[twitter-dev] Re: OAuth question
Last I heard it changes nothing currently. There might be some features restricted to it in the future like using the faster oauth/authenticate method. Abraham On Wed, Jul 22, 2009 at 01:03, hansamann sven.hai...@googlemail.com wrote: Hi all, I am using twitter OAuth which works just fine, but I am not sure what exactly this means on the oauth signup page: Use Twitter for login:Yes, use Twitter for login Does your application intend to use Twitter for authentication? What happens if I check this box? Will there be something different or is this just an internal tracking for Twitter so they know what people intend to do? Cheers Sven -- Abraham Williams | Community Evangelist | http://web608.org Hacker | http://abrah.am | http://twitter.com/abraham Project | http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private. Sent from Madison, WI, United States
[twitter-dev] Re: OAuth question
thanx, good to know. I am also wondering about one thing: - if a user has authorized himself (using the authorize URL, not authenticate... will try that out later) and does the same process again, e.g. get's redirected to the authorize URL again, but with a new request token of course, he is AGAIN asked to sign in. I am not sure why, twitter could in this case just know that the user is signed in already. Also looking into the cookies, there is a twitter session established. It could be the default is just to show the login screen again... Or... is this the little difference between the authentication / authorization call. In this case authorization will always ask the user to sign in, and grant access to my app, but not keep the signed in user for the next call (which will not happen many times of course, most people just authorize once per session or even less). Instead, the authentication process truely detects a already present twitter session and will NOT ask the user to sign in even if he should be signed in already. Is that correct? Cheers Sven On Jul 21, 11:26 pm, Abraham Williams 4bra...@gmail.com wrote: Last I heard it changes nothing currently. There might be some features restricted to it in the future like using the faster oauth/authenticate method. Abraham On Wed, Jul 22, 2009 at 01:03, hansamann sven.hai...@googlemail.com wrote: Hi all, I am using twitter OAuth which works just fine, but I am not sure what exactly this means on the oauth signup page: Use Twitter for login: Yes, use Twitter for login Does your application intend to use Twitter for authentication? What happens if I check this box? Will there be something different or is this just an internal tracking for Twitter so they know what people intend to do? Cheers Sven -- Abraham Williams | Community Evangelist |http://web608.org Hacker |http://abrah.am|http://twitter.com/abraham Project |http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private. Sent from Madison, WI, United States
[twitter-dev] Re: OAuth question
Yes, that is the difference. -Chad On Wed, Jul 22, 2009 at 2:44 AM, hansamannsven.hai...@googlemail.com wrote: thanx, good to know. I am also wondering about one thing: - if a user has authorized himself (using the authorize URL, not authenticate... will try that out later) and does the same process again, e.g. get's redirected to the authorize URL again, but with a new request token of course, he is AGAIN asked to sign in. I am not sure why, twitter could in this case just know that the user is signed in already. Also looking into the cookies, there is a twitter session established. It could be the default is just to show the login screen again... Or... is this the little difference between the authentication / authorization call. In this case authorization will always ask the user to sign in, and grant access to my app, but not keep the signed in user for the next call (which will not happen many times of course, most people just authorize once per session or even less). Instead, the authentication process truely detects a already present twitter session and will NOT ask the user to sign in even if he should be signed in already. Is that correct? Cheers Sven On Jul 21, 11:26 pm, Abraham Williams 4bra...@gmail.com wrote: Last I heard it changes nothing currently. There might be some features restricted to it in the future like using the faster oauth/authenticate method. Abraham On Wed, Jul 22, 2009 at 01:03, hansamann sven.hai...@googlemail.com wrote: Hi all, I am using twitter OAuth which works just fine, but I am not sure what exactly this means on the oauth signup page: Use Twitter for login: Yes, use Twitter for login Does your application intend to use Twitter for authentication? What happens if I check this box? Will there be something different or is this just an internal tracking for Twitter so they know what people intend to do? Cheers Sven -- Abraham Williams | Community Evangelist |http://web608.org Hacker |http://abrah.am|http://twitter.com/abraham Project |http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private. Sent from Madison, WI, United States
[twitter-dev] Re: OAuth question
On Wed, Jul 22, 2009 at 01:44, hansamann sven.hai...@googlemail.com wrote: thanx, good to know. I am also wondering about one thing: - if a user has authorized himself (using the authorize URL, not authenticate... will try that out later) and does the same process again, e.g. get's redirected to the authorize URL again, but with a new request token of course, he is AGAIN asked to sign in. I am not sure why, twitter could in this case just know that the user is signed in already. Also looking into the cookies, there is a twitter session established. I've found that if you go to twitter.com and sign in you will never get prompted to sign in for OAuth. But signing in for OAuth does not sign you in to twitter.com making you have to sign in for each OAuth allow. It could be the default is just to show the login screen again... Or... is this the little difference between the authentication / authorization call. In this case authorization will always ask the user to sign in, and grant access to my app, but not keep the signed in user for the next call (which will not happen many times of course, most people just authorize once per session or even less). Authenticate / authorize does not change if you have to sign in or not. Just if you have to click allow or if you just jump back to the application. Check out the flow chart at: http://apiwiki.twitter.com/Sign-in-with-Twitter Instead, the authentication process truely detects a already present twitter session and will NOT ask the user to sign in even if he should be signed in already. Is that correct? Cheers Sven On Jul 21, 11:26 pm, Abraham Williams 4bra...@gmail.com wrote: Last I heard it changes nothing currently. There might be some features restricted to it in the future like using the faster oauth/authenticate method. Abraham On Wed, Jul 22, 2009 at 01:03, hansamann sven.hai...@googlemail.com wrote: Hi all, I am using twitter OAuth which works just fine, but I am not sure what exactly this means on the oauth signup page: Use Twitter for login:Yes, use Twitter for login Does your application intend to use Twitter for authentication? What happens if I check this box? Will there be something different or is this just an internal tracking for Twitter so they know what people intend to do? Cheers Sven -- Abraham Williams | Community Evangelist |http://web608.org Hacker |http://abrah.am|http://twitter.com/abraham Project |http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private. Sent from Madison, WI, United States -- Abraham Williams | Community Evangelist | http://web608.org Hacker | http://abrah.am | http://twitter.com/abraham Project | http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private. Sent from Madison, WI, United States
[twitter-dev] Re: oAuth Question
On May 22, 6:39 am, Francis Shanahan francisshana...@gmail.com wrote: The question is how long is this Access token good for? I'm finding when a user comes back even as soon as a few hours the token no longer works and they have to go Grant again. Am I doing something wrong? You must be doing something wrong, because according to twitter the Access Token never expires. For more information see: http://apiwiki.twitter.com/OAuth-FAQ#Howlongdoesanaccesstokenlast -- Thanks. Hameedullah Khan @hameedullah
[twitter-dev] Re: oAuth Question
Hi Francis, You can always use same access token for further api calls. Use that same access token and try to see error log to check what goes wrong in your subsequent calls. Thanks Avi On May 22, 5:39 am, Francis Shanahan francisshana...@gmail.com wrote: I have oAuth working forhttp://tweetarun.com When the user Grants access I get the oAuth token back which is the request token. Then I exchange this for an Access token and I store this for use with all subsequent calls. The question is how long is this Access token good for? I'm finding when a user comes back even as soon as a few hours the token no longer works and they have to go Grant again. Am I doing something wrong? -fs
[twitter-dev] Re: oAuth Question
Thanks for the reply. Yes I figured I was doing something wrong but I'm not sure what. I've found subsequent calls work fine, up until a few hours. I figured my reading of the spec was wrong and I was storing the wrong oauth token or something but if that's not the case I'll at least stop trying to debug the protocol and focus elsewhere. -fs On May 22, 5:57 am, Hameedullah Khan hameed.u.k...@gmail.com wrote: On May 22, 6:39 am, Francis Shanahan francisshana...@gmail.com wrote: The question is how long is this Access token good for? I'm finding when a user comes back even as soon as a few hours the token no longer works and they have to go Grant again. Am I doing something wrong? You must be doing something wrong, because according to twitter the Access Token never expires. For more information see:http://apiwiki.twitter.com/OAuth-FAQ#Howlongdoesanaccesstokenlast -- Thanks. Hameedullah Khan @hameedullah
[twitter-dev] Re: OAuth question
Hi Derek, Abraham posted some stuff to this group a little while ago with a PHP Twitter OAuth library. That sounds like just what you're looking for. Checkout http://groups.google.com/group/twitter-development-talk/browse_thread/thread/d7aad614a764afc7 Thanks; — Matt Sanford / @mzsanford On Apr 7, 2009, at 09:50 PM, Derek Gathright wrote: So I'm able to authenticate receive the OAuth tokens, but I've yet to find any documentation on what exactly do with them after they're stored. So, instead of providing HTTP basic auth info, what specifically do I pass along with my request to say... update the user's status? Any PHP code examples that show full client support (found one or two that just do 1 call, such as... user-get_info). Thanks.