, pretty much every web host out there gives > you MySQL, no installation required. > > 2) MySQL isn't the only RDBMS out there... If I were writing a desktop > app which needed to handle significant amounts of data, I'd use SQLite. > The SQLite libraries in every language I'm aware of aren't just > interfaces to the database, but rather contain the entire database > engine, so there's no external application to install. This is a well- > proven approach, with Firefox probably being the biggest-name > application using an embedded SQLite database engine to handle its data. > > http://en.wikipedia.org/wiki/SQLite > > -- > Dave Sherohman > > -- > Subscription > settings:http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
[twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse
@raffi thanks for your replies. I didn't mean to start a discussion about Twitter's policy here (although I can imagine some people would like to discuss it elsewhere). I'm mostly interested in finding a solution. @dean: I'm not sure I understand your suggestion about using oAuth for both the desktop and the web app. Did you mean letting the users allow access through the desktop app, then storing the username/token combination in a central database and using that database for the web app too? That wouldn't work for me since I do not have a desktop app, end I do not store anything in a database... On Apr 26, 5:34 am, Raffi Krikorian wrote: > before this gets out of hand - i, personally, am very sensitive to these > issues. i've been spending some brain power trying to come up with a > solution. if people have suggestions, then please feel free to reach out to > me personally and off list. > > > > On Sun, Apr 25, 2010 at 7:54 PM, Ron B wrote: > > China's policy didn't just recently change, Twitter's did. So it is > > Twitter telling us that we may not be able to support China and other > > firewall blocked countries any longer. It is, after all, within > > Twitter's power to continue to support Basic Auth. It is their > > conscious decision not to, despite the significant negative > > ramifications being brought to their attention. > > > In an earlier comment from Twitter: " twitter.com is trying to drive > > people to understand and discover what's going on in the world." No > > one in the world needs to "understand and discover what's going on" > > more than the people of these communist-block countries that otherwise > > see only what their governments allow them to see. It is unfortunate > > that Twitter plans to turn their back on them. Then again, what's a > > billion people here or there?... > > > On Apr 25, 9:04 pm, Abraham Williams <4bra...@gmail.com> wrote: > > > It is not twitter telling you it is China. > > > > -- > > > Little androids dreaming of Nexus Ones compiled this text. > > > > On Apr 25, 2010 6:53 PM, "Dewald Pretorius" wrote: > > > > Raffi, > > > > We really need a resolution for this issue before Basic Auth is > > > deprecated. > > > > It sounds as if Twitter is telling developers of web apps that they > > > cannot provide service to Chinese users, and other users behind > > > firewalls that block access to twitter.com. But that can't be right, > > > can it? > > > > On Apr 25, 4:49 am, jaronbarends wrote:> I > > moved my web based app from ba... > > > > This issue has discussed in this group before here: > > > >https://groups.google.com/group/twitter-development-talk/browse_threa... > > > > > Being a frontend developer, I may have misunderstood the outcome of > > > > that discussion (I certain... > > > > -- > > > Subscription settings: > >http://groups.google.com/group/twitter-development-talk/subscribe?hl=en > > -- > Raffi Krikorian > Twitter Platform Teamhttp://twitter.com/raffi
[twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse
I moved my web based app from basic auth to oAuth just last week. I
subsequently got several pleas from Chinese users to put the old
version back up, as they could no longer use my app, since access to
Twitter.com is blocked in China.
This issue has discussed in this group before here:
https://groups.google.com/group/twitter-development-talk/browse_thread/thread/39b8b326d8b679c6
Being a frontend developer, I may have misunderstood the outcome of
that discussion (I certainly hope so). But from Raffi's last comment
there ("understood, but, right now, not in the plan. web apps will
have to use the standard oauth workflow.") I understand that web app
users in countries like China where twitter is blocked will simply no
longer be able to use Twitter via the web.
Have I understood this correctly? If not, how can I make sure users in
blocked countries can still use my web app? If my users can no longer
use my app, what do you suggest I recommend them?
Jaron
On Apr 24, 5:40 pm, Raffi Krikorian wrote:
> hi all.
>
> you're going to be hearing a lot from me over the next 9 weeks. our plan is
> to turn off basic authorization on the API by june 30, 2010 -- developers
> will have to switch over to OAuth by that time. between now and then, there
> will be a *lot* of information coming along with tips on how to use OAuth
> Echo, xAuth, etc. we really want to make this transition as easy as we can
> for everybody.
>
> as always, please feel free to reach out to this group, or to @twitterapi
> directly. if you need help remembering the date -http://bit.ly/twcountdown
> .
>
> --
> Raffi Krikorian
> Twitter Platform Teamhttp://twitter.com/raffi
>
> --
> Subscription
> settings:http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
