On Oct 21, 11:28 pm, Nigel Cannings <nigelcanni...@googlemail.com>
> Sorry, I should have said that it is the authorization url that
> remains the same until a user actually accepts your application.
> It is the authorization url that becomes stale if reused, or unused
> for a period of time.  Access tokens, as you quite rightly say, don't
> expire unless revoked.

I'm going to call this a bug in Net::Twitter
specifically).  It caches the request_token and reuses it on
calls.  I don't see any reason it should.

So, with this simple fix to Net::Twitter::Role::OAuth, the example app
should work correctly, unmodified:

    diff --git a/lib/Net/Twitter/Role/OAuth.pm b/lib/Net/Twitter/Role/
    index 0bb48cc..a1994fc 100644
    --- a/lib/Net/Twitter/Role/OAuth.pm
    +++ b/lib/Net/Twitter/Role/OAuth.pm
    @@ -60,7 +60,7 @@ sub authorized {
     sub _get_auth_url {
         my ($self, $which_url, %params ) = @_;

    -    $self->_request_request_token(%params) unless $self-
    +    $self->_request_request_token(%params);

         my $uri = $self->$which_url;
         $uri->query_form(oauth_token => $self->request_token);

The example app can be modified to work with the un-patched ::OAuth by
clearing the request_token in sub twitter:

    sub twitter {
        my $nt = shift->{twitter} ||= Net::Twitter->new(traits => [qw/
API::REST OAuth/], %consumer_tokens);
        return $nt;

That way, a new Net::Twitter object isn't required on each request.

Thanks for posting your find, Nigel. It resulted in an important bug
If you find more, please post them at:

They'll get to me more directly, there.


Reply via email to