Re: OAuth callback for local dev testing

Tue, 17 Feb 2009 15:52:28 -0800 

I'm also noticing this bug...looks like twitter just blindly appends ?
oauth_token=xyz to the oauth_callback URL without first checking
whether the oauth_callback URL itself already contains a query string.
I checked on http://code.google.com/p/twitter-api/issues/list but I
don't see an open issue yet--should I open one, or is Matt or someone
else already doing it?

Thanks! :) js


On Feb 17, 7:26 am, Matt Sanford <[email protected]> wrote:
> Hi Karl,
>
>      That sounds like bug, please open an issue at 
> http://code.google.com/p/twitter-api/issues/list
>
> Thanks;
>    — Matt Sanford
>
> On Feb 14, 2009, at 04:55 PM, Karl Adam wrote:
>
>
>
> > It seems that twitter incorrectly handles the oauth_callback parameter
> > when it's a custom URI. While testing MPOAuth with the API I noticed
> > that when it tried to use my custom URI handler it would incorrectly
> > append the callback URL relative to the twitter domain rather than as
> > a URL on its own.
>
> > The sequence is as follows: C for Consumer, U for User, P for
> > Producer
> > C1. Get Request Token
> > C2. Send Request Token and custom callback to user auth page
> > <NSMutableURLRequest
> >http://twitter.com/oauth/authorize?oauth_token=i6DUgOA9CHyDyidtVezmsU...
>
> > U1. Provide Credentials and hit allow
> > FORM submit to <NSMutableURLRequesthttp://twitter.com/oauth/
> > authorize>
> > P: Load page at <NSMutableURLRequesthttp://twitter.com/oauth/authorize
>
> > P: Redirect page to <NSMutableURLRequest
> >http://twitter.comx-com-mpoauth-mobile://success?
> > oauth_token=i6DUgOA9CHyDyidtVezmsUgy6oS9VLXOA9NUmNceO4>
>
> > I'm not sure why the server tried to redirect to that page, but that
> > is a valid URI so I can't see why it'd append it that way.
>
> > _Karl
>
> > On Feb 13, 7:51 am, Matt Sanford <[email protected]> wrote:
> >> Hi there,
>
> >>      You can always make up hostname and add it to your /etc/hosts
> >> file (or equivalent). We do have an issue filed to relax the URL
> >> restrictions.
>
> >> Thanks;
> >>    — Matt Sanford
>
> >> On Feb 13, 2009, at 01:20 AM, bear wrote:
>
> >>> Any chance of being allowed to use a callback URL that is local?
>
> >>>http://localhost:4000/callback/
>
> >>> This would let me test using my local resources and not have to
> >>> wrangle a server setup
>
> >>> thanks,

Reply via email to