My library is also OAuth 1.0a compliant:
    https://github.com/themattharris/tmhOAuth

@themattharris
Developer Advocate, Twitter
http://twitter.com/themattharris


On Thu, Dec 2, 2010 at 4:55 PM, Mike Davis (mcdavis) <mcda...@gmail.com>wrote:

> Anyone using PHP can use https://github.com/abraham/twitteroauth .
> It supports the oauth_verifier (as of its most recent update).
> Earlier versions of twitteroauth didn't support it and had a different
> parameter order for making requests, so if you're updating, be sure to
> check those things out.
>
> This guide will help those looking to be walked through a bit too -
>
> http://blancer.com/tutorials/73877/how-to-authenticate-users-with-twitter-oauth/
>
> On Dec 2, 7:19 pm, kprobe <goo...@kprobe.com> wrote:
> > I am using TwitterEPI library. Mine was out of date. Uploaded the
> > newest version and my app now works.
> > Mark
> >
> > On Dec 2, 7:06 pm, Tim Haines <tmhai...@gmail.com> wrote:
> >
> >
> >
> >
> >
> >
> >
> > > Hey Taylor,
> >
> > > Thanks for rolling this back.  It seems odd that you'd push this out
> without
> > > notice when you know it will break apps.  Or was there notice
> somewhere?
> >
> > > Can you deploy your new code to a test endpoint so people (myself
> included)
> > > can test that their new code complies with your new requirements?
> >
> > > Cheers,
> >
> > > Tim.
> >
> > > On Fri, Dec 3, 2010 at 7:59 AM, Taylor Singletary <
> >
> > > taylorsinglet...@twitter.com> wrote:
> > > > Hi Folks,
> >
> > > > We're going to rollback a subset of these changes for now. Before we
> give
> > > > this another try, we'll let everyone know the specific pain points
> and give
> > > > some time to adjust to them. In the meantime, those who experienced
> trouble
> > > > today will want to verify that their libraries are doing the right
> thing in
> > > > regard to the bullet points I posted above.
> >
> > > > Also useful is making sure that you don't send additional headers
> related
> > > > to basic auth in an OAuth request, that you're using the proper,
> versioned
> > > > api-subdomain end points, etc.
> >
> > > > Dave: It's pretty crucial that you send an oauth_verifier on the
> access
> > > > token step. It's not valid OAuth 1.0a without it.
> >
> > > > Sorry about the mess folks. We should never have let these bugs
> persist for
> > > > so long.
> >
> > > > Taylor
> >
> > > > On Thu, Dec 2, 2010 at 2:45 PM, Tom van der Woerdt <i...@tvdw.eu>
> wrote:
> >
> > > >> Waiting doesn't help solve the issue. The spec hasn't changed, the
> API is
> > > >> just a bit more watching for the mistakes which some developers tend
> to
> > > >> make.
> >
> > > >> I'd recommend diving into the code and fixing the errors, instead of
> > > >> asking the Twitter API team to accept your "broken" OAuth
> implementations.
> > > >> :-)
> >
> > > >> Tom
> >
> > > >> On 12/2/10 11:42 PM, LeeS - @semel wrote:
> >
> > > >>> I am using this library on all my sites:
> > > >>>https://github.com/jmathai/twitter-async,
> > > >>> all of which are now broken and fail to let anyone log in.
> >
> > > >>> Any way this can be rolled back until all the various oAuth
> libraries
> > > >>> people are using are brought up to date?
> >
> > > >>> Lee
> >
> > > >>> On Dec 2, 5:35 pm, Dave-twiends<i...@davesumter.com>  wrote:
> >
> > > >>>> Thanks Taylor, yip unfortunately I wrote my oauth code about 18
> months
> > > >>>> ago, before most of the libraries were out, so there could be
> anything
> > > >>>> wrong. It's probably not 100% spec compliant, which is probably
> why it
> > > >>>> broke.
> >
> > > >>>> I've tracked down the issue to the access_token exchange part of
> the
> > > >>>> process. The access token's that I have from before are still
> working,
> > > >>>> just can't get new ones. I've noticed I'm not passing
> oauth_verifier
> > > >>>> back in the request, which could be causing the issue..
> >
> > > >>>> Will let you guys know how I get on...
> >
> > > >>>> Thanks for the pointers
> > > >>>> Dave
> >
> > > >>>> On Dec 2, 9:57 pm, Taylor Singletary<taylorsinglet...@twitter.com
> >
> > > >>>> wrote:
> >
> > > >>>>  We've corrected a number of long-standing OAuth-related bug fixes
> --
> > > >>>>> mainly
> > > >>>>> in areas where we more liberal than we should have been when
> verifying
> > > >>>>> signatures.
> >
> > > >>>>  Here are a few things to verify:
> >
> > > >>>>  * Verify that you are using your consumer key where the consumer
> key is
> > > >>>>> supposed to go. Compare this to what you see for you app on
> > > >>>>> dev.twitter.com
> > > >>>>> * Likewise, verify that you are using your consumer secret where
> it is
> > > >>>>> supposed to go. Compare this to what you see for you app on
> > > >>>>> dev.twitter.com
> > > >>>>> * Laugh at the obviousness and absurdity of a check like that.
> Cry a
> > > >>>>> little
> > > >>>>> because we already know some people were doing the wrong thing
> here,
> > > >>>>> especially on end points that didn't require authentication.
> > > >>>>> * Verify that your timestamps are in range
> > > >>>>> * If you're sending a request to a resource that doesn't require
> > > >>>>> authentication but you're including OAuth credentials:
> > > >>>>>    - we used to just give you a free pass even if the credentials
> were
> > > >>>>> incorrect. Hey, it doesn't require auth, so why bother checking?
> > > >>>>>    - now we check this. if you pass us an OAuth header or
> anything that
> > > >>>>> looks like an OAuth-based request, we will check it for validity,
> even
> > > >>>>> if
> > > >>>>> it's a resource that doesn't require auth.
> >
> > > >>>>  We haven't changed anything about our actual core signature
> validation
> > > >>>>> code
> > > >>>>> -- what was a valid signature before should be a valid one now.
> We're
> > > >>>>> just
> > > >>>>> checking the validity in more use cases than we were previously,
> and
> > > >>>>> checking other validity points we were flexible with previously.
> >
> > > >>>>  Taylor
> >
> > > >>>>  On Thu, Dec 2, 2010 at 1:32 PM, Twitlonger<
> stu...@abovetheinternet.org
> > > >>>>> >wrote:
> >
> > > >>>>  I'm seeing a lot of invalid/expired token errors.
> >
> > > >>>>  On Dec 2, 9:21 pm, Dave-twiends<i...@davesumter.com>  wrote:
> >
> > > >>>>>>> I noticed I've just started getting 401's for all my oAuth
> requests.
> > > >>>>>>> Seems to be happening on more than one site for me.. My
> application
> > > >>>>>>> keys and status still look good..
> >
> > > >>>>  Just wondering if anyone else is having an issue..?
> >
> > > >>>>  --
> > > >>>>>> Twitter developer documentation and resources:
> > > >>>>>>http://dev.twitter.com/doc
> > > >>>>>> API updates via Twitter:http://twitter.com/twitterapi
> > > >>>>>> Issues/Enhancements Tracker:
> > > >>>>>>http://code.google.com/p/twitter-api/issues/list
> > > >>>>>> Change your membership to this group:
> > > >>>>>>http://groups.google.com/group/twitter-development-talk
> >
> > > >> --
> > > >> Twitter developer documentation and resources:
> http://dev.twitter.com/doc
> > > >> API updates via Twitter:http://twitter.com/twitterapi
> > > >> Issues/Enhancements Tracker:
> > > >>http://code.google.com/p/twitter-api/issues/list
> > > >> Change your membership to this group:
> > > >>http://groups.google.com/group/twitter-development-talk
> >
> > > >  --
> > > > Twitter developer documentation and resources:
> http://dev.twitter.com/doc
> > > > API updates via Twitter:http://twitter.com/twitterapi
> > > > Issues/Enhancements Tracker:
> > > >http://code.google.com/p/twitter-api/issues/list
> > > > Change your membership to this group:
> > > >http://groups.google.com/group/twitter-development-talk
>
> --
> Twitter developer documentation and resources: http://dev.twitter.com/doc
> API updates via Twitter: http://twitter.com/twitterapi
> Issues/Enhancements Tracker:
> http://code.google.com/p/twitter-api/issues/list
> Change your membership to this group:
> http://groups.google.com/group/twitter-development-talk
>

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Reply via email to