Hi Christian,
Unless you're operating in a safe Javascript environment (like Palm's WebOS,
or using server-side Javascript), it's not recommended to use OAuth 1.0a in
Javascript because your consumer secret will be in plaintext and easily
viewed/crawled/scraped/abused.
Aside from security issues, it's also very difficult to accomplish in
Javascript, as you'll need a library that correctly implements the HMAC-SHA1
algorithm -- which I've personally not found yet -- but not impossible.
While others on this list might offer some assistance, I recommend not
trying to use the API with OAuth via Javascript and jQuery and use @Anywhere
instead http://dev.twitter.com/anywhere
Taylor
On Fri, Jun 18, 2010 at 2:35 PM, cosenary wrote:
> Hello,
>
> I'm new to Twitter API and I try to create an easy jQuery script which
> allows me to load the userprofile data (http://dev.twitter.com/doc/get/
> account/verify_credentials). I already requested the oauth_token and
> the oauth_token_secret (with php).
>
> But I don't know the purpose of the oauth_token and the
> oauth_token_secret. I tried to make a code with which I have access to
> Twitter API. (I use this md5 jQuery plugin:
> http://plugins.jquery.com/files/jquery.md5.js.txt)
>
> Can someone help me to get along with Twitter API and jQuery.
>
> My jQuery code:
>
> function microtime(get_as_float) {
>var now = new Date().getTime() / 1000;
>var s = parseInt(now, 10);
>return (get_as_float) ? now : (Math.round((now - s) * 1000) /
> 1000) + ' ' + s;
> }
>
> function nonce() {
>var mt = microtime(true);
>var rand = mt_rand();
>var md5_hash = $.md5(mt + rand); // md5 jQuery Plugin
>return md5_hash;
> }
>
> // API settings
> var access_token = "14152914-
> cbkQ5eR81FyMGfcenqChF5LWLvClHA8xDUQxlNd";
> var consumer_key = "UVITPP0P9C0Ab1XoaiyRqQ";
> var signature = "HMAC-SHA1";
>
> // API call
> var tw_api_url = "http://api.twitter.com/1/account/
> verify_credentials.json?oauth_token="+access_token
> +"&oauth_timestamp="+event.timeStamp
> +"&oauth_consumer_key="+consumer_key
> +"&oauth_signature_method="+signature+"&oauth_nonce="+nonce();
>
> $.post(tw_api_url, function(json) {
>alert(json);
> }, "json");
>
> Thanks in advance for your help,
>
> Christian
>