Thanks Taylor for the answer. I guess it's very insecure beacuse all the person can see the javascript code including the keys. ¿It is that the case? I have read part of the documentation of twitter or OAUTH, but i haven't seen a clue of that we can't use javascript for authentications. In fact i found libraries.. the sha1.js and oauth.js... so, my question is... if it is unsupported, why someone bother to write code to that unsupported platform... i guess i'm not the only one having this confusion. However the javascript is for a widget in a nokia phone (don't renember exactly the model... but one of the latest)... so i think that will be unreadable. (At least to most programers).
Well... i see part of @anywhere... but there is a way to tweet something using a box. I want that box to not exist, instead i want a button that the user push and tweet a pre determined text for him. Thanks again. Víctor. On Apr 28, 1:37 pm, Taylor Singletary <[email protected]> wrote: > You cannot perform secure OAuth 1.0A in client side Javascript. It is > insecure, unsupported, and entirely unrecommended. > > Unless you want to develop a server-side based Twitter API integration, you > may want to look at Web Intents (http://dev.twitter.com/pages/intents) or > @Anywhere instead (http://dev.twitter.com/anywhere/begin). > > @episod <http://twitter.com/episod> - Taylor Singletary > > > > > > > > On Thu, Apr 28, 2011 at 9:25 AM, Victor <[email protected]> wrote: > > Hi There!. > > I am having problems using the OAUTH authentication from an web based > > application developed in javascript. > > Basically i can do the first step requesting a "Request Token" using > > submit a form. But i cannot make it work with an ajax request. > > I guess that this step the application must do it in "background" > > hidden from the final user. > > The final user hasn't to press a button to submit a form to get the > > request token.... he probably doesn't even want to know what it's > > means... so,i insist, that there must be a way using ajax. to get a > > request token > > So, i tried and tried... looking across the web and the universe... > > and after a lot of work, finally i was able to get to be able to send > > a HTTP header for request token, and twitter answer me with a 200 HTML > > code (i see that using firebug, the net panel) , but there is NO text > > in the response!! > > I will copy paste the code that make things work with forms and > > apparently with XHR but it doesn't return anything. > > > JUST PASTE IT IN A FILE, PUT A REAL CONSUMER KEY AND SECRET AND VIOLA > > THE RESULTS. > > Thanks for advance to all the readers!! > > Hope anyone can help me!. > > Víctor. > > > <!DOCTYPE html> > > <html> > > <head> > > <title>OAuth Sandbox</title> > > <script type="text/javascript" src="sha1.js"></script> > > <script type="text/javascript" src="oauth.js"></script> > > </head> > > <body> > > <script> > > var myConsumerKey ='A'; // HERE IT WAS A REAL KEY > > var myConsumerSecret ='B'; // HERE WAS A REAL SECRET > > requestToken(); > > > function requestToken (form) > > { > > var accessor = { > > consumerSecret: myConsumerSecret, > > tokenSecret: '' > > }; > > > var message = { > > method: "POST", > > action: " > >https://api.twitter.com/oauth/request_token";, > > parameters: { > > oauth_signature_method: "HMAC-SHA1", > > oauth_consumer_key: myConsumerKey, > > oauth_callback: "oob" > > } > > }; > > OAuth.setTimestampAndNonce(message); > > OAuth.SignatureMethod.sign(message, accessor); > > > // FILL THE FORM INPUTS WITH THE NECESARY PARAMETERS > > var parameterMap = > > OAuth.getParameterMap(message.parameters); > > for (var p in parameterMap) { > > if (p.substring(0, 6) == "oauth_" && form[p] > > != null && > > form[p].name != null && form[p].name != "") > > { > > form[p].value = parameterMap[p]; > > } > > } > > return true; > > } > > > function requestTokenXHR () > > { > > > var accessor = { > > consumerKey: myConsumerKey, > > consumerSecret: myConsumerSecret, > > tokenSecret: '' > > }; > > > var message = { > > method: "POST", > > action: " > >https://api.twitter.com/oauth/request_token";, > > parameters: { > > oauth_signature_method: "HMAC-SHA1", > > oauth_consumer_key: myConsumerKey, > > oauth_callback: "oob" > > } > > }; > > OAuth.setTimestampAndNonce(message); > > OAuth.completeRequest(message, accessor); > > OAuth.SignatureMethod.sign(message, accessor); > > var a = > > OAuth.SignatureMethod.normalizeParameters(message.parameters); > > var encodedParameters = OAuth.formEncode > > (message.parameters); > > var authorizationHeader = > > OAuth.getAuthorizationHeader("",message.parameters); > > var http = new XMLHttpRequest(); > > http.open("POST", message.action, false); > > > //Send the proper header information along with the > > request > > http.setRequestHeader("Content-type", > > "application/x-www-form- > > urlencoded"); > > http.setRequestHeader("Content-length", > > encodedParameters.length); > > http.onreadystatechange=function() > > { > > if (http.readyState==4) > > { > > > document.getElementById("myDiv").innerHTML=http.responseText; > > } > > } > > http.send(encodedParameters); > > } > > > </script> > > <form name="sender" method="POST" action="http://api.twitter.com/ > > oauth/request_token" onSubmit="requestToken(this)"> > > <input type="submit" value="Get Request Token "/><br/> > > <input type="button" value="Get Request Token USING XHR" > > onClick="requestTokenXHR()"/><br/> > > consumer key: <input name="oauth_consumer_key" > > type="text" size="64"/><br/> > > signature method: <input name="oauth_signature_method" > > type="text"/> > > <input name="oauth_timestamp" > > type="hidden"/> > > <input name="oauth_nonce" > > type="hidden"/> > > <input name="oauth_signature" > > type="hidden"/> > > <input > > name="oauth_callback" type="hidden" value="oob"/ > > > </form> > > <div id="myDiv"> > > </div> > > </body> > > </html> > > > -- > > Twitter developer documentation and resources:http://dev.twitter.com/doc > > API updates via Twitter:http://twitter.com/twitterapi > > Issues/Enhancements Tracker: > >http://code.google.com/p/twitter-api/issues/list > > Change your membership to this group: > >http://groups.google.com/group/twitter-development-talk -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
