[twitter-dev] Re: OAuth question

[Chad Etzel]

Yes, that is the difference.
-Chad

On Wed, Jul 22, 2009 at 2:44 AM, hansamann wrote:
>
> thanx, good to know.
>
> I am also wondering about one thing:
>
> - if a user has authorized himself (using the authorize URL, not
> authenticate... will try that out later) and does the same process
> again, e.g. get's redirected to the authorize URL again, but with a
> new request token of course, he is AGAIN asked to sign in. I am not
> sure why, twitter could in this case just know that the user is signed
> in already. Also looking into the cookies, there is a twitter session
> established.
>
> It could be the default is just to show the login screen again...
>
> Or... is this the little difference between the authentication /
> authorization call. In this case authorization will always ask the
> user to sign in, and grant access to my app, but not keep the signed
> in user for the next call (which will not happen many times of course,
> most people just authorize once per session or even less).
>
> Instead, the authentication process truely detects a already present
> twitter session and will NOT ask the user to sign in even if he should
> be signed in already.
>
> Is that correct?
>
> Cheers
> Sven
>
> On Jul 21, 11:26 pm, Abraham Williams <4bra...@gmail.com> wrote:
>> Last I heard it changes nothing currently. There might be some
>> features restricted to it in the future like using the faster
>> oauth/authenticate method.
>> Abraham
>>
>>
>>
>> On Wed, Jul 22, 2009 at 01:03, hansamann  wrote:
>>
>> > Hi all,
>>
>> > I am using twitter OAuth which works just fine, but I am not sure what
>> > exactly this means on the oauth signup page:
>>
>> > Use Twitter for login:            Yes, use Twitter for login
>> > Does your application intend to use Twitter for authentication?
>>
>> > What happens if I check this box? Will there be something different or
>> > is this just an internal tracking for Twitter so they know what people
>> > intend to do?
>>
>> > Cheers
>> > Sven
>>
>> --
>> Abraham Williams | Community Evangelist |http://web608.org
>> Hacker |http://abrah.am|http://twitter.com/abraham
>> Project |http://fireeagle.labs.poseurtech.com
>> This email is: [ ] blogable [x] ask first [ ] private.
>> Sent from Madison, WI, United States

[twitter-dev] Re: OAuth question

[hansamann]

thanx, good to know.

I am also wondering about one thing:

- if a user has authorized himself (using the authorize URL, not
authenticate... will try that out later) and does the same process
again, e.g. get's redirected to the authorize URL again, but with a
new request token of course, he is AGAIN asked to sign in. I am not
sure why, twitter could in this case just know that the user is signed
in already. Also looking into the cookies, there is a twitter session
established.

It could be the default is just to show the login screen again...

Or... is this the little difference between the authentication /
authorization call. In this case authorization will always ask the
user to sign in, and grant access to my app, but not keep the signed
in user for the next call (which will not happen many times of course,
most people just authorize once per session or even less).

Instead, the authentication process truely detects a already present
twitter session and will NOT ask the user to sign in even if he should
be signed in already.

Is that correct?

Cheers
Sven

On Jul 21, 11:26 pm, Abraham Williams <4bra...@gmail.com> wrote:
> Last I heard it changes nothing currently. There might be some
> features restricted to it in the future like using the faster
> oauth/authenticate method.
> Abraham
>
>
>
> On Wed, Jul 22, 2009 at 01:03, hansamann  wrote:
>
> > Hi all,
>
> > I am using twitter OAuth which works just fine, but I am not sure what
> > exactly this means on the oauth signup page:
>
> > Use Twitter for login:            Yes, use Twitter for login
> > Does your application intend to use Twitter for authentication?
>
> > What happens if I check this box? Will there be something different or
> > is this just an internal tracking for Twitter so they know what people
> > intend to do?
>
> > Cheers
> > Sven
>
> --
> Abraham Williams | Community Evangelist |http://web608.org
> Hacker |http://abrah.am|http://twitter.com/abraham
> Project |http://fireeagle.labs.poseurtech.com
> This email is: [ ] blogable [x] ask first [ ] private.
> Sent from Madison, WI, United States

[twitter-dev] Re: OAuth question

[Abraham Williams]

Last I heard it changes nothing currently. There might be some
features restricted to it in the future like using the faster
oauth/authenticate method.
Abraham

On Wed, Jul 22, 2009 at 01:03, hansamann  wrote:

>
> Hi all,
>
> I am using twitter OAuth which works just fine, but I am not sure what
> exactly this means on the oauth signup page:
>
> Use Twitter for login:Yes, use Twitter for login
> Does your application intend to use Twitter for authentication?
>
> What happens if I check this box? Will there be something different or
> is this just an internal tracking for Twitter so they know what people
> intend to do?
>
> Cheers
> Sven
>



-- 
Abraham Williams | Community Evangelist | http://web608.org
Hacker | http://abrah.am | http://twitter.com/abraham
Project | http://fireeagle.labs.poseurtech.com
This email is: [ ] blogable [x] ask first [ ] private.
Sent from Madison, WI, United States

[twitter-dev] OAuth question

[hansamann]

Hi all,

I am using twitter OAuth which works just fine, but I am not sure what
exactly this means on the oauth signup page:

Use Twitter for login:Yes, use Twitter for login
Does your application intend to use Twitter for authentication?

What happens if I check this box? Will there be something different or
is this just an internal tracking for Twitter so they know what people
intend to do?

Cheers
Sven

[twitter-dev] Re: Updating the APIs authentication limiting policy

[Jesse Stay]

Josh, is there a way, without verify_credentials, to identify that users
have changed their Twitter passwords (and therefore you are no longer able
to authenticate for them)?  For client apps, I don't see this being as much
of a problem, but for server-based apps that run regular scripts on behalf
of users this could become a regular issue, which is why we were running it.
In addition, what is the best way with OAuth to identify the screen name of
an individual?  verify_credentials is the only way I'm aware of, unless
there's something I'm missing (which is probably very likely).  I'd love to
know if there's a better way.  A best practices doc on how to retrieve user
information, and how to best verify users have not changed their passwords
would certainly be useful I think.  I'd like to know how Twitter recommends
we do this.

Jesse

On Tue, Jul 21, 2009 at 8:50 PM, Josh Perry  wrote:

>
> To be honest ever since the x-rate-limit HTTP headers were added we
> removed the call to verify_credentials from our Twitter API layer.
>
> Every time that our Twitter API layer does an HTTP request it
> squirrels away the header values and any requests to our API from the
> application for rate-limit information is just fulfilled from those
> saved variables. So we don't need verify_credentials for rate-limit
> information
>
> Every time that our API does an HTTP request it watches for
> unauthorized HTTP responses, so we don't need verify_credentials to
> verify that our app is still authorized on the account or that the
> user's password is still the same.
>
> Every single twitter API method could be used to brute-force by
> sending HTTP auth headers and watching the HTTP response, but you are
> rate-limited to 150 requests/hour/ip, if this rate-limit is good
> enough for all the other attack vectors it should probably be good
> enough for verify_credentials. In fact verify_credentials is basically
> a nop function, which IMHO really isn't needed any longer.
>
> Josh
>
> On Jul 21, 7:00 pm, Doug Williams  wrote:
> > Devs --A change shipped last week that limited the number of times a user
> > could access the account/verify_credentials method [1] in a given hour.
> This
> > change proved hasty and short-sighted as pointed out by the subsequent
> > discussion [2]. We apologize to any developer that was adversely
> > affected. Given the problems, we want to fix this in a
> > public and transparent manner.
> > Like most web services, we limit the number of attempts users can make to
> > login to
> > their accounts on Twitter.com to prevent brute force dictionary
> > attacks. This same security is not extended to the platform
> > and leaves accounts vulnerable to the same method of attack through the
> API.
> >
> > The change we shipped to limit user accounts to 15 calls an hour to the
> > account/verify_credentials method [1] was intended to mitigate this risk.
> It
> > was thought to limit the number of tests a potential attack could run in
> the
> > hour, even in a distributed fashion. However, we only protected a single
> > resource which still leaves all other authenticated methods exposed as a
> > vector of attack (limited only by the API rate limit).
> >
> > Our thinking is now that we will limit the total number of unsuccessful
> > attempts to access authenticated resources to 15 an hour per user per IP
> > address. If a single IP address makes 15 attempts to access a protected
> > resource unsuccessfully for a given user (as indicated by an HTTP 401),
> then
> > the user will be locked out of authenticated resources from that IP
> address
> > for 1 hour.
> >
> > This scheme has all of the positive effects that we need, however we want
> to
> > make sure that we have thought through all of the potential problems on
> the
> > developer's side before we proceed with this change. Please contribute to
> > the subsequent discussion if you have an opinion or concern. Once we come
> to
> > an agreement, we will update with details and a timeline for shipping
> this
> > update.
> >
> > 1.http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-account%C2%A0ve.
> ..
> > 2.http://groups.google.com/group/twitter-development-talk/browse_thread.
> ..
> >
> > Regards,
> > Doug

[twitter-dev] Re: Twitter credentials

[Petermdenton]

Raj,
You might also want to describe what you are trying to do, and some  
can help you to understand the way they do it.


Thanks
Peter

On Jul 21, 2009, at 9:32 PM, raj  wrote:



1.Is there any twitter api method (php) to get credentials both
username and password
2.How to use oauth_token returned in call back url, with this token is
there any way to get twitter credentials both username and password,
Thanks for your help in advance!

[twitter-dev] Re: Twitter credentials

[Damon Clinkscales]

On Tue, Jul 21, 2009 at 11:32 PM, raj wrote:

> 1.Is there any twitter api method (php) to get credentials both
> username and password
> 2.How to use oauth_token returned in call back url, with this token is
> there any way to get twitter credentials both username and password,

No.

-damon

[twitter-dev] Re: Twitter credentials

[Mandakini kumari]

Hi

You don't need credentials username and password. Better to store oauth
token And oauth token secret in your database or cookie

On Wed, Jul 22, 2009 at 10:02 AM, raj  wrote:

>
> 1.Is there any twitter api method (php) to get credentials both
> username and password
> 2.How to use oauth_token returned in call back url, with this token is
> there any way to get twitter credentials both username and password,
> Thanks for your help in advance!
>



-- 
Regards
Mandakini

[twitter-dev] Twitter credentials

[raj]

1.Is there any twitter api method (php) to get credentials both
username and password
2.How to use oauth_token returned in call back url, with this token is
there any way to get twitter credentials both username and password,
Thanks for your help in advance!

[twitter-dev] Re: Search API: since_id is now unreliable

[Brooks Bennett]

Thanks for posting this Chad!

Doug, please keep us updated on how things progress with this issue so
we can pass along guidance to our user-base. Hopefully the
improvements will come in the near-term.

Thanks for all that you guys do!

Brooks

On Jul 21, 3:45 pm, Doug Williams  wrote:
> Chad,Your assessment is spot on.
>
> At the heart of search there are a number of data stores that accept queries
> (reads) while at the same time perform writes from an indexer. Heavy load --
> large numbers of queries, large number of writes or both, or both -- can
> cause the write replication between the indexer and various data stores to
> grow inconsistent when a particular data store is blocked on a read.
>
> Unfortunately there is no easy fix for this problem at the moment. The
> search team has grown considerably in the last couple of weeks so as they
> get up to speed, the feature set and stability of search should continue to
> improve.
>
> Thanks,
> Doug
>
>
>
> On Tue, Jul 21, 2009 at 11:57 AM, Chad Etzel  wrote:
>
> > Hi API Team,
>
> > A few of us have been discussing off list a funky behavior we have
> > been noticing and now users are starting to notice.
>
> > There is a problem for sites/apps like TweetGrid and TweetChat which
> > auto-refresh tweets based on the Search API using the since_id. People
> > are noticing that these sites are "missing tweets" when compared to
> > the search.twitter.com results page for the same query.
>
> > We believe what is happening is that the search servers are not
> > indexing tweets in a serial manner, and so a tweet with a higher id
> > may sneak into a search server and be indexed first before a tweet
> > with a lower id. This means that when the since_id is sent back from
> > the query (or derived from the first result in the results array),
> > using that since_id to refresh the query will miss lower id tweets
> > when they finally do get indexed. So the illusion of "missing tweets"
> > is created. You can run TweetGrid and TweetChat in separate tabs using
> > the same query and see that sometimes the results don't match up
> > because of this.
>
> > I'll try to give an example to be clear.
>
> > Let's say for the sake of simplicity that I'm searching for "twitter"
> > and that every 10th tweet in the public timeline matches. So, all
> > tweets ending in 0 match my query.
>
> > Search server 1 may index:
>
> > 20
> > 30
> > 40
> > 60
> > 70
>
> > (notice missing 50)
>
> > At the same time, Search server 2 may index:
>
> > 20
> > 30
> > 40
> > 50
>
> > (notice hasn't indexed 60 or 70 yet)
>
> > I send a query and get a response from Server 1 and get a since_id of
> > 70.  On my next request I use that since_id=70 and I'll never see
> > tweet 50.  Thus the "missing tweets".
>
> > This is quite annoying, especially now that users are noticing and
> > complaining to us (the app devs) that are apps are broken.
>
> > I cannot think of a good work around for this that would be simple
> > enough to implement and be worth the effort.
>
> > Is this behavior something anyone else can confirm? Are tweets
> > supposed to be indexed/replicated serially by the search servers?
>
> > -Chad

[twitter-dev] Re: Updating the APIs authentication limiting policy

[Josh Perry]

To be honest ever since the x-rate-limit HTTP headers were added we
removed the call to verify_credentials from our Twitter API layer.

Every time that our Twitter API layer does an HTTP request it
squirrels away the header values and any requests to our API from the
application for rate-limit information is just fulfilled from those
saved variables. So we don't need verify_credentials for rate-limit
information

Every time that our API does an HTTP request it watches for
unauthorized HTTP responses, so we don't need verify_credentials to
verify that our app is still authorized on the account or that the
user's password is still the same.

Every single twitter API method could be used to brute-force by
sending HTTP auth headers and watching the HTTP response, but you are
rate-limited to 150 requests/hour/ip, if this rate-limit is good
enough for all the other attack vectors it should probably be good
enough for verify_credentials. In fact verify_credentials is basically
a nop function, which IMHO really isn't needed any longer.

Josh

On Jul 21, 7:00 pm, Doug Williams  wrote:
> Devs --A change shipped last week that limited the number of times a user
> could access the account/verify_credentials method [1] in a given hour. This
> change proved hasty and short-sighted as pointed out by the subsequent
> discussion [2]. We apologize to any developer that was adversely
> affected. Given the problems, we want to fix this in a
> public and transparent manner.
> Like most web services, we limit the number of attempts users can make to
> login to
> their accounts on Twitter.com to prevent brute force dictionary
> attacks. This same security is not extended to the platform
> and leaves accounts vulnerable to the same method of attack through the API.
>
> The change we shipped to limit user accounts to 15 calls an hour to the
> account/verify_credentials method [1] was intended to mitigate this risk. It
> was thought to limit the number of tests a potential attack could run in the
> hour, even in a distributed fashion. However, we only protected a single
> resource which still leaves all other authenticated methods exposed as a
> vector of attack (limited only by the API rate limit).
>
> Our thinking is now that we will limit the total number of unsuccessful
> attempts to access authenticated resources to 15 an hour per user per IP
> address. If a single IP address makes 15 attempts to access a protected
> resource unsuccessfully for a given user (as indicated by an HTTP 401), then
> the user will be locked out of authenticated resources from that IP address
> for 1 hour.
>
> This scheme has all of the positive effects that we need, however we want to
> make sure that we have thought through all of the potential problems on the
> developer's side before we proceed with this change. Please contribute to
> the subsequent discussion if you have an opinion or concern. Once we come to
> an agreement, we will update with details and a timeline for shipping this
> update.
>
> 1.http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-account%C2%A0ve...
> 2.http://groups.google.com/group/twitter-development-talk/browse_thread...
>
> Regards,
> Doug

[twitter-dev] Re: Updating the APIs authentication limiting policy

[Scott]

Thanks for the update Doug.  Does this still apply to OAuth apps?
Also, if a user goes through an app and unsuccessfully attempts to
login 15 times will that app be blocked from authenticating anybody
for an hour or just that user?  The previous change seemed to block
the entire app from making an authentication request on anybody once
the limit had been hit.

[twitter-dev] Re: Too many requests in this time period. Try again later.

[Doug Williams]

Let's bring the discussion on the update to the new thread:
http://groups.google.com/group/twitter-development-talk/browse_thread/thread/2d68c74567bc9809

Thanks,
Doug




On Mon, Jul 20, 2009 at 10:08 PM, Doug Williams  wrote:

> Martin,
> The change certainly went out prematurely which is admittedly a
> mistake on our end. I will have details tomorrow morning to share
> about our fix.
>
> Thanks,
> Doug
>
>
>
>
> On Mon, Jul 20, 2009 at 7:45 PM, Martin Omander
> wrote:
> >
> > Doug,
> >
> > Thanks for letting us know about the new request limit. I was worried
> > something was wrong on my side. Like the others are saying; it would
> > have been nice with a heads-up.
> >
> > Cheers,
> >
> > /Martin
> >
>

[twitter-dev] Updating the APIs authentication limiting policy

[Doug Williams]

Devs --A change shipped last week that limited the number of times a user
could access the account/verify_credentials method [1] in a given hour. This
change proved hasty and short-sighted as pointed out by the subsequent
discussion [2]. We apologize to any developer that was adversely
affected. Given the problems, we want to fix this in a
public and transparent manner.
Like most web services, we limit the number of attempts users can make to
login to
their accounts on Twitter.com to prevent brute force dictionary
attacks. This same security is not extended to the platform
and leaves accounts vulnerable to the same method of attack through the API.

The change we shipped to limit user accounts to 15 calls an hour to the
account/verify_credentials method [1] was intended to mitigate this risk. It
was thought to limit the number of tests a potential attack could run in the
hour, even in a distributed fashion. However, we only protected a single
resource which still leaves all other authenticated methods exposed as a
vector of attack (limited only by the API rate limit).

Our thinking is now that we will limit the total number of unsuccessful
attempts to access authenticated resources to 15 an hour per user per IP
address. If a single IP address makes 15 attempts to access a protected
resource unsuccessfully for a given user (as indicated by an HTTP 401), then
the user will be locked out of authenticated resources from that IP address
for 1 hour.

This scheme has all of the positive effects that we need, however we want to
make sure that we have thought through all of the potential problems on the
developer's side before we proceed with this change. Please contribute to
the subsequent discussion if you have an opinion or concern. Once we come to
an agreement, we will update with details and a timeline for shipping this
update.

1.
http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-account%C2%A0verify_credentials
2.
http://groups.google.com/group/twitter-development-talk/browse_thread/thread/b057014336ff502b

Regards,
Doug

[twitter-dev] Re: Registering our application as browser-based or desktop

[Hedley Robertson]

If you set the oauth_callback with a value of "oob", it will not redirect
the user, but provide the PIN style authorization behavior.

See this older post on the new style of calling these params:

http://groups.google.com/group/twitter-api-announce/browse_thread/thread/472500cfe9e7cdb9

Hope this helps.

Hedley

On Tue, Jul 21, 2009 at 2:06 PM, Bradley Wagner wrote:

>
> Hi,
>
> I work on a Content Management System solution in which we're
> currently trying to integrate Twitter. Here is the issue:
>
> Our software is installed, so while it is browser-based there is not a
> consistent URL to redirect people to and thus nothing that really
> makes sense to fill out when registering our application.
>
> That said, I'd like to avoid to requiring the users of our software to
> visit a url and copy/paste a PIN to authorize our application to send
> updates to their twitter accounts.
>
> Is there a recommended way to do this? Where should that URL be
> redirecting them to? It's my understanding that if they visit the URL,
> an access token can be generated without the use of a pin (we're using
> twitter4j for this part). I guess we could just redirect them to our
> product's website or some page that says "go back into our app and
> click OK to enable the twitter connection".
>
> Thanks,
> Bradley
>

[twitter-dev] Registering our application as browser-based or desktop

[Bradley Wagner]

Hi,

I work on a Content Management System solution in which we're
currently trying to integrate Twitter. Here is the issue:

Our software is installed, so while it is browser-based there is not a
consistent URL to redirect people to and thus nothing that really
makes sense to fill out when registering our application.

That said, I'd like to avoid to requiring the users of our software to
visit a url and copy/paste a PIN to authorize our application to send
updates to their twitter accounts.

Is there a recommended way to do this? Where should that URL be
redirecting them to? It's my understanding that if they visit the URL,
an access token can be generated without the use of a pin (we're using
twitter4j for this part). I guess we could just redirect them to our
product's website or some page that says "go back into our app and
click OK to enable the twitter connection".

Thanks,
Bradley

[twitter-dev] Re: Keep getting suspended

[Bill Kocik]

On Jul 21, 3:48 am, sjespers  wrote:

> Because there is no AS2
> Twitter API, I'm using a server side API proxy. So, the Flash Lite app
> connects to mtwit.net > mtwit.net connects to Twitter.com > mtwit
> returns XML data to my app.

Is there some reason the app cannot connect directly to Twitter? I
understand there's no API (by which I think you mean existing
library), but Twitter's XML and JSON API isn't difficult to deal with
directly. I don't know enough about ActionScript to know if there's
some technical limitation requiring you to run a proxying app in the
middle.

> In theory, a limit of 2 means I can only support 133 concurrent
> users (if they all leave the app running for an hour).

I don't speak for Twitter, but that topic has come up on this list a
few times before, and it's easy to demonstrate mathematically (as
you've just done) that if you're doing auth'd requests on behalf of a
significant number of users, then there's an excellent chance
whitelisting is going to work against you rather than in your favor.

[twitter-dev] Re: Help on posting a link on Twitter...

[Tim]

I'm assuming your link should have an & instead of a second ? .

Bad
http://maps.google.com/maps?f=q?q=100.0,50.0%20%28SPOT%20NAME%29";

Good
http://maps.google.com/maps?f=q&q=100.0,50.0%20%28SPOT%20NAME%29";

On Jul 21, 2:53 pm, Travis Williams  wrote:
> I could really use some probably simple help on posting a Google Map
> link to Twitter, which comes from an app of mine through the API.
> Basically I'd want to post the entire link like this to twitter from
> my app:
>
> Here is the data I send twitter in the API:
>
> "is sharing the location for 
> NAME.http://maps.google.com/maps?f=q?q=100.0,50.0%20%28SPOT%20NAME%29";
>
> and twitter only posts:
>
> MYACCOUNT is sharing the location for SPOT NAME.http://maps.google.com/maps...
>
> "http://maps.google.com/maps..."; shows as a hyperlink, but the rest is
> truncated/missing.  And the link takes you to "http://maps.google.com/
> maps?f=q" and then stops.
>
> Are there more characters I should replace in the data before I send
> it to Twitter?  To replace the ?  or the in what I sent twitter and
> forward?  I tried %25 instead of a ?, etc.
>
> Please help.  Still picking up these HTML tricks!

[twitter-dev] Help on posting a link on Twitter...

[Travis Williams]

I could really use some probably simple help on posting a Google Map
link to Twitter, which comes from an app of mine through the API.
Basically I'd want to post the entire link like this to twitter from
my app:

Here is the data I send twitter in the API:

"is sharing the location for NAME.
http://maps.google.com/maps?f=q?q=100.0,50.0%20%28SPOT%20NAME%29";

and twitter only posts:

MYACCOUNT is sharing the location for SPOT NAME. http://maps.google.com/maps...

"http://maps.google.com/maps..."; shows as a hyperlink, but the rest is
truncated/missing.  And the link takes you to "http://maps.google.com/
maps?f=q" and then stops.

Are there more characters I should replace in the data before I send
it to Twitter?  To replace the ?  or the in what I sent twitter and
forward?  I tried %25 instead of a ?, etc.

Please help.  Still picking up these HTML tricks!

[twitter-dev] Re: Search API: since_id is now unreliable

[Doug Williams]

Chad,Your assessment is spot on.

At the heart of search there are a number of data stores that accept queries
(reads) while at the same time perform writes from an indexer. Heavy load --
large numbers of queries, large number of writes or both, or both -- can
cause the write replication between the indexer and various data stores to
grow inconsistent when a particular data store is blocked on a read.

Unfortunately there is no easy fix for this problem at the moment. The
search team has grown considerably in the last couple of weeks so as they
get up to speed, the feature set and stability of search should continue to
improve.

Thanks,
Doug



On Tue, Jul 21, 2009 at 11:57 AM, Chad Etzel  wrote:

>
> Hi API Team,
>
> A few of us have been discussing off list a funky behavior we have
> been noticing and now users are starting to notice.
>
> There is a problem for sites/apps like TweetGrid and TweetChat which
> auto-refresh tweets based on the Search API using the since_id. People
> are noticing that these sites are "missing tweets" when compared to
> the search.twitter.com results page for the same query.
>
> We believe what is happening is that the search servers are not
> indexing tweets in a serial manner, and so a tweet with a higher id
> may sneak into a search server and be indexed first before a tweet
> with a lower id. This means that when the since_id is sent back from
> the query (or derived from the first result in the results array),
> using that since_id to refresh the query will miss lower id tweets
> when they finally do get indexed. So the illusion of "missing tweets"
> is created. You can run TweetGrid and TweetChat in separate tabs using
> the same query and see that sometimes the results don't match up
> because of this.
>
> I'll try to give an example to be clear.
>
> Let's say for the sake of simplicity that I'm searching for "twitter"
> and that every 10th tweet in the public timeline matches. So, all
> tweets ending in 0 match my query.
>
> Search server 1 may index:
>
> 20
> 30
> 40
> 60
> 70
>
> (notice missing 50)
>
> At the same time, Search server 2 may index:
>
> 20
> 30
> 40
> 50
>
> (notice hasn't indexed 60 or 70 yet)
>
> I send a query and get a response from Server 1 and get a since_id of
> 70.  On my next request I use that since_id=70 and I'll never see
> tweet 50.  Thus the "missing tweets".
>
> This is quite annoying, especially now that users are noticing and
> complaining to us (the app devs) that are apps are broken.
>
> I cannot think of a good work around for this that would be simple
> enough to implement and be worth the effort.
>
> Is this behavior something anyone else can confirm? Are tweets
> supposed to be indexed/replicated serially by the search servers?
>
> -Chad
>

[twitter-dev] How many ID's are returned on API Call -> blocks blocking ids

[Tim]

I'm wondering how many ids are returned when you ask for the
authenticated users blocked id's.

The other id calls return 5,000 per page, but I was unsure on blocks.

Thanks.

[twitter-dev] Re: Twitter user Id

[jmathai]

Depends on how many users sign up for twitter. You should be plenty
safe with 32 bit signed integer.

On Jul 20, 2:20 pm, mattlf  wrote:
> Hi
> What is the size of a Twitter user Id ?
> Thank you

[twitter-dev] Re: 140 character limit overridden for Twitgoo?

[Abir]

yes just the twitgoo website

On Jul 21, 8:38 am, Justin Hart  wrote:
> Hi, what app were you using?  Just the website?
>
> On Jul 20, 4:20 pm, Abir  wrote:
>
> > Abraham: Thanks, but not sure I understand why the counter said 140
> > when i was inputting but the post count is 133?
>
> > On Jul 20, 3:11 pm, Abraham Williams <4bra...@gmail.com> wrote:
>
> > > If you look at the status you will find that it only posted at 133
> > > characters.
>
> > >http://twitter.com/ABIRB123/status/2745931292
> > > Abraham
>
> > > On Mon, Jul 20, 2009 at 16:36, Abir  wrote:
>
> > > > Guys:
>
> > > > Just posted this on Twitgoo.
>
> > > > -It let me post a 140 character
>
> > > > +
>
> > > > -The URL
>
> > > > it is an oryx antelope, it's just a stock image from my laptop's
> > > > repository. why do this? well i am testing!http://twitgoo.com/1ke92
>
> > > > Isn't the total limit 140 characters?  or are URL's not counted?  I am
> > > > developing a service to buy and sell things on Twitter and this would
> > > > be helpful to know.  Thanks
>
> > > --
> > > Abraham Williams | Community Evangelist |http://web608.org
> > > Hacker |http://abrah.am|http://twitter.com/abraham
> > > Project |http://fireeagle.labs.poseurtech.com
> > > This email is: [ ] blogable [x] ask first [ ] private.
> > > Sent from Madison, WI, United States

[twitter-dev] Re: encoding password

[Chad Etzel]

If you are POSTing the user/pass down to a script that uses curl to
get the information, you should urlencode the username and password
before you POST them then urldecode them once received by the curl'ing
script.

An & sign in a variable will screw up your POST variables if not
escaped/encoded before being POSTed to another script.

-Chad

On Tue, Jul 21, 2009 at 7:35 AM, RV wrote:
>
> Hi,
>
> I have been using the twitter api for 2 weeks now and everything seems
> to work, but i have 1 problem with a certain user to get his user
> feed. Í'm using curl to retrieve the data but im getting the following
> error:
>
> 
> 
>  /statuses/user_timeline.xml
>  This method requires authentication.
> 
>
> Out of the 25 twitter users im collecting data from this one is the
> only one that is giving me problem. I have checked if the supplied
> username + password are correct and they are. There is one thing
> though this user uses special character in his password (&-sign). I've
> tried urlencoding the password and using htmlentities, both resulting
> in the same error. Does anyone know a sollution to this problem?
>
> Best Regards,
> RV
>

[twitter-dev] Search API: since_id is now unreliable

[Chad Etzel]

Hi API Team,

A few of us have been discussing off list a funky behavior we have
been noticing and now users are starting to notice.

There is a problem for sites/apps like TweetGrid and TweetChat which
auto-refresh tweets based on the Search API using the since_id. People
are noticing that these sites are "missing tweets" when compared to
the search.twitter.com results page for the same query.

We believe what is happening is that the search servers are not
indexing tweets in a serial manner, and so a tweet with a higher id
may sneak into a search server and be indexed first before a tweet
with a lower id. This means that when the since_id is sent back from
the query (or derived from the first result in the results array),
using that since_id to refresh the query will miss lower id tweets
when they finally do get indexed. So the illusion of "missing tweets"
is created. You can run TweetGrid and TweetChat in separate tabs using
the same query and see that sometimes the results don't match up
because of this.

I'll try to give an example to be clear.

Let's say for the sake of simplicity that I'm searching for "twitter"
and that every 10th tweet in the public timeline matches. So, all
tweets ending in 0 match my query.

Search server 1 may index:

20
30
40
60
70

(notice missing 50)

At the same time, Search server 2 may index:

20
30
40
50

(notice hasn't indexed 60 or 70 yet)

I send a query and get a response from Server 1 and get a since_id of
70.  On my next request I use that since_id=70 and I'll never see
tweet 50.  Thus the "missing tweets".

This is quite annoying, especially now that users are noticing and
complaining to us (the app devs) that are apps are broken.

I cannot think of a good work around for this that would be simple
enough to implement and be worth the effort.

Is this behavior something anyone else can confirm? Are tweets
supposed to be indexed/replicated serially by the search servers?

-Chad

[twitter-dev] Re: encoding password

[Alex Payne]

Basic Auth requires that the username and password are Base64 encoded,
concatenated together with a colon (":") between them. Be sure that
you're encoding the username and password without applying URL
encoding or HTML escaping. An ampersand ("&") will never occur in a
Base64 encoded string.

An example, in Ruby:

>> Base64.b64encode('bob:pass&word')
=> "Ym9iOnBhc3Mmd29yZA==\n"

On Tue, Jul 21, 2009 at 04:35, RV wrote:
>
> Hi,
>
> I have been using the twitter api for 2 weeks now and everything seems
> to work, but i have 1 problem with a certain user to get his user
> feed. Í'm using curl to retrieve the data but im getting the following
> error:
>
> 
> 
>  /statuses/user_timeline.xml
>  This method requires authentication.
> 
>
> Out of the 25 twitter users im collecting data from this one is the
> only one that is giving me problem. I have checked if the supplied
> username + password are correct and they are. There is one thing
> though this user uses special character in his password (&-sign). I've
> tried urlencoding the password and using htmlentities, both resulting
> in the same error. Does anyone know a sollution to this problem?
>
> Best Regards,
> RV
>



-- 
Alex Payne - Platform Lead, Twitter, Inc.
http://twitter.com/al3x

[twitter-dev] Re: using whitelisted account for getting multiple user statuses

[Alex Payne]

It's possible to apply whitelisted rate limits to authenticated
requests, whether the request is made with Basic Auth or OAuth. If the
requesting user is whitelisted, the higher rate limit will take
effect.

On Mon, Jul 20, 2009 at 23:38, BG wrote:
>
> My application retrieves status of multiple Twitter users. I have a
> whitelisted account for a username. The Twitter API documentation
> recommends that I use whitelisted IP Addresses to get the statuses.
> However, my IP addresses change pretty often, so I would like to know
> if it is possible to make more than 150 status requests using a
> whitelisted account (OAuth).
>
> If it isn't possible, what other options do I have?
>
> Thanks,
> BG
>



-- 
Alex Payne - Platform Lead, Twitter, Inc.
http://twitter.com/al3x

[twitter-dev] Re: Search API error {"error":"since_id too recent, poll less frequently"}

[matthew]

Chad,

Good to know.  Thanks for your help.

Matthew

On Jul 21, 2:13 pm, Chad Etzel  wrote:
> That usually happens when the search servers get out of sync and the
> since_id tweet hasn't been indexed on the other server(s) yet, so it
> thinks it's a tweet from the future.
> -Chad
>
>
>
> On Tue, Jul 21, 2009 at 12:38 PM, matthew wrote:
>
> > I am polling the Search API and intermittently receive the following
> > error:
>
> > {"error":"since_id too recent, poll less frequently"}
>
> > Is this to be expected or this something going wrong on the server
> > side?
>
> > Matthew Schrock

[twitter-dev] Re: tex

[Alex Payne]

Please see http://help.twitter.com/ for questions about using Twitter over SMS.

On Mon, Jul 20, 2009 at 20:07, canpaul wrote:
>
> i have a metroPCS cell phone i cant get your texes whats up with that.
>



-- 
Alex Payne - Platform Lead, Twitter, Inc.
http://twitter.com/al3x

[twitter-dev] Re: Search API error {"error":"since_id too recent, poll less frequently"}

[Chad Etzel]

That usually happens when the search servers get out of sync and the
since_id tweet hasn't been indexed on the other server(s) yet, so it
thinks it's a tweet from the future.
-Chad

On Tue, Jul 21, 2009 at 12:38 PM, matthew wrote:
>
> I am polling the Search API and intermittently receive the following
> error:
>
> {"error":"since_id too recent, poll less frequently"}
>
> Is this to be expected or this something going wrong on the server
> side?
>
> Matthew Schrock
>

[twitter-dev] Search API error {"error":"since_id too recent, poll less frequently"}

[matthew]

I am polling the Search API and intermittently receive the following
error:

{"error":"since_id too recent, poll less frequently"}

Is this to be expected or this something going wrong on the server
side?

Matthew Schrock

[twitter-dev] Search API error {"error":"since_id too recent, poll less frequently"}

[matthew]

I am polling the search API every 60 seconds and intermittently
receiving the following error:

{"error":"since_id too recent, poll less frequently"}

Is this behavior to be expected or is there some problem?

Matthew Schrock

[twitter-dev] Re: 140 character limit overridden for Twitgoo?

[Justin Hart]

Hi, what app were you using?  Just the website?

On Jul 20, 4:20 pm, Abir  wrote:
> Abraham: Thanks, but not sure I understand why the counter said 140
> when i was inputting but the post count is 133?
>
> On Jul 20, 3:11 pm, Abraham Williams <4bra...@gmail.com> wrote:
>
> > If you look at the status you will find that it only posted at 133
> > characters.
>
> >http://twitter.com/ABIRB123/status/2745931292
> > Abraham
>
> > On Mon, Jul 20, 2009 at 16:36, Abir  wrote:
>
> > > Guys:
>
> > > Just posted this on Twitgoo.
>
> > > -It let me post a 140 character
>
> > > +
>
> > > -The URL
>
> > > it is an oryx antelope, it's just a stock image from my laptop's
> > > repository. why do this? well i am testing!http://twitgoo.com/1ke92
>
> > > Isn't the total limit 140 characters?  or are URL's not counted?  I am
> > > developing a service to buy and sell things on Twitter and this would
> > > be helpful to know.  Thanks
>
> > --
> > Abraham Williams | Community Evangelist |http://web608.org
> > Hacker |http://abrah.am|http://twitter.com/abraham
> > Project |http://fireeagle.labs.poseurtech.com
> > This email is: [ ] blogable [x] ask first [ ] private.
> > Sent from Madison, WI, United States

[twitter-dev] Anyone got a Gears compatible cell phone?

[Nigel Cannings]

I'm trying to get Gears working with my cell phone to do one-click 
status updates of my location.  It works fine when I have GPS switched 
on, but should work from cell tower info, but doesn't - Can someone test 
it if they have a cell that does work?  Ignore all the other stuff, I'm 
just fiddling with proximate tweets and stuff


http://linkky.com/twitter.html

[twitter-dev] Re: json - user.following

[Stoned]

Thank you, that helped me alot :)

On 21 Jul., 16:01, Abraham Williams <4bra...@gmail.com> wrote:
> It was there to represent relationships between the user that the
> information is being returned about and the user authenticating to make the
> call.
> The information is known to be unreliable though and has been deprecated in
> favor ofhttp://apiwiki.twitter.com/Twitter-REST-API-Method:-friendships-exists
>
> Abraham

[twitter-dev] Re: json - user.following

[Abraham Williams]

It was there to represent relationships between the user that the
information is being returned about and the user authenticating to make the
call.
The information is known to be unreliable though and has been deprecated in
favor of
http://apiwiki.twitter.com/Twitter-REST-API-Method:-friendships-exists

Abraham

On Tue, Jul 21, 2009 at 08:55, Stoned  wrote:

>
> Hi,
>
> I am making a Twitter Mod for Garry's Mod (HL2 Modification).
> When checking out the Tweets which I receive with json I was wondering
> about this: http://gtweet.pastebin.com/m3b888a6
>
> As you can see, some Tweets have the entry user.following = true /
> false and some just don't have it.
>
> Can anyone explain this or tell what user.following was ment to be?
>
> Best Regards,
> Stoned
>



-- 
Abraham Williams | Community Evangelist | http://web608.org
Hacker | http://abrah.am | http://twitter.com/abraham
Project | http://fireeagle.labs.poseurtech.com
This email is: [ ] blogable [x] ask first [ ] private.
Sent from Madison, WI, United States

[twitter-dev] json - user.following

[Stoned]

Hi,

I am making a Twitter Mod for Garry's Mod (HL2 Modification).
When checking out the Tweets which I receive with json I was wondering
about this: http://gtweet.pastebin.com/m3b888a6

As you can see, some Tweets have the entry user.following = true /
false and some just don't have it.

Can anyone explain this or tell what user.following was ment to be?

Best Regards,
Stoned

[twitter-dev] Is it possible to create a webslice to see / update his Twitter status ?

[FremyCompany]

Hello,

I was wondering if it is possible to have a webslice in IE8 that would
allow us to see/modify our status on Twitter.

I think webslice is a good way to integrate Twitter into IE, and it's
pretty easy to implemented (you just need to add class="hslice" to an
element and provide an url where to read the slice.

Regards,
Fremy

[twitter-dev] encoding password

[RV]

Hi,

I have been using the twitter api for 2 weeks now and everything seems
to work, but i have 1 problem with a certain user to get his user
feed. Í'm using curl to retrieve the data but im getting the following
error:



  /statuses/user_timeline.xml
  This method requires authentication.


Out of the 25 twitter users im collecting data from this one is the
only one that is giving me problem. I have checked if the supplied
username + password are correct and they are. There is one thing
though this user uses special character in his password (&-sign). I've
tried urlencoding the password and using htmlentities, both resulting
in the same error. Does anyone know a sollution to this problem?

Best Regards,
RV

[twitter-dev] Re: Is the rate limiting on IP or User a/c

[victor castleton]

Thank you Chris. It did worked. Victor J. C.

-Original Message-
From: twitter-development-talk@googlegroups.com
[mailto:twitter-development-t...@googlegroups.com] On Behalf Of Chris
Thomson
Sent: Thursday, July 16, 2009 2:27 AM
To: twitter-development-talk@googlegroups.com
Subject: [twitter-dev] Re: Is the rate limiting on IP or User a/c


Victor, email twitter-development-talk+unsubscr...@googlegroups.com to  
unsubscribe.

--
Chris Thomson

On 2009-07-16, at 2:15 AM, victor castleton   
wrote:

>
> Hello All, can anybody tell how  to stop me  unwanted mail from  
> coming, I am
> getting hundreds of mails and I cannot find the way to stop them.  
> Thanks VJC

[twitter-dev] Re: Is it possible to control the source name

[victor castleton]

Thank you for the info; @ any rate is has slow down considerably, it seems
to be manageable for the time being. VJC

-Original Message-
From: twitter-development-talk@googlegroups.com
[mailto:twitter-development-t...@googlegroups.com] On Behalf Of victor
castleton
Sent: Wednesday, July 15, 2009 10:11 PM
To: twitter-development-talk@googlegroups.com
Subject: [twitter-dev] Re: Is it possible to control the source name


Hi, how do I  cut myself out of this group, or better yet control or change
the type of mail that I am getting? Can you help? 
Sincerely, Victor

-Original Message-
From: twitter-development-talk@googlegroups.com
[mailto:twitter-development-t...@googlegroups.com] On Behalf Of
AccountingSoftwareGuy
Sent: Wednesday, July 15, 2009 7:46 PM
To: Twitter Development Talk
Subject: [twitter-dev] Is it possible to control the source name


Hi I am using the new oAuth method for communicating with the Twitter
API.  It appears the default behavior is to include the application
name as the source of a post.  For instance...

[date/time] from DynamicTweets

This is fine in most cases but in certain cases we want to make a post
look like it came from the web and not display our application name...
[date/time] from web

Is this possible, I've looked through many threads and I can't seem to
find a way to do this and the "source=" parameter doesn't seem to work.

[twitter-dev] Re: How to use Sign-in-with-Twitter in Web App with username and password ?

[Paul Kinlan]

Hi,
The numeric user id is part of the access token (I believe it is the first
part), however, on twollo.com I immediately call verify_credentials.json to
get the account details of the authenticating user.

Paul

2009/7/21 CG 

>
> Hi all,
>  Sorry for a newbie question again but I am a bit confuse with the
> Sign-in-with-Twitter feature ..
>
> I came across some Twitter app , which let user key in their twitter
> account and password , then authenticate the user via API call .
>
> I came across also Sign-in-with-Twitter feature in Twitter developer
> wiki which redirect user to https://www.twitter.com/oauth/authenticate
>
>
> My question is , how should I code my web app home page  ?
>
> Can I use the following logic ?
>
> When user access the app home page
> 1. Getting a request token with cusumer key and secret,  redirect to
> https://www.twitter.com/oauth/authenticate with passing in oauth_token
> .
>
> 2. User will be redirected to appropriate page by twitter based on the
> flow in http://apiwiki.twitter.com/Sign-in-with-Twitter
>
> 3. After authenticated, twitter will redirect user to the callback
> URL.  (At this point , how do I get the user id ? call the
> verify_credential ?)
>
>
> With the above logic, user will be key in username and password at
> twitter page, what about I would like to user to input username and
> password at the page that I customize ?
>
> Sorry for a long question but I really need some help , any hints is
> much appreciated ..
>
> Rgds,
>   CG
>

[twitter-dev] How to use Sign-in-with-Twitter in Web App with username and password ?

[CG]

Hi all,
  Sorry for a newbie question again but I am a bit confuse with the
Sign-in-with-Twitter feature ..

I came across some Twitter app , which let user key in their twitter
account and password , then authenticate the user via API call .

I came across also Sign-in-with-Twitter feature in Twitter developer
wiki which redirect user to https://www.twitter.com/oauth/authenticate


My question is , how should I code my web app home page  ?

Can I use the following logic ?

When user access the app home page
1. Getting a request token with cusumer key and secret,  redirect to
https://www.twitter.com/oauth/authenticate with passing in oauth_token
.

2. User will be redirected to appropriate page by twitter based on the
flow in http://apiwiki.twitter.com/Sign-in-with-Twitter

3. After authenticated, twitter will redirect user to the callback
URL.  (At this point , how do I get the user id ? call the
verify_credential ?)


With the above logic, user will be key in username and password at
twitter page, what about I would like to user to input username and
password at the page that I customize ?

Sorry for a long question but I really need some help , any hints is
much appreciated ..

Rgds,
  CG

[twitter-dev] Re: Keep getting suspended

[sjespers]

Thanks. So I was able to verify that my server is whitelisted.
However, is 2 API calls enough for a "proxy"?
Let me explain. I'm building a Twitter client in Flash Lite. Flash
Lite currently only supports ActionScript2. Because there is no AS2
Twitter API, I'm using a server side API proxy. So, the Flash Lite app
connects to mtwit.net > mtwit.net connects to Twitter.com > mtwit
returns XML data to my app.

In theory, a limit of 2 means I can only support 133 concurrent
users (if they all leave the app running for an hour).

Thanks,
Serge


On Jul 21, 9:39 am, Doug Williams  wrote:
> Serge,
> You can always verify the whitelisted status of your IP or user
> through a call to account/rate_limit_status. For instance, here are my
> results:
>
> doug$ curl -u dougw:PASSWORDhttp://twitter.com/account/rate_limit_status.xml
> 
> 
>   2009-07-21T08:29:35+00:00
>   19995
>   2
>   1248164975
> 
>
> Notice the hourly rate limit of 2 indiciating my account is
> whitelisted. Removing the authentication will give me the results for
> my IP address:
>
> doug$ curlhttp://twitter.com/account/rate_limit_status.xml version="1.0" encoding="UTF-8"?>
> 
>   2009-07-21T08:27:45+00:00
>   148
>   150
>   1248164865
> 
>
> The hourly limit here is 150 indiciating my IP is not whitelisted.
>
> For completeness, our rate limiting article is here [1]. Again,
> whitelisting does not ensure your users will not get suspended.
> Whitelisting only affects rate limits.
>
> 1.http://apiwiki.twitter.com/Rate-limiting
>
> Thanks,
> Doug
>
> --
> Do you follow me?http://twitter.com/dougw
>
>
>
> On Tue, Jul 21, 2009 at 12:29 AM, sjespers wrote:
>
> > Thanks for looking in to this and for unsuspending my account.
> > Did you also confirm that the server I am working from is whitelisted?
> > How can I make sure that it is? If it's not, then I won't be able to
> > release my application because everyone will get suspended who uses it
> > then?
>
> > Thanks,
> > Serge
>
> > On Jul 20, 11:11 pm, Doug Williams  wrote:
> >> Serge,
> >> Looking at the account I'm not quite sure why it was suspended. The
> >> records are inconclusive. I've unsuspended the account.
>
> >> For posterity's sake I'll repeat that whitelisting will not protect
> >> you from suspension. Whitelisting raises select REST API limits.
>
> >> Thanks,
> >> Doug

[twitter-dev] Re: Keep getting suspended

[Doug Williams]

Serge,
You can always verify the whitelisted status of your IP or user
through a call to account/rate_limit_status. For instance, here are my
results:

doug$ curl -u dougw:PASSWORD http://twitter.com/account/rate_limit_status.xml


  2009-07-21T08:29:35+00:00
  19995
  2
  1248164975


Notice the hourly rate limit of 2 indiciating my account is
whitelisted. Removing the authentication will give me the results for
my IP address:

doug$ curl http://twitter.com/account/rate_limit_status.xml

  2009-07-21T08:27:45+00:00
  148
  150
  1248164865


The hourly limit here is 150 indiciating my IP is not whitelisted.

For completeness, our rate limiting article is here [1]. Again,
whitelisting does not ensure your users will not get suspended.
Whitelisting only affects rate limits.

1. http://apiwiki.twitter.com/Rate-limiting

Thanks,
Doug


--
Do you follow me? http://twitter.com/dougw




On Tue, Jul 21, 2009 at 12:29 AM, sjespers wrote:
>
> Thanks for looking in to this and for unsuspending my account.
> Did you also confirm that the server I am working from is whitelisted?
> How can I make sure that it is? If it's not, then I won't be able to
> release my application because everyone will get suspended who uses it
> then?
>
> Thanks,
> Serge
>
> On Jul 20, 11:11 pm, Doug Williams  wrote:
>> Serge,
>> Looking at the account I'm not quite sure why it was suspended. The
>> records are inconclusive. I've unsuspended the account.
>>
>> For posterity's sake I'll repeat that whitelisting will not protect
>> you from suspension. Whitelisting raises select REST API limits.
>>
>> Thanks,
>> Doug
>>
>

[twitter-dev] Re: Keep getting suspended

[sjespers]

Thanks for looking in to this and for unsuspending my account.
Did you also confirm that the server I am working from is whitelisted?
How can I make sure that it is? If it's not, then I won't be able to
release my application because everyone will get suspended who uses it
then?

Thanks,
Serge

On Jul 20, 11:11 pm, Doug Williams  wrote:
> Serge,
> Looking at the account I'm not quite sure why it was suspended. The
> records are inconclusive. I've unsuspended the account.
>
> For posterity's sake I'll repeat that whitelisting will not protect
> you from suspension. Whitelisting raises select REST API limits.
>
> Thanks,
> Doug
>

[twitter-dev] Re: Newbie to seek advice on the flow of a twitter app with OAuth

[CG]

you can use localhost ?  really ? just update the callback to
http://localhost/xxx ?


On Mon, Jul 20, 2009 at 6:06 PM, Andrew Badera wrote:
> On Mon, Jul 20, 2009 at 6:05 AM, CG  wrote:
>>
>> Please ignore my question, I already solve it.
>>
>> It seems like it required a 'real' callback URL to accomplish the
>> authentication.
>>
>> CG
>>
>
>
> What do you mean by "real"? I'm able to authenticate using a localhost
> address for testing.
>
>
> Thanks-
> - Andy Badera
> - and...@badera.us
> - Google me: http://www.google.com/search?q=andrew+badera
> - This email is: [ ] bloggable [x] ask first [ ] private
>
>
>