Thanks Taylor for the answer.
I guess it's very insecure beacuse all the person can see the
javascript code including the keys. ¿It is that the case?
I have read part of the documentation of twitter or OAUTH, but i
haven't seen a clue of that we can't use javascript for
authentications. In fact i found libraries.. the sha1.js and
oauth.js... so, my question is... if it is unsupported, why someone
bother to write code to that unsupported platform... i guess i'm not
the only one having this confusion.
However the javascript is for a widget in a nokia phone (don't
renember exactly the model... but one of the latest)... so i think
that will be unreadable. (At least to most programers).

Well... i see part of @anywhere... but there is a way to tweet
something using a box. I want that box to not exist, instead i want a
button that the user push and tweet a pre determined text for him.

Thanks again.
Víctor.

On Apr 28, 1:37 pm, Taylor Singletary <taylorsinglet...@twitter.com>
wrote:
> You cannot perform secure OAuth 1.0A in client side Javascript. It is
> insecure, unsupported, and entirely unrecommended.
>
> Unless you want to develop a server-side based Twitter API integration, you
> may want to look at Web Intents (http://dev.twitter.com/pages/intents) or
> @Anywhere instead (http://dev.twitter.com/anywhere/begin).
>
> @episod <http://twitter.com/episod> - Taylor Singletary
>
>
>
>
>
>
>
> On Thu, Apr 28, 2011 at 9:25 AM, Victor <vitucho3...@gmail.com> wrote:
> > Hi There!.
> > I am having problems using the OAUTH authentication from an web based
> > application developed in javascript.
> > Basically i can do the first step requesting a "Request Token" using
> > submit a form. But i cannot make it work with an ajax request.
> > I guess that this step the application must do it in "background"
> > hidden from the final user.
> > The final user hasn't to press a button to submit a form to get the
> > request token.... he probably doesn't even want to know what it's
> > means... so,i  insist, that there must be a way using ajax. to get a
> > request token
> > So, i tried and tried... looking across the web and the universe...
> > and after a lot of work, finally i was able to get to be able to send
> > a HTTP header for request token, and twitter answer me with a 200 HTML
> > code (i see that using firebug, the net panel) , but there is NO text
> > in the response!!
> > I will copy paste the code that make things work with forms and
> > apparently with XHR but it doesn't return anything.
>
> > JUST PASTE IT IN A FILE, PUT A REAL CONSUMER KEY AND SECRET AND VIOLA
> > THE RESULTS.
> > Thanks for advance to all the readers!!
> > Hope anyone can help me!.
> > Víctor.
>
> > <!DOCTYPE html>
> > <html>
> >    <head>
> >        <title>OAuth Sandbox</title>
> >                <script type="text/javascript" src="sha1.js"></script>
> >                <script type="text/javascript" src="oauth.js"></script>
> >    </head>
> >    <body>
> >        <script>
> >                var myConsumerKey ='A'; // HERE IT WAS A REAL KEY
> >                var myConsumerSecret ='B'; // HERE WAS A REAL SECRET
> >                requestToken();
>
> >                function requestToken (form)
> >                {
> >                        var accessor = {
> >                                consumerSecret: myConsumerSecret,
> >                                tokenSecret: ''
> >                        };
>
> >                        var message = {
> >                                method: "POST",
> >                                action: "
> >https://api.twitter.com/oauth/request_token";,
> >                                parameters: {
> >                                        oauth_signature_method: "HMAC-SHA1",
> >                                        oauth_consumer_key: myConsumerKey,
> >                                        oauth_callback: "oob"
> >                                }
> >                        };
> >                        OAuth.setTimestampAndNonce(message);
> >                        OAuth.SignatureMethod.sign(message, accessor);
>
> >                        // FILL THE FORM INPUTS WITH THE NECESARY PARAMETERS
> >                    var parameterMap =
> > OAuth.getParameterMap(message.parameters);
> >                        for (var p in parameterMap) {
> >                                if (p.substring(0, 6) == "oauth_" && form[p]
> > != null &&
> > form[p].name != null && form[p].name != "")
> >                                {
> >                                        form[p].value = parameterMap[p];
> >                                }
> >                        }
> >                        return true;
> >                }
>
> >                function requestTokenXHR ()
> >                {
>
> >                        var accessor = {
> >                                consumerKey: myConsumerKey,
> >                                consumerSecret: myConsumerSecret,
> >                                tokenSecret: ''
> >                        };
>
> >                        var message = {
> >                                method: "POST",
> >                                action: "
> >https://api.twitter.com/oauth/request_token";,
> >                                parameters: {
> >                                        oauth_signature_method: "HMAC-SHA1",
> >                                        oauth_consumer_key: myConsumerKey,
> >                                        oauth_callback: "oob"
> >                                }
> >                        };
> >                        OAuth.setTimestampAndNonce(message);
> >                        OAuth.completeRequest(message, accessor);
> >                        OAuth.SignatureMethod.sign(message, accessor);
> >                        var a =
> > OAuth.SignatureMethod.normalizeParameters(message.parameters);
> >                        var encodedParameters = OAuth.formEncode
> > (message.parameters);
> >                        var authorizationHeader =
> > OAuth.getAuthorizationHeader("",message.parameters);
> >                        var http = new XMLHttpRequest();
> >                        http.open("POST", message.action, false);
>
> >                        //Send the proper header information along with the
> > request
> >                        http.setRequestHeader("Content-type",
> > "application/x-www-form-
> > urlencoded");
> >                        http.setRequestHeader("Content-length",
> > encodedParameters.length);
> >                        http.onreadystatechange=function()
> >                        {
> >                                if (http.readyState==4)
> >                                {
>
> >  document.getElementById("myDiv").innerHTML=http.responseText;
> >                                }
> >                        }
> >                        http.send(encodedParameters);
> >                }
>
> >        </script>
> >    <form name="sender" method="POST" action="http://api.twitter.com/
> > oauth/request_token" onSubmit="requestToken(this)">
> >        <input type="submit" value="Get Request Token "/><br/>
> >                <input type="button" value="Get Request Token USING XHR"
> > onClick="requestTokenXHR()"/><br/>
> >        consumer key:     <input name="oauth_consumer_key"
> > type="text" size="64"/><br/>
> >        signature method: <input name="oauth_signature_method"
> > type="text"/>
> >                          <input name="oauth_timestamp"
> > type="hidden"/>
> >                          <input name="oauth_nonce"
> > type="hidden"/>
> >                          <input name="oauth_signature"
> > type="hidden"/>
> >                                                  <input
> > name="oauth_callback"         type="hidden" value="oob"/
>
> >    </form>
> >        <div id="myDiv">
> >        </div>
> >    </body>
> > </html>
>
> > --
> > Twitter developer documentation and resources:http://dev.twitter.com/doc
> > API updates via Twitter:http://twitter.com/twitterapi
> > Issues/Enhancements Tracker:
> >http://code.google.com/p/twitter-api/issues/list
> > Change your membership to this group:
> >http://groups.google.com/group/twitter-development-talk

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Reply via email to