Hi Romeo,
In order to make 'Sign in with Twitter' secure we do indeed now
return the request token, and you can then exchange that for an access
token. There is a ticket in place [1] to update the documentation to
match.
Thanks;
– Matt Sanford / @mzsanford
Twitter Dev
[1] - http://code.google.com/p/twitter-api/issues/detail?id=488
On May 31, 2009, at 12:12 AM, Romeo Olympia wrote:
Hi all,
So it looks like that the token being returned to the callback from
oauth/authenticate is now the same request token we sent. Can someone
please confirm this? This is the last message I found on the topic.
If this is the case, how are we supposed to proceed? Should we
exchange the request token for a new access token every time "Sign in
with Twitter" happens?
Thanks,
Romeo
On Apr 17, 9:31 pm, Matt Sanford <[email protected]> wrote:
Hi all,
This behavior (i.e. which token is returned) is likely to change
soon. Once again, stay tuned for updates.
— Matt
On Apr 17, 2009, at 01:02 AM, Abraham Williams wrote:
The oauth_token returned from oauth/authenticate is the key from the
users access tokens. as long as you store the access tokens you can
match the returned oauth_token with what is in your database.
On Fri, Apr 17, 2009 at 01:35, John Kristian <[email protected]>
wrote:
I'm having trouble using /oauth/authenticate, too. After
authenticating, Twitter redirects back to my consumer with a
different
oauth_token than the one I sent to initiate authentication. Twitter
APIs don't accept either token. Sending the original request token
to /oauth/access_token elicits HTTP 401 with an XML error "Invalid /
expired Token". Sending the second callback token elicits HTTP 500
Internal Server Error with an HTML body entitled "Twitter / Error".
When either token is used as an access token, Twitter responds with
401. The original request token elicits an XML error "Invalid /
expired Token"; the second token elicits "Failed to validate oauth
signature or token".
For signing I used the token secret associated with the original
request token. The user has already given permission to this
consumer.
Help?
On Apr 16, 12:25 pm, Dossy Shiobara <[email protected]> wrote:
I just tried out the oauth/authenticate - I supplied a
RequestToken and
it redirected back to my callback URL with an AccessToken ... but,
what's the token secret for this AccessToken? I only know the
secret
for the RequestToken I sent it ... Is the token secret the same
for the
AccessToken I get back?
--
Abraham Williams |http://the.hackerconundrum.com
Hacker |http://abrah.am|http://twitter.com/abraham
Web608 | Community Evangelist |http://web608.org
This email is: [ ] blogable [x] ask first [ ] private.
Sent from Madison, Wisconsin, United States
