Nic, We are aware that the current lack of dynamic callback is limiting for development. In the meantime, we wanted to get OAuth support restored while we (and the OAuth consortium) develop a fix for this vulnerability. We intend to address this constraint in the near future.
Thanks, Doug Williams Twitter API Support http://twitter.com/dougw On Thu, Apr 23, 2009 at 3:19 PM, Dr Nic <[email protected]> wrote: > > If we cannot run-time configure the callback URI then we'll need > multiple application registrations for development + production? > (assuming the need for absolute URIs) > > Cheers > Nic > > On Apr 24, 7:38 am, Matt Sanford <[email protected]> wrote: > > Hi there, > > > > I totally forgot about that change. Since the oauth callback is > > unsigned it was too easy to forge that data. I'm trying to find a good > > way to include it but right now calling verify_credentials is the best > > work around. > > > > Thanks; > > – Matt Sanford / @mzsanford > > Twitter API Developer > > > > On Apr 23, 2009, at 02:31 PM, mikehar wrote: > > > > > > > > > > > > > However, the callback no longer contains the user info. Why did this > > > change? > > > > > You can get the user info by calling account/ > > > verify_credentials.format. > > > > > On Apr 23, 2:20 pm, "@pud" <[email protected]> wrote: > > >> Great work @al3x and the rest of the Twitter crew! > > > > >> My oAuth seems to be working once again: > http://fast140.com/oauth/authorize >
