Hey,

Thanks for bringing this issue to my attention. I have opened an issue
for it here [1].
I will look into this and see what I can do to help resolve it. Shiplu
is probably on the right track
about this being cookie related. Will post updates here and on the
issue as I make progress.

Thanks,

Josh Roesslein
Tweepy author

On Thu, Dec 17, 2009 at 1:42 PM, shiplu <shiplu....@gmail.com> wrote:
> On Fri, Dec 18, 2009 at 2:22 AM, Josh Bleecher Snyder
> <joshar...@gmail.com> wrote:
>> Hi all,
>>
>> The tweepy twitter client uses api.twitter.com for the host for oauth calls:
>>
>>    REQUEST_TOKEN_URL = 'http://api.twitter.com/oauth/request_token'
>>    AUTHORIZATION_URL = 'http://api.twitter.com/oauth/authorize'
>>    AUTHENTICATE_URL = 'http://api.twitter.com/oauth/authenticate'
>>    ACCESS_TOKEN_URL = 'http://api.twitter.com/oauth/access_token'
>>
>> I've found that this works, until the user tries to sign out or sign
>> up during the authorization; if this happens, they get a 404. If,
>> however, twitter.com is used as the host:
>
>
> I think this happens due to cookie. People sign in twitter.com. not in
> api.twitter.com. When a user already signed in, the cookie's domain is
> twitter.com.
> Now if you redirect to http://api.twitter.com/oauth/authorize, browser
> wont load the cookie as its from twitter.com. It'll try to find
> cookies from api.twitter.com. But there is no cookie. So you have to
> sign in again I guess.
>
> Its better to use twitter.com instead of api.twitter.com when its one
> of those 4 oauth urls.
>
> --
> Shiplu Mokaddim
> My talks, http://talk.cmyweb.net
> Follow me, http://twitter.com/shiplu
> SUST Programmers, http://groups.google.com/group/p2psust
> Innovation distinguishes bet ... ... (ask Steve Jobs the rest)
>

Reply via email to