Here's an idea: let's reverse engineer the top desktop and mobile
Twitter apps and use their oAuth keys to... Oh, wait, my bad: the top
desktop/mobile apps _don't_ use oAuth and boy will they take a UX
beating when they start.
But one day... :)
oAuth for desktop and mobile: making security
I love how oAuth's super delegation system works by getting apps to
reveal their Consumer Key and Consumer Secret to other apps so they
can... wait for it... masquerade as other apps.
Ah, gotta love oAuth security.
oAuth: don't share your username and password, share your Consumer Key
and Consume
>
> Here's an idea: let's reverse engineer the top desktop and mobile Twitter
> apps and use their oAuth keys to... Oh, wait, my bad: the top desktop/mobile
> apps _don't_ use oAuth and boy will they take a UX beating when they start.
>
> But one day... :)
>
maybe call me naive, but i for one, am
A bit of a tangent, but I would at least like a way to see what apps a
given user has. It would be great as an API method, but would even be
fine if it's just access to a page like http://twitter.com/oauth that
you can get when you are logged into Twitter...as it is currently,
there is no easy way
On 2/2/2010 5:31 AM, Raffi Krikorian wrote:
Here's an idea: let's reverse engineer the top desktop and mobile
Twitter apps and use their oAuth keys to... Oh, wait, my bad: the
top desktop/mobile apps _don't_ use oAuth and boy will they take a
UX beating when they start.
But o
Really, on Twitter's side, the oAuth bits of the process are just a
couple of variations of forms...so why not just let each application
define templates for those forms (and just give details on what fields
are required to be there and what placeholders need to be present so
Twitter can replace th
Hi Raffi,
maybe call me naive, but i for one, am not convinced the oauth experience
> has to suck.
>
> as mentioned before, i'm really open to having a discussion on how to make
> the oauth UX better. many people have already, and i encourage others to
> just drop me a line if you have ideas...
>
+10 for the thought behind the mail, though -1 for the tone.
I can understand the need for Twitter to filter out apps (violation of TOS,
still wet behind the ears, poor quality/reliabilty, etc), but I think the
filter can be a *show-all-apps-except-bad* instead of *
show-none-except-cherry-picked*
As a temporary stop-gap thingy, it isn't all that bad (from user's POV)
until true OAuth delegation arrives.
On Tue, Feb 2, 2010 at 2:58 PM, Aral Balkan wrote:
> I love how oAuth's super delegation system works by getting apps to
> reveal their Consumer Key and Consumer Secret to other apps so t
On Feb 2, 2010, at 8:14 AM, Aral Balkan wrote:
My app is not going to sell as well because I cannot get the source
parameter because I will not use a technology that is not ready for
prime time on my mobile app.
You’re complaining that your app will not sell well because the
twitter API,
> Given the large number of Twitter desktop clients out there, and I have
> yet to see one on a mass scale that uses oAuth yet, is the depreciation
> of Basic auth going to go off when planned?
Indeed. I know I'm waiting for the browser-less API before I make an
OAuth TTYtter.
--
-
> Really, on Twitter's side, the oAuth bits of the process are just a
> couple of variations of forms...so why not just let each application
> define templates for those forms (and just give details on what fields
> are required to be there and what placeholders need to be present so
> Twitter can
Leveling the playing field is "elephant in the room" easy:
Immediately ignore the source parameter on all Basic Auth calls. Right
now. It's a 5-second coding job.
If Tweetie, TweetDeck, et al want their app name back in the tweets,
sure, they can have it by all means. As soon as they've converted
To me, that little rectangle is the most unfair, hated and despised
area of the Twitter page.
You get your app listed there only if you're hand-on-the-bladder
friendly with someone important at Twitter (in which case it does not
matter that your app sucks), or if someone important at Twitter is
ha
Here, Here . I agree !
On Mon, Feb 1, 2010 at 23:00, PJB wrote:
>
> Right now, the "ad" in the sidebar on the right-hand side of
> Twitter.com is invariably: i) a micro, community, or feel-good sort of
> app, ii) a mega-app that most people already know about, that has VC,
> connections to Twi
Hello!
Some info:
http://twitter.com/oauth/authorize?oauth_token=Qpc0sU53wTy2Y68DHNZAcuUk6VeGxbojhmMvnZY0uQI
"An application would like to connect to your account"
"Sponsored Tweets by IZEA, Inc."
I'm developing a website which uses Twitter Oauth (PHP).
Current behavior is the following:
Whe
For some reason when I request my user_timeline it is only returning 7
results. Also if I use count to try and get 1 or 2 results it doesnt
show any. I definitely have more than 7 tweets, so can someone point
me in the right direction?
http://twitter.com/statuses/user_timeline.xml?screen_name=melo
With all that talk about OAuth, I thought I might share my experience
using it in for a mobile (j2me) twitter client.
I guess my approach is nothing new, and probably is not applicable to
iPhone apps because of the appstore distribution process, but anyways.
So the way I handle OAuth is as follow
I've tried to send request several times but without any success. I
even send message to meber of twitter team (j...@twitter.com)
Copy below. Please say what should I do to be whitelisted?
My apologies for emailing you directly, but the issue is so urgent I
can’t wait anymore.
I’m the author of
Another problem with this approach is that you are now required to have a
server. So now a developer would have the added expense of paying for a
server. Now if the developer already had a server, then it's a moot point,
but not all developers have their own hosted servers.
What happens when you
Most of the APIs will return at most 20 results, not exactly 20
results. Inappropriate tweets, such as deletions, etc., are filtered
out at read-time. I think some code paths attempt to fix up the cached
vector, where possible, but not all can and not all do. You can see
this happen when a subseque
> Leveling the playing field is "elephant in the room" easy:
>
> Immediately ignore the source parameter on all Basic Auth calls. Right
> now. It's a 5-second coding job.
Twitter has announced plans (see @ev's announcement in Dec.) to do almost
exactly that come June. Not quite instant gratifi
There is no need for second authorization. You need to save oauth token and
secret
in your db and use it next time he tries to login. These will be valid
unless he cancels
the connection with your application. Read more documentation at
https://docs.google.com/View?docID=dcf2dzzs_2339fzbfsf4 for Tw
Dear Sirs,
I was trying to do oAuth to use Twitter API but I was surprised that
TwitPic doesn't use this Authentication method ! so How could TwitPic
publish it's name when it updates the status ?
I mean if I use simple Auth method the message will be sent using API
which means Twitter API.
but W
I know, I know. It's a solution that works for me, - given the
resource limitation of a typical low end phone I decided to do most
processing on the server anyway.
I'm not trying to persuade everyone to do it this way, just sharing my
experience.
Anton
On Tue, Feb 2, 2010 at 2:09 PM, ryan alfor
However, if you *want* to force the user to authorize each time,
there's an easy way to do that. Just don't save the tokens when you
get them from Twitter!
On Tue, Feb 2, 2010 at 7:37 AM, lalit goklani wrote:
> There is no need for second authorization. You need to save oauth token and
> secret
>
They where grandfathered in. Any applications prior to OAuth are still
allowed to set the source
via basic auth until June when basic auth is planned to be shutdown. All new
applications may only
set the source parameter via OAuth.
On Tue, Feb 2, 2010 at 9:04 AM, Feras Allaou wrote:
> Dear Sirs,
Actually, we'll know the answers at Chirp or before. Chirp is the
watershed for Twitter and the developer ecosystem. Time as we know it
will be reckoned B.C. (Before Chirp) and A.D. (After Disclosures). ;-)
On Tue, Feb 2, 2010 at 9:16 AM, Isaiah Carew wrote:
>
> Leveling the playing field is "el
Aral,
What about the OAuth process do you see as sucking? And please answer with
two assumptions: 1) the environment is the iPhone and 2) the Twitter OAuth
page is optimized for mobile experiences.
Abraham
On Tue, Feb 2, 2010 at 05:14, Aral Balkan wrote:
> Hi Raffi,
>
> maybe call me naive, bu
The "Allow/Deny" prompt should be displayed every time if you are using
https://twitter.com/oauth/authorize?oauth_token=xyz. The prompt should only
be skipped on subsequent authentications if you send users to
https://twitter.com/oauth/authenticate?oauth_token=xyz. Verify which one you
are using an
You can also use 'force_login=true' parameter passed along with token while
you are getting the authorization url for the link. That will
always make user to login to twitter irrespective of they are logged in.
--
Thanks.
Lalit
Twitter Facebook Application - http://www.twitsfb.com
Article Directo
How so? What do you think will be the significance of chirp for desktop OAuth?
Was there an announcement that I missed?
isaiah
http://twitter.com/isaiah
On Feb 2, 2010, at 10:30 AM, M. Edward (Ed) Borasky wrote:
> Actually, we'll know the answers at Chirp or before. Chirp is the
> watershed f
Only old apps can do this. New apps cannot use it.
That's not the only ticket open on the subject.
Issues 1239 and 1229 exist, so did 1350.
And it's a big problem for my team, namely because we can't create and
then delete lists for our unit tests, and many people rely on our
library.
I hope this is resolved soon.
On Dec 30 2009, 10:12 am, Yusu
With the proliferation of services like Google App Engine finding free or
cheap sever resources is easy.
Abraham
On Tue, Feb 2, 2010 at 06:09, ryan alford wrote:
> Another problem with this approach is that you are now required to have a
> server. So now a developer would have the added expens
I'm presently migrating some of my code base to the Streaming API, and
I have a question regarding the filter/track syntax.
Currently I run multiple searches on frequencies from 1 minute to 1
hour (based on output volume). Let's say for example the following 2
searches. "happy OR sad" and ":) O
To paraphrase Heinlein, 'There is no such thing as a free server."
On Tue, Feb 2, 2010 at 1:02 PM, Abraham Williams <4bra...@gmail.com> wrote:
> With the proliferation of services like Google App Engine finding free or
> cheap sever resources is easy.
> Abraham
>
> On Tue, Feb 2, 2010 at 06:09, ry
There's a whole chunk of the hacking session devoted to oAuth.
On Tue, Feb 2, 2010 at 10:49 AM, Isaiah Carew wrote:
> How so? What do you think will be the significance of chirp for desktop
> OAuth? Was there an announcement that I missed?
>
> isaiah
> http://twitter.com/isaiah
> On Feb 2, 2010
Your assumption is correct. You'll have to do your own parsing.
On Feb 2, 12:52 pm, Ronald wrote:
> I'm presently migrating some of my code base to the Streaming API, and
> I have a question regarding the filter/track syntax.
>
> Currently I run multiple searches on frequencies from 1 minute to 1
Ronald,
In my opinion, if:
a) You don't so much care about getting every single tweet that
contains the keywords, but can live with the tweets being filtered and
ranked for relevance (not a bad thing at all);
b) You don't mind now and again getting a rate limit error; and
c) You have search nee
I am finally going to upgrade my existing Twitter application to use
OAuth and in trying to register that app I get the message
Unable to register this application. Check your registration settings.
What on earth does this mean? There is no additional information as to
what is wrong.
Mark
Hi,
I'm having the exact same problem, but i'm using this library,
http://code.google.com/p/oauth/, I can get the tweets from the time
line, and a lot of methods work fine, but not this one
http://twitter.com/statuses/update.xml..
Here's what my request looks like,
http://twitter.com/statuses/up
*Seesmic Look is old?
*
-
Pedro Junior
2010/2/2 Lukas Müller
> Only old apps can do this. New apps cannot use it.
>
Hi Ryan,
I tried getting the home timeline and a couple of other methods and
everything works, everything except the update status
here's my request:
http://twitter.com/statuses/update.xml?oauth_consumer_key=**&oauth_nonce=d985f559241ea3ba0fc9d6ae842e87a3&oauth_signature=hgWo0cdbttaQnUEEWkFU
Users of my library (TwitterVB) are reporting the same problem. this
library has been working for quite some time, we've made no changes to
the encoding, and now we're getting reports from several users that
statuses that contain the exclamation point ("!") are being rejected
for "incorrect signat
At first I thought they must have changed the old Seesmic source to
Seesmic Look.
But no.
Here's a recent tweet from Seesmic:
http://twitter.com/CathyBrooks/status/8570217879
And here's a recent one from Seesmic Look:
http://twitter.com/adamse/status/8565271563
Seesmic Look uses Basic Auth.
Do
Raffi,
What's going on here?
Your credibility is at stake here. You've been telling us in many
posts that new apps must use OAuth to get a source attribution, and
only old grandfathered apps have source attribution with Basic Auth.
On Feb 2, 11:18 pm, Dewald Pretorius wrote:
> At first I though
Remember that the status update is different from most of the other
requests, because it adds the "status" parameter that is not in the other
requests. This means that it needs to be part of the query string and also
the signature. Leaving this out could cause an issue.
Ryan
Sent from my DROID
Huh? http://apiwiki.twitter.com/Twitter-REST-API-Method:-oauth-authorize
does not mention force_login.
http://apiwiki.twitter.com/Twitter-REST-API-Method:-oauth-authenticate
does.
However, /oauth/authenticate leaves the user logged into twitter.
On Feb 2, 12:00 pm, lalit goklani wrote:
> You c
I'm testing geotagging in an app, and the reply to the status update
indicates that the geotagged location was accepted, but when I view
the tweet on twitter.com, I can find no indication that the tweet has
been geotagged. In the end, I can't tell the difference between
failure and success...
I wa
App-engine is free to a point, and you do get (little) more than you pay
for. But that scheme carries a heavy price:
personally engraved downloads: one heavyweight op per subscriber (one-time
though),
having server-side resources proxy all mobile twitter interaction: way, way
to heavy for no real
Hi Jeffrey,
The Twitter web site does not display geotag information. Use a
Twitter service that does, such as http://bccth.is, to confirm
successful tagging of your tweets. Of course, retrieving the tweets in
question via the API, would also reveal the geotag info.
Best,
Michael
On F
52 matches
Mail list logo