subject:"Re\: \[twitter\-dev\] Having Problem in the first step to use Twitter API with OAUTH for JAVASCRIPT"

Re: [twitter-dev] Having Problem in the first step to use Twitter API with OAUTH for JAVASCRIPT

2011-04-28 Thread Tom van der Woerdt

Well, it's definitely possible with JavaScript and even as a Web 
Application, but only in one of these cases :
 * User marks the web application as trusted, to avoid cross-domain 
restrictions

 * Twitter implements Mozilla's cross-domain XHR method
 * From a file:// location or another location that has full scripting 
access


The most common way of doing this is sending all requests via a 
server-side proxy.


Also, I *must* point out that your current approach, with OAuth keys 
plaintext in the code, is in violation of the Twitter API TOS. You have 
to make it harder for people to find those keys.


Tom


On 4/28/11 6:25 PM, Victor wrote:

Hi There!.
I am having problems using the OAUTH authentication from an web based
application developed in javascript.
Basically i can do the first step requesting a Request Token using
submit a form. But i cannot make it work with an ajax request.
I guess that this step the application must do it in background
hidden from the final user.
The final user hasn't to press a button to submit a form to get the
request token he probably doesn't even want to know what it's
means... so,i  insist, that there must be a way using ajax. to get a
request token
So, i tried and tried... looking across the web and the universe...
and after a lot of work, finally i was able to get to be able to send
a HTTP header for request token, and twitter answer me with a 200 HTML
code (i see that using firebug, the net panel) , but there is NO text
in the response!!
I will copy paste the code that make things work with forms and
apparently with XHR but it doesn't return anything.

JUST PASTE IT IN A FILE, PUT A REAL CONSUMER KEY AND SECRET AND VIOLA
THE RESULTS.
Thanks for advance to all the readers!!
Hope anyone can help me!.
Víctor.

!DOCTYPE html
html
 head
 titleOAuth Sandbox/title
script type=text/javascript src=sha1.js/script
script type=text/javascript src=oauth.js/script
 /head
 body
 script
var myConsumerKey ='A'; // HERE IT WAS A REAL KEY
var myConsumerSecret ='B'; // HERE WAS A REAL SECRET
requestToken();

function requestToken (form)
{
var accessor = {
consumerSecret: myConsumerSecret,
tokenSecret: ''
};

var message = {
method: POST,
action: 
https://api.twitter.com/oauth/request_token;,
parameters: {
oauth_signature_method: HMAC-SHA1,
oauth_consumer_key: myConsumerKey,
oauth_callback: oob
}
};
OAuth.setTimestampAndNonce(message);
OAuth.SignatureMethod.sign(message, accessor);

// FILL THE FORM INPUTS WITH THE NECESARY PARAMETERS
var parameterMap = 
OAuth.getParameterMap(message.parameters);
for (var p in parameterMap) {
if (p.substring(0, 6) == oauth_  form[p] != 
null
form[p].name != null  form[p].name != )
{
form[p].value = parameterMap[p];
}
}
return true;
}

function requestTokenXHR ()
{

var accessor = {
consumerKey: myConsumerKey,
consumerSecret: myConsumerSecret,
tokenSecret: ''
};

var message = {
method: POST,
action: 
https://api.twitter.com/oauth/request_token;,
parameters: {
oauth_signature_method: HMAC-SHA1,
oauth_consumer_key: myConsumerKey,
oauth_callback: oob
}
};
OAuth.setTimestampAndNonce(message);
OAuth.completeRequest(message, accessor);
OAuth.SignatureMethod.sign(message, accessor);
var a =
OAuth.SignatureMethod.normalizeParameters(message.parameters);
var encodedParameters = OAuth.formEncode 
(message.parameters);
var authorizationHeader =
OAuth.getAuthorizationHeader(,message.parameters);
var http = new XMLHttpRequest();
http.open(POST, message.action,

Re: [twitter-dev] Having Problem in the first step to use Twitter API with OAUTH for JAVASCRIPT

2011-04-28 Thread Taylor Singletary

You cannot perform secure OAuth 1.0A in client side Javascript. It is
insecure, unsupported, and entirely unrecommended.

Unless you want to develop a server-side based Twitter API integration, you
may want to look at Web Intents ( http://dev.twitter.com/pages/intents ) or
@Anywhere instead ( http://dev.twitter.com/anywhere/begin ).

@episod http://twitter.com/episod - Taylor Singletary


On Thu, Apr 28, 2011 at 9:25 AM, Victor vitucho3...@gmail.com wrote:

 Hi There!.
 I am having problems using the OAUTH authentication from an web based
 application developed in javascript.
 Basically i can do the first step requesting a Request Token using
 submit a form. But i cannot make it work with an ajax request.
 I guess that this step the application must do it in background
 hidden from the final user.
 The final user hasn't to press a button to submit a form to get the
 request token he probably doesn't even want to know what it's
 means... so,i  insist, that there must be a way using ajax. to get a
 request token
 So, i tried and tried... looking across the web and the universe...
 and after a lot of work, finally i was able to get to be able to send
 a HTTP header for request token, and twitter answer me with a 200 HTML
 code (i see that using firebug, the net panel) , but there is NO text
 in the response!!
 I will copy paste the code that make things work with forms and
 apparently with XHR but it doesn't return anything.

 JUST PASTE IT IN A FILE, PUT A REAL CONSUMER KEY AND SECRET AND VIOLA
 THE RESULTS.
 Thanks for advance to all the readers!!
 Hope anyone can help me!.
 Víctor.

 !DOCTYPE html
 html
head
titleOAuth Sandbox/title
script type=text/javascript src=sha1.js/script
script type=text/javascript src=oauth.js/script
/head
body
script
var myConsumerKey ='A'; // HERE IT WAS A REAL KEY
var myConsumerSecret ='B'; // HERE WAS A REAL SECRET
requestToken();

function requestToken (form)
{
var accessor = {
consumerSecret: myConsumerSecret,
tokenSecret: ''
};

var message = {
method: POST,
action: 
 https://api.twitter.com/oauth/request_token;,
parameters: {
oauth_signature_method: HMAC-SHA1,
oauth_consumer_key: myConsumerKey,
oauth_callback: oob
}
};
OAuth.setTimestampAndNonce(message);
OAuth.SignatureMethod.sign(message, accessor);

// FILL THE FORM INPUTS WITH THE NECESARY PARAMETERS
var parameterMap =
 OAuth.getParameterMap(message.parameters);
for (var p in parameterMap) {
if (p.substring(0, 6) == oauth_  form[p]
 != null 
 form[p].name != null  form[p].name != )
{
form[p].value = parameterMap[p];
}
}
return true;
}

function requestTokenXHR ()
{

var accessor = {
consumerKey: myConsumerKey,
consumerSecret: myConsumerSecret,
tokenSecret: ''
};

var message = {
method: POST,
action: 
 https://api.twitter.com/oauth/request_token;,
parameters: {
oauth_signature_method: HMAC-SHA1,
oauth_consumer_key: myConsumerKey,
oauth_callback: oob
}
};
OAuth.setTimestampAndNonce(message);
OAuth.completeRequest(message, accessor);
OAuth.SignatureMethod.sign(message, accessor);
var a =
 OAuth.SignatureMethod.normalizeParameters(message.parameters);
var encodedParameters = OAuth.formEncode
 (message.parameters);
var authorizationHeader =
 OAuth.getAuthorizationHeader(,message.parameters);
var http = new XMLHttpRequest();
http.open(POST, message.action, false);

//Send the proper header information along with the
 request
http.setRequestHeader(Content-type,

Re: [twitter-dev] Having Problem in the first step to use Twitter API with OAUTH for JAVASCRIPT

Re: [twitter-dev] Having Problem in the first step to use Twitter API with OAUTH for JAVASCRIPT

2 matches

Site Navigation

Mail list logo

Footer information