[twitter-dev] Re: OAuth newbie question
Thank you so much Taylor. Can you believe that nowhere in the Twitter
API documentation can I find this crucial, yet very simple
instruction. There are ample pointers to explanations of how to get
OAuth token, but absolutely no instructions I can find for what to do
once you obtain the token key and secret.
I tried very permutation of posting them along with the twitter REST
calls, but the one you suggested of posting the secrets as parameters
without values. This single line instruction needs to be added to the
Twitter API documentation.
BTW: The php equivalent of url_escaped ()is urlencode().
Thanks much.
On Mar 7, 6:53 pm, Taylor Singletary taylorsinglet...@twitter.com
wrote:
A lot of people have found my presentation on OAuth useful when trying
to learn the ins and outs of the entire request cycle with an OAuth-
protected API:http://bit.ly/oauth-zero-to-hero
When accessing a protected resource with OAuth, the oauth_token and
oauth_token_secret you receive become your access token. You include
oauth_token as an OAuth parameter in your signature base string and
authorization header, and then sign your entire OAuth request with a
composite signing secret:
{url_escaped(consumer_secret)}{url_escaped(oauth_token_secret)}
Taylor
On Mar 6, 2:55 pm, IDOLpeeps i...@idolpeeps.com wrote:
I've overcome the nuances of generating the oauth signature. It
shocks me that the API documentation provides no clear indication of
how to send the tokens along with an API call. It's not even a PHP-
specific question. Simply put: Where do the oauth_token and
oauth_token_secret get embedded in API call: As posted parameters?
If so, with what parameter names? Can anybody provide guidance? I
have seen many people ask this question, yet see no answer.
As far as why one would want to use their own library vs. somebody
else's, that's a question for the ages. One specific answer is that
many of us have created our own application-specific libraries that
accommodate traditional http authentication and we'd like to keep our
libraries when we add Oauth. To do so, it's best to have an answer to
this question.
Thank you.
[twitter-dev] Re: OAuth newbie question
A lot of people have found my presentation on OAuth useful when trying
to learn the ins and outs of the entire request cycle with an OAuth-
protected API: http://bit.ly/oauth-zero-to-hero
When accessing a protected resource with OAuth, the oauth_token and
oauth_token_secret you receive become your access token. You include
oauth_token as an OAuth parameter in your signature base string and
authorization header, and then sign your entire OAuth request with a
composite signing secret:
{url_escaped(consumer_secret)}{url_escaped(oauth_token_secret)}
Taylor
On Mar 6, 2:55 pm, IDOLpeeps i...@idolpeeps.com wrote:
I've overcome the nuances of generating the oauth signature. It
shocks me that the API documentation provides no clear indication of
how to send the tokens along with an API call. It's not even a PHP-
specific question. Simply put: Where do the oauth_token and
oauth_token_secret get embedded in API call: As posted parameters?
If so, with what parameter names? Can anybody provide guidance? I
have seen many people ask this question, yet see no answer.
As far as why one would want to use their own library vs. somebody
else's, that's a question for the ages. One specific answer is that
many of us have created our own application-specific libraries that
accommodate traditional http authentication and we'd like to keep our
libraries when we add Oauth. To do so, it's best to have an answer to
this question.
Thank you.
[twitter-dev] Re: OAuth newbie question
I've overcome the nuances of generating the oauth signature. It shocks me that the API documentation provides no clear indication of how to send the tokens along with an API call. It's not even a PHP- specific question. Simply put: Where do the oauth_token and oauth_token_secret get embedded in API call: As posted parameters? If so, with what parameter names? Can anybody provide guidance? I have seen many people ask this question, yet see no answer. As far as why one would want to use their own library vs. somebody else's, that's a question for the ages. One specific answer is that many of us have created our own application-specific libraries that accommodate traditional http authentication and we'd like to keep our libraries when we add Oauth. To do so, it's best to have an answer to this question. Thank you.
Re: [twitter-dev] Re: OAuth newbie question
i suggest reading http://oauth.net/core/1.0a/ and looking at http://hueniverse.com/oauth/ for OAuth guidance. On Sat, Mar 6, 2010 at 2:55 PM, IDOLpeeps i...@idolpeeps.com wrote: I've overcome the nuances of generating the oauth signature. It shocks me that the API documentation provides no clear indication of how to send the tokens along with an API call. It's not even a PHP- specific question. Simply put: Where do the oauth_token and oauth_token_secret get embedded in API call: As posted parameters? If so, with what parameter names? Can anybody provide guidance? I have seen many people ask this question, yet see no answer. As far as why one would want to use their own library vs. somebody else's, that's a question for the ages. One specific answer is that many of us have created our own application-specific libraries that accommodate traditional http authentication and we'd like to keep our libraries when we add Oauth. To do so, it's best to have an answer to this question. Thank you. -- Raffi Krikorian Twitter Platform Team http://twitter.com/raffi
Re: [twitter-dev] Re: OAuth newbie question
The token is a posted parameter. The secret is part of the key for the signature. Ryan On Sat, Mar 6, 2010 at 5:55 PM, IDOLpeeps i...@idolpeeps.com wrote: I've overcome the nuances of generating the oauth signature. It shocks me that the API documentation provides no clear indication of how to send the tokens along with an API call. It's not even a PHP- specific question. Simply put: Where do the oauth_token and oauth_token_secret get embedded in API call: As posted parameters? If so, with what parameter names? Can anybody provide guidance? I have seen many people ask this question, yet see no answer. As far as why one would want to use their own library vs. somebody else's, that's a question for the ages. One specific answer is that many of us have created our own application-specific libraries that accommodate traditional http authentication and we'd like to keep our libraries when we add Oauth. To do so, it's best to have an answer to this question. Thank you.
