You cannot perform secure OAuth 1.0A in client side Javascript. It is insecure, unsupported, and entirely unrecommended.
Unless you want to develop a server-side based Twitter API integration, you may want to look at Web Intents ( http://dev.twitter.com/pages/intents ) or @Anywhere instead ( http://dev.twitter.com/anywhere/begin ). @episod <http://twitter.com/episod> - Taylor Singletary On Thu, Apr 28, 2011 at 9:25 AM, Victor <[email protected]> wrote: > Hi There!. > I am having problems using the OAUTH authentication from an web based > application developed in javascript. > Basically i can do the first step requesting a "Request Token" using > submit a form. But i cannot make it work with an ajax request. > I guess that this step the application must do it in "background" > hidden from the final user. > The final user hasn't to press a button to submit a form to get the > request token.... he probably doesn't even want to know what it's > means... so,i insist, that there must be a way using ajax. to get a > request token > So, i tried and tried... looking across the web and the universe... > and after a lot of work, finally i was able to get to be able to send > a HTTP header for request token, and twitter answer me with a 200 HTML > code (i see that using firebug, the net panel) , but there is NO text > in the response!! > I will copy paste the code that make things work with forms and > apparently with XHR but it doesn't return anything. > > JUST PASTE IT IN A FILE, PUT A REAL CONSUMER KEY AND SECRET AND VIOLA > THE RESULTS. > Thanks for advance to all the readers!! > Hope anyone can help me!. > VĂctor. > > <!DOCTYPE html> > <html> > <head> > <title>OAuth Sandbox</title> > <script type="text/javascript" src="sha1.js"></script> > <script type="text/javascript" src="oauth.js"></script> > </head> > <body> > <script> > var myConsumerKey ='A'; // HERE IT WAS A REAL KEY > var myConsumerSecret ='B'; // HERE WAS A REAL SECRET > requestToken(); > > function requestToken (form) > { > var accessor = { > consumerSecret: myConsumerSecret, > tokenSecret: '' > }; > > var message = { > method: "POST", > action: " > https://api.twitter.com/oauth/request_token";, > parameters: { > oauth_signature_method: "HMAC-SHA1", > oauth_consumer_key: myConsumerKey, > oauth_callback: "oob" > } > }; > OAuth.setTimestampAndNonce(message); > OAuth.SignatureMethod.sign(message, accessor); > > // FILL THE FORM INPUTS WITH THE NECESARY PARAMETERS > var parameterMap = > OAuth.getParameterMap(message.parameters); > for (var p in parameterMap) { > if (p.substring(0, 6) == "oauth_" && form[p] > != null && > form[p].name != null && form[p].name != "") > { > form[p].value = parameterMap[p]; > } > } > return true; > } > > function requestTokenXHR () > { > > var accessor = { > consumerKey: myConsumerKey, > consumerSecret: myConsumerSecret, > tokenSecret: '' > }; > > var message = { > method: "POST", > action: " > https://api.twitter.com/oauth/request_token";, > parameters: { > oauth_signature_method: "HMAC-SHA1", > oauth_consumer_key: myConsumerKey, > oauth_callback: "oob" > } > }; > OAuth.setTimestampAndNonce(message); > OAuth.completeRequest(message, accessor); > OAuth.SignatureMethod.sign(message, accessor); > var a = > OAuth.SignatureMethod.normalizeParameters(message.parameters); > var encodedParameters = OAuth.formEncode > (message.parameters); > var authorizationHeader = > OAuth.getAuthorizationHeader("",message.parameters); > var http = new XMLHttpRequest(); > http.open("POST", message.action, false); > > //Send the proper header information along with the > request > http.setRequestHeader("Content-type", > "application/x-www-form- > urlencoded"); > http.setRequestHeader("Content-length", > encodedParameters.length); > http.onreadystatechange=function() > { > if (http.readyState==4) > { > > document.getElementById("myDiv").innerHTML=http.responseText; > } > } > http.send(encodedParameters); > } > > </script> > <form name="sender" method="POST" action="http://api.twitter.com/ > oauth/request_token" onSubmit="requestToken(this)"> > <input type="submit" value="Get Request Token "/><br/> > <input type="button" value="Get Request Token USING XHR" > onClick="requestTokenXHR()"/><br/> > consumer key: <input name="oauth_consumer_key" > type="text" size="64"/><br/> > signature method: <input name="oauth_signature_method" > type="text"/> > <input name="oauth_timestamp" > type="hidden"/> > <input name="oauth_nonce" > type="hidden"/> > <input name="oauth_signature" > type="hidden"/> > <input > name="oauth_callback" type="hidden" value="oob"/ > > > </form> > <div id="myDiv"> > </div> > </body> > </html> > > -- > Twitter developer documentation and resources: http://dev.twitter.com/doc > API updates via Twitter: http://twitter.com/twitterapi > Issues/Enhancements Tracker: > http://code.google.com/p/twitter-api/issues/list > Change your membership to this group: > http://groups.google.com/group/twitter-development-talk > -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
