[twitter-dev] Re: oAuth still working for everyone.?
I am using this library on all my sites: https://github.com/jmathai/twitter-async, all of which are now broken and fail to let anyone log in. Any way this can be rolled back until all the various oAuth libraries people are using are brought up to date? Lee On Dec 2, 5:35 pm, Dave-twiends i...@davesumter.com wrote: Thanks Taylor, yip unfortunately I wrote my oauth code about 18 months ago, before most of the libraries were out, so there could be anything wrong. It's probably not 100% spec compliant, which is probably why it broke. I've tracked down the issue to the access_token exchange part of the process. The access token's that I have from before are still working, just can't get new ones. I've noticed I'm not passing oauth_verifier back in the request, which could be causing the issue.. Will let you guys know how I get on... Thanks for the pointers Dave On Dec 2, 9:57 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: We've corrected a number of long-standing OAuth-related bug fixes -- mainly in areas where we more liberal than we should have been when verifying signatures. Here are a few things to verify: * Verify that you are using your consumer key where the consumer key is supposed to go. Compare this to what you see for you app on dev.twitter.com * Likewise, verify that you are using your consumer secret where it is supposed to go. Compare this to what you see for you app on dev.twitter.com * Laugh at the obviousness and absurdity of a check like that. Cry a little because we already know some people were doing the wrong thing here, especially on end points that didn't require authentication. * Verify that your timestamps are in range * If you're sending a request to a resource that doesn't require authentication but you're including OAuth credentials: - we used to just give you a free pass even if the credentials were incorrect. Hey, it doesn't require auth, so why bother checking? - now we check this. if you pass us an OAuth header or anything that looks like an OAuth-based request, we will check it for validity, even if it's a resource that doesn't require auth. We haven't changed anything about our actual core signature validation code -- what was a valid signature before should be a valid one now. We're just checking the validity in more use cases than we were previously, and checking other validity points we were flexible with previously. Taylor On Thu, Dec 2, 2010 at 1:32 PM, Twitlonger stu...@abovetheinternet.orgwrote: I'm seeing a lot of invalid/expired token errors. On Dec 2, 9:21 pm, Dave-twiends i...@davesumter.com wrote: I noticed I've just started getting 401's for all my oAuth requests. Seems to be happening on more than one site for me.. My application keys and status still look good.. Just wondering if anyone else is having an issue..? -- Twitter developer documentation and resources:http://dev.twitter.com/doc API updates via Twitter:http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] Re: oAuth still working for everyone.?
The open source library I was using omitted oauth_verifier, which apparently was not required for oauth to work previously. Thanks to Dave Taylor for pointing this out. Lee On Dec 2, 6:09 pm, Dave-twiends i...@davesumter.com wrote: Thanks, I'm up again, looks like it was just oauth_verifier that I was missing... Phew.. I'll take some time this week to read the spec in detail and make sure I'm not missing anything else.. Thanks Dave On Dec 2, 10:59 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Folks, We're going to rollback a subset of these changes for now. Before we give this another try, we'll let everyone know the specific pain points and give some time to adjust to them. In the meantime, those who experienced trouble today will want to verify that their libraries are doing the right thing in regard to the bullet points I posted above. Also useful is making sure that you don't send additional headers related to basic auth in an OAuth request, that you're using the proper, versioned api-subdomain end points, etc. Dave: It's pretty crucial that you send an oauth_verifier on the access token step. It's not valid OAuth 1.0a without it. Sorry about the mess folks. We should never have let these bugs persist for so long. Taylor On Thu, Dec 2, 2010 at 2:45 PM, Tom van der Woerdt i...@tvdw.eu wrote: Waiting doesn't help solve the issue. The spec hasn't changed, the API is just a bit more watching for the mistakes which some developers tend to make. I'd recommend diving into the code and fixing the errors, instead of asking the Twitter API team to accept your broken OAuth implementations. :-) Tom On 12/2/10 11:42 PM, LeeS - @semel wrote: I am using this library on all my sites: https://github.com/jmathai/twitter-async, all of which are now broken and fail to let anyone log in. Any way this can be rolled back until all the various oAuth libraries people are using are brought up to date? Lee On Dec 2, 5:35 pm, Dave-twiendsi...@davesumter.com wrote: Thanks Taylor, yip unfortunately I wrote my oauth code about 18 months ago, before most of the libraries were out, so there could be anything wrong. It's probably not 100% spec compliant, which is probably why it broke. I've tracked down the issue to the access_token exchange part of the process. The access token's that I have from before are still working, just can't get new ones. I've noticed I'm not passing oauth_verifier back in the request, which could be causing the issue.. Will let you guys know how I get on... Thanks for the pointers Dave On Dec 2, 9:57 pm, Taylor Singletarytaylorsinglet...@twitter.com wrote: We've corrected a number of long-standing OAuth-related bug fixes -- mainly in areas where we more liberal than we should have been when verifying signatures. Here are a few things to verify: * Verify that you are using your consumer key where the consumer key is supposed to go. Compare this to what you see for you app on dev.twitter.com * Likewise, verify that you are using your consumer secret where it is supposed to go. Compare this to what you see for you app on dev.twitter.com * Laugh at the obviousness and absurdity of a check like that. Cry a little because we already know some people were doing the wrong thing here, especially on end points that didn't require authentication. * Verify that your timestamps are in range * If you're sending a request to a resource that doesn't require authentication but you're including OAuth credentials: - we used to just give you a free pass even if the credentials were incorrect. Hey, it doesn't require auth, so why bother checking? - now we check this. if you pass us an OAuth header or anything that looks like an OAuth-based request, we will check it for validity, even if it's a resource that doesn't require auth. We haven't changed anything about our actual core signature validation code -- what was a valid signature before should be a valid one now. We're just checking the validity in more use cases than we were previously, and checking other validity points we were flexible with previously. Taylor On Thu, Dec 2, 2010 at 1:32 PM, Twitlongerstu...@abovetheinternet.org wrote: I'm seeing a lot of invalid/expired token errors. On Dec 2, 9:21 pm, Dave-twiendsi...@davesumter.com wrote: I noticed I've just started getting 401's for all my oAuth requests. Seems to be happening on more than one site for me.. My application keys and status still look good.. Just wondering if anyone else is having an issue..? -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter:http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api
[twitter-dev] @anywhere fails if ShareThis on the page?
I get this Javascript error when trying to use @anywhere on the same page as a ShareThis widget. Error: Permission denied for [name of my site[ to get property Window.document from http://wd.sharethis.com. Source File: http://platform.twitter.com/anywhere.js?id=[my api key]v=1 Line: 1
[twitter-dev] Cannot create list with a specific slug, even if that slug doesn't exist in the account
In my account, there's no list named 'design': http://twitter.com/shortyawards/design results in a 404 page When I try to create one with that name, I get numbers appended to it: curl -u .. -dname=design http://api.twitter.comtyawards/lists.xml ?xml version=1.0 encoding=UTF-8? list id5397152/id namedesign/name full_name@shortyawards/design-21/full_name slugdesign-21/slug description/description subscriber_count0/subscriber_count Each time we call the API, a new list with the same slug 'design-21' is created. This happens for four specific lists in our account, but all the others are unaffected. Any ideas how to solve this problem? Lee
[twitter-dev] Undeletable list?
I seem to have created an undeletable list in one of my accounts (list id 4667928) I can't delete it via the API, and deleting the list via twitter.com also fails. Lee
[twitter-dev] Reminder: Twitter developer event tonight in SF
Link: http://realtimebooze.eventbrite.com/ The founders of Cotweet, Klout, Involver, Posterous, Twittorati, and Listimonkey will be there in addition to a few members of the Twitter API team. If you're building a business around the real time web or just tinkering with a few product ideas, please come. iPhones will be available for demoing your products. ps: This is the San Francisco event, there's one in NYC too on 12/10 http://realtimeboozenyc.eventbrite.com/
[twitter-dev] Re: Tons of 502s
Everything is down for me too. Twitter.com itself shows a fail whale. Lee
[twitter-dev] Re: Tons of 502s
I'm glad the fail whale is still around. I hadn't seen it in a while and was starting to miss it. Lee
[twitter-dev] Re: How to get the most followed users?
You've got to basically build your own database of users. That's what I did to create this page: http://listorious.com/top/followers Lee On Dec 6, 10:15 am, Abraham Williams 4bra...@gmail.com wrote: If you want the top 1000 by followers you could parsehttp://twitterholic.com/. On Sat, Dec 5, 2009 at 16:10, developar develo...@gmail.com wrote: Hi I was just trying to know how I can ge a list of the top twitter users who have most number of followers? there is no API to do that? Regards -- Abraham Williams | Community Evangelist |http://web608.org Hacker |http://abrah.am|http://twitter.com/abraham Project | Awesome Lists |http://twitterli.st This email is: [ ] blogable [x] ask first [ ] private. Sent from Madison, WI, United States
[twitter-dev] Real Time Twitter Booze -- SF 12/7, NY 12/10
Hi all, We're the cofounders of Sawhorse Media, which created Listorious, Shorty Awards, Muck Rack, Venture Maven. We're anxious to meet more folks doing Twitter development so we're getting a few together for drinks. If you're building a business around the real time web or just tinkering with a few product ideas, please come. SF - 12/7 http://realtimebooze.eventbrite.com/ NY - 12/10 http://realtimeboozenyc.eventbrite.com/ iPhones will be available for demoing your products. See you there! @semel @gregory
[twitter-dev] Lists API call not working?
I'm trying to use this call from the documentation, which previously worked - now it doesn't: http://api.twitter.com/1/twitterapidocs/lists.xml I get redirected to http://api.twitter.com/lists/not_yet This seems to affect other API calls I've tried as well. Lee
[twitter-dev] Re: Lists API call not working?
Makes sense. I hadn't found out about lists being turned off. Lee On Nov 30, 5:20 pm, Rich rhyl...@gmail.com wrote: Yep it affects the APIhttp://status.twitter.com/post/263867698/responding-to-high-error-rat... On Nov 30, 9:54 pm, Tim Haines tmhai...@gmail.com wrote: They've turned off lists on twitter.com at the moment. I'd expect this would cause the API to stop working too.. On Tue, Dec 1, 2009 at 10:36 AM, LeeS - @semel lse...@gmail.com wrote: I'm trying to use this call from the documentation, which previously worked - now it doesn't: http://api.twitter.com/1/twitterapidocs/lists.xml I get redirected tohttp://api.twitter.com/lists/not_yet This seems to affect other API calls I've tried as well. Lee
[twitter-dev] Authorizing users for my app's API
Here's the situation: My app lets users OAuth via Twitter as their login. Simple and standard. Now, I've created an API for my app. I want other apps, say Twitter clients, to be able to use my app, as if they are one of my app's users. What's the best way to let the user authorize that app to use my app? Do I have to implement OAuth myself, and then have the user OAuth twice, once into my app and once into Twitter via my app to let my app access Twitter? That's a lot of screens for the user to go through. I'm curious how you'd handle this, and if there's a simpler solution. Lee
[twitter-dev] Turning a list's status timeline into an JS/Ajax widget
Does calling the status timeline ( '/:users/lists/:list_slug/ statuses.:format') for a list count against rate limit? What I'm thinking of is doing an Ajax widget that auto updates with new tweets from a list every few seconds, such as the Search widget Twitter provides: http://twitter.com/goodies/widget_search If the status API request is rate limited this would obviously not work as you'd run out of requests within a few moments. Is there any other better way to turn a list's statuses into a widget? Lee
[twitter-dev] Re: Updates to the List API (list descriptions, cursoring lists of lists, finding by list id rather than slug more consistent names)
Does calling the status timeline for a list count against rate limit? What I'm thinking of is doing an Ajax widget that auto updates with new tweets from a list every few seconds, similar to how many people use the Search API to do this by hashtag. If the status API request is rate limited this would obviously not work.
[twitter-dev] List API: Rules for converting list name - list slug
Anyone have the rules for converting the user-entered name of the list into the list slug? This would save our app an API call when creating new lists. Lee
