Re: [twitter-dev] Having Problem in the first step to use Twitter API with OAUTH for JAVASCRIPT
Well, it's definitely possible with JavaScript and even as a Web Application, but only in one of these cases : * User marks the web application as trusted, to avoid cross-domain restrictions * Twitter implements Mozilla's cross-domain XHR method * From a file:// location or another location that has full scripting access The most common way of doing this is sending all requests via a server-side proxy. Also, I *must* point out that your current approach, with OAuth keys plaintext in the code, is in violation of the Twitter API TOS. You have to make it harder for people to find those keys. Tom On 4/28/11 6:25 PM, Victor wrote: Hi There!. I am having problems using the OAUTH authentication from an web based application developed in javascript. Basically i can do the first step requesting a Request Token using submit a form. But i cannot make it work with an ajax request. I guess that this step the application must do it in background hidden from the final user. The final user hasn't to press a button to submit a form to get the request token he probably doesn't even want to know what it's means... so,i insist, that there must be a way using ajax. to get a request token So, i tried and tried... looking across the web and the universe... and after a lot of work, finally i was able to get to be able to send a HTTP header for request token, and twitter answer me with a 200 HTML code (i see that using firebug, the net panel) , but there is NO text in the response!! I will copy paste the code that make things work with forms and apparently with XHR but it doesn't return anything. JUST PASTE IT IN A FILE, PUT A REAL CONSUMER KEY AND SECRET AND VIOLA THE RESULTS. Thanks for advance to all the readers!! Hope anyone can help me!. Víctor. !DOCTYPE html html head titleOAuth Sandbox/title script type=text/javascript src=sha1.js/script script type=text/javascript src=oauth.js/script /head body script var myConsumerKey ='A'; // HERE IT WAS A REAL KEY var myConsumerSecret ='B'; // HERE WAS A REAL SECRET requestToken(); function requestToken (form) { var accessor = { consumerSecret: myConsumerSecret, tokenSecret: '' }; var message = { method: POST, action: https://api.twitter.com/oauth/request_token;, parameters: { oauth_signature_method: HMAC-SHA1, oauth_consumer_key: myConsumerKey, oauth_callback: oob } }; OAuth.setTimestampAndNonce(message); OAuth.SignatureMethod.sign(message, accessor); // FILL THE FORM INPUTS WITH THE NECESARY PARAMETERS var parameterMap = OAuth.getParameterMap(message.parameters); for (var p in parameterMap) { if (p.substring(0, 6) == oauth_ form[p] != null form[p].name != null form[p].name != ) { form[p].value = parameterMap[p]; } } return true; } function requestTokenXHR () { var accessor = { consumerKey: myConsumerKey, consumerSecret: myConsumerSecret, tokenSecret: '' }; var message = { method: POST, action: https://api.twitter.com/oauth/request_token;, parameters: { oauth_signature_method: HMAC-SHA1, oauth_consumer_key: myConsumerKey, oauth_callback: oob } }; OAuth.setTimestampAndNonce(message); OAuth.completeRequest(message, accessor); OAuth.SignatureMethod.sign(message, accessor); var a = OAuth.SignatureMethod.normalizeParameters(message.parameters); var encodedParameters = OAuth.formEncode (message.parameters); var authorizationHeader = OAuth.getAuthorizationHeader(,message.parameters); var http = new XMLHttpRequest(); http.open(POST, message.action,
Re: [twitter-dev] Having Problem in the first step to use Twitter API with OAUTH for JAVASCRIPT
You cannot perform secure OAuth 1.0A in client side Javascript. It is insecure, unsupported, and entirely unrecommended. Unless you want to develop a server-side based Twitter API integration, you may want to look at Web Intents ( http://dev.twitter.com/pages/intents ) or @Anywhere instead ( http://dev.twitter.com/anywhere/begin ). @episod http://twitter.com/episod - Taylor Singletary On Thu, Apr 28, 2011 at 9:25 AM, Victor vitucho3...@gmail.com wrote: Hi There!. I am having problems using the OAUTH authentication from an web based application developed in javascript. Basically i can do the first step requesting a Request Token using submit a form. But i cannot make it work with an ajax request. I guess that this step the application must do it in background hidden from the final user. The final user hasn't to press a button to submit a form to get the request token he probably doesn't even want to know what it's means... so,i insist, that there must be a way using ajax. to get a request token So, i tried and tried... looking across the web and the universe... and after a lot of work, finally i was able to get to be able to send a HTTP header for request token, and twitter answer me with a 200 HTML code (i see that using firebug, the net panel) , but there is NO text in the response!! I will copy paste the code that make things work with forms and apparently with XHR but it doesn't return anything. JUST PASTE IT IN A FILE, PUT A REAL CONSUMER KEY AND SECRET AND VIOLA THE RESULTS. Thanks for advance to all the readers!! Hope anyone can help me!. Víctor. !DOCTYPE html html head titleOAuth Sandbox/title script type=text/javascript src=sha1.js/script script type=text/javascript src=oauth.js/script /head body script var myConsumerKey ='A'; // HERE IT WAS A REAL KEY var myConsumerSecret ='B'; // HERE WAS A REAL SECRET requestToken(); function requestToken (form) { var accessor = { consumerSecret: myConsumerSecret, tokenSecret: '' }; var message = { method: POST, action: https://api.twitter.com/oauth/request_token;, parameters: { oauth_signature_method: HMAC-SHA1, oauth_consumer_key: myConsumerKey, oauth_callback: oob } }; OAuth.setTimestampAndNonce(message); OAuth.SignatureMethod.sign(message, accessor); // FILL THE FORM INPUTS WITH THE NECESARY PARAMETERS var parameterMap = OAuth.getParameterMap(message.parameters); for (var p in parameterMap) { if (p.substring(0, 6) == oauth_ form[p] != null form[p].name != null form[p].name != ) { form[p].value = parameterMap[p]; } } return true; } function requestTokenXHR () { var accessor = { consumerKey: myConsumerKey, consumerSecret: myConsumerSecret, tokenSecret: '' }; var message = { method: POST, action: https://api.twitter.com/oauth/request_token;, parameters: { oauth_signature_method: HMAC-SHA1, oauth_consumer_key: myConsumerKey, oauth_callback: oob } }; OAuth.setTimestampAndNonce(message); OAuth.completeRequest(message, accessor); OAuth.SignatureMethod.sign(message, accessor); var a = OAuth.SignatureMethod.normalizeParameters(message.parameters); var encodedParameters = OAuth.formEncode (message.parameters); var authorizationHeader = OAuth.getAuthorizationHeader(,message.parameters); var http = new XMLHttpRequest(); http.open(POST, message.action, false); //Send the proper header information along with the request http.setRequestHeader(Content-type,