I'm having a devil of a time getting my application to connect to
Twitter via OAuth and the six-digit pin method.
I've been working with the excellent OAuth library from
ShannonWhitley:
http://www.voiceoftech.com/swhitley/?p=681
I'm able to get an authorization link, open a browser, and get the
, DWRoelands duane.roela...@gmail.com wrote:
Max,
Some time ago, Twitter stopped accepting the Source argument from
applications using Basic Auth. Any apps that had been using Basic
Auth before that point were grandfathered in. Any apps created
after that point need to use OAuth
not be the BEST solution, and I would
greatly appreciate hearing better ones.
On Jun 29, 10:18 am, Matt Sanford m...@twitter.com wrote:
Hi Duane,
When you get the 401 what does the body say?
Thanks;
– Matt Sanford / @mzsanford
Twitter Dev
On Jun 29, 2009, at 4:29 AM, DWRoelands wrote
I've looked at Bojan's implementation of OAuth, and his code does not
strip the query parameters in the way I described. I'm not using his
library (I'm trying to code a complete VB.NET client), but I can say
that it looks pretty solid and Bojan was very helpful to me when I had
questions about
This is really an excellent question.
If we're developing an open-source Twitter client, how are we supposed
to handle the consumer_key and consumer_key_secret?
On Jun 29, 7:58 pm, Support supp...@yourhead.com wrote:
2. Obfuscation of the application's registered key and secret.
Are there
Obrzut,
You don't need a webbrowser object in your VB application to
accomplish this. You can have your application open a web browser in
a new window. That's how I'm doing it in my Twitter client. Here's
an example:
Dim webAddress As String = http://www.google.com;
Process.Start(webAddress)
Could you be a little more specific?
If you follow another user, their tweets will show up in your list of
friends' updates. Does that not do what you need it to do?
On Jun 30, 2:13 pm, Richie richie.mor...@gmail.com wrote:
Is there a way using the Twitter API to subscribe to a user and
want to download their tweets - as I said. I don't want to just see
them in my list on Twitter. I want to download their tweets and store
them in an archive on my local machine.
On Jun 30, 4:19 pm, DWRoelands duane.roela...@gmail.com wrote:
Could you be a little more specific?
If you
I'm curious; why are you screen-scraping an HTML page in a Twitter
app?
On Jun 30, 4:09 pm, Obrzut sa...@peyoteuk.com wrote:
Dim w As New System.IO.StreamWriter(fs)
Page = Page.Replace(, )
Page = Page.Replace(- , )
Page = Page.TrimStart( )
to
register for their own OAuth credentials. This isn't ideal. I'd inquire over
athttp://groups.google.com/group/oauth
On Tue, Jun 30, 2009 at 06:04, DWRoelands duane.roela...@gmail.com wrote:
This is really an excellent question.
If we're developing an open-source Twitter client, how are we
You can absolutely authenticate in a web page, even if your
application is not a web application. Mine works that way.
Here's how it should go. Bojan, please correct me if I'm wrong.
1. Your application calls GetAuthorizationLink() to get the URL of the
authorization page (you've got this
I'm afraid that you'll need an OAuth library to be able to do what you
want. If you don't use OAuth, your posts will always show up as from
web.
On Jun 30, 3:02 pm, Max mnk...@gmail.com wrote:
Twitter4j is definitely not simple enough. All I want to know is how
can I send a status with my
.
On Tue, Jun 30, 2009 at 16:37, DWRoelands duane.roela...@gmail.com wrote:
Wait, the solution is that every -user- of an open-source Twitter
client would have to register for their own set of -consumer- keys?
That's not what you meant, is it?
On Jun 30, 4:39 pm, Alex Payne a...@twitter.com
If you check out the OAuth Core Abstract, Section 4 (http://oauth.net/
core/1.0#anchor4) states it pretty plainly:
Service Providers SHOULD NOT rely on the Consumer Secret as a method
to verify the Consumer identity, unless the Consumer Secret is known
to be inaccessible to anyone other than the
Obrzut:
My application does exactly what you say is impossible. The user
authenticates via the web browser, then my desktop application
completes the process using the six-digit PIN.
There's no need to fix any XML that comes from Twitter, and there's
no need to process any HTML from a web page.
That's not correct. Updates posted to Twitter via Basic Auth always
appear with a source of From Web (unless the application in question
was grandfathered in). Otherwise, it's not possible to impersonate
another application via Basic Auth.
On Jul 1, 9:34 am, Abraham Williams 4bra...@gmail.com
True, but none of that addresses the central points that I'm trying to
make:
1. The OAuth Core documentation says that providers should not rely on
the Consumer Secret to identify consumers.
2. Twitter's implementation of OAuth appears to do exactly what the
OAuth Core documentation says not to
Andrew,
The Consumer Secret is the key that has to be associated with my
application so that it can authenticate to Twitter. Regardless of how
I distribute it, I still have to distribute it with the source code in
order for the source code to work.
No amount of abstraction will prevent someone
Andrew,
I'm not talking about a -library-. I'm talking about a -client-. If
I want to produce a Twitter client, it needs its own Consumer Key and
Consumer Key Secret. If want to share the source code for that
client, I will also have to share it's Consumer Key and Consumer Key
Secret.
You
Andrew,
This isn't about credit in the source parameter. It's about
application security.
Twitter has stated that Basic Auth will eventually be deprecated.
OAuth will eventually be the only method of authentication available.
When that happens, developers of open source clients will be forced
Nancy,
You're right - it is a bad idea. However, it appears to be the only
option that Twitter has left to open-source developers who wish to
implement OAuth. There doesn't seem to be any way around distributing
my application's Consumer Key Secret.
Regards,
Duane
On Jul 1, 11:17 am, Nancy
Actually, since Twitter has said that Basic Auth will eventually go
away, OAuth is going to be the only choice for authentication.
Twitter has forced the choice by implementing OAuth in the way that
they did.
Why should a user who chooses to support open source by using an open-
source Twitter
I'm not sure that Twitter exposes any API or web service that allows
you to programatically register a new application (which you need to
do to receive the Consumer Key and Consumer Key Secret).
Even if you could, that still requires the end user to compile the
source with a modified build
Mark,
Thanks for weighing in. Much appreciated. Here are my thoughts.
I see two separate issues here: User Authentication vs. Application
Authentication.
User Authentication: Ensuring that the Twitter user is who they say
they are.
Application Authentication: Ensuring that the Application is
24 matches
Mail list logo