[twitter-dev] Re: Handling the OAuth flow when the user clicks Deny / Decline
Glad that you are finally getting around to this. I posted it April 10th http://groups.google.com/group/twitter-development-talk/browse_thread/thread/960612fbcb8059de/5c2231ff33cff9e6?lnk=gst&q=revoke#5c2231ff33cff9e6 On May 6, 10:28 am, jmathai wrote: > That would work. So would something a a bit simpler. > > I am not sure I see the need for the username to be passed back. > Seems like that could easily be done by the site. Also unsure as to > why the special key is needed if it's always just returned as a > parameter. > > Is this something that can be specified in the OAuth specs? Would be > nice to have a standard way to handle this very valid OAuth flow. > > On May 5, 10:36 am, Doug Williams wrote: > > > I'm trying to decide if this could easily be part of [1]? Any objections for > > these to be one in the same? > > > 1.http://code.google.com/p/twitter-api/issues/detail?id=545 > > > Thanks, > > Doug > > -- > > > Doug Williams > > Twitter Platform Supporthttp://twitter.com/dougw > > > On Tue, May 5, 2009 at 8:27 AM, jmathai wrote: > > > > When the user clicks decline the flow is abruptly disrupted. I didn't > > > see anything in the OAuth spec that specifies how a "decline" is > > > handled. > > > > It would be nice if there was a "decline" url that the application > > > could specify which the user is redirected to.
[twitter-dev] Re: Oauth application directory
You can my new site to the list. http://mobatalk.com Mobatalk is a Conversation Studio, think of it as the multimedia add- on for Twitter. There are more features in the works, but you can go check it out already. Michael On Apr 11, 4:28 pm, Petermdenton wrote: > Actually if everyone is open to it , I was working on a site to > showcase developers and apps, more for devs than consumers. Would > anyone want such a thing? > > On Apr 11, 2009, at 1:22 PM, Abraham Williams <4bra...@gmail.com> wrote: > > > You can always start an unofficial one onhttp://twitter.pbwiki.com > > > On Sat, Apr 11, 2009 at 13:56, Alex Payne wrote: > > > Not yet, but soon! > > > On Sat, Apr 11, 2009 at 07:17, Alberto Bajo > > wrote: > > > > Hi guys, > > > > Is there any list or directory with applications implementing OAuth? > > > > Thanks :) > > > > -- > > > Alberto Bajo > > > alber...@ideateca.com > > >http://filesocial.com > > > -- > > Alex Payne - API Lead, Twitter, Inc. > >http://twitter.com/al3x > > > -- > > Abraham Williams |http://the.hackerconundrum.com > > Hacker |http://abrah.am|http://twitter.com/abraham > > Web608 | Community Evangelist |http://web608.org > > This email is: [ ] blogable [x] ask first [ ] private. > > Sent from Madison, Wisconsin, United States
[twitter-dev] Re: Trending Topics
Oh thanks Matt, but as you can see I have already removed snarky - I though about it some more and figured that it wasn't any of my business. You guys are doing a good job, I should keep the snarkiness to a low roar, and only when needed. Thanks for the information. By the way, I'm about ready to turn on a huge app, add some antifreeze to your servers, they're gonna get hot. On Apr 30, 9:50 am, Matt Sanford wrote: > Hi there, > > It looks like there was a problem with that portion of the site > causing 500s for everyone with the new sidebar (a small percentage or > users). To let those people at least use the site the feature was > disabled until it can be fixed. That seem reasonable but I'm not sure > why the person turning it off didn't update status.twitter.com. My > guess is that it was overlooked rather than actively decided against. > I'll figure out who turned off the feature today and pass along the > snarky comments. > > Thanks; > — Matt Sanford / @mzsanford > > On Apr 30, 2009, at 6:57 AM, Mobasoft wrote: > > > > > See guys, there you go again. > > > The Trending Topics is no longer in the sidebar, there's nothing on > > the Twitter Status blog about it. > > Do a search for "Trending" and you'll notice that we are all wondering > > what's going on. > > > Do we need to have a refresher course in Transparency 101 ? > > > What gives? > >
[twitter-dev] Trending Topics
See guys, there you go again. The Trending Topics is no longer in the sidebar, there's nothing on the Twitter Status blog about it. Do a search for "Trending" and you'll notice that we are all wondering what's going on. Do we need to have a refresher course in Transparency 101 ? What gives?
[twitter-dev] Re: Twitter's official comment on our disabling of OAuth
@mzsanford Thanks Matt, no matter what all these other Yahoo's are saying about you, it's appreciated! (j/k to all you Yahoo's) ;^) -Michael p.s. Is OAuth back on yet? I'd hate to see it start getting the nickname of NOAuth. On Apr 23, 1:43 pm, Chad Etzel wrote: > On Thu, Apr 23, 2009 at 2:35 PM, Dossy Shiobara wrote: > > > On 4/23/09 11:33 AM, Chad Etzel wrote: > > >> On Thu, Apr 23, 2009 at 11:19 AM, Dossy Shiobara > >> wrote: > > >>> An attacker can't get in the middle of an > >>> application communicating to Twitter using HTTP Basic Auth. > > >> WRONG. Anyone doing any sort of packet sniffing could easily get > >> user/pass combos at will. Wireless promiscuous mode + WireShark = > >> instant account hacking. This, of course, holds true only for http > >> transactions (and not https transactions), but there are a good number > >> of clients/apps that don't use the https endpoints. > > > Packet sniffing as an attack vector is significantly more difficult to > > achieve than the OAuth attack is. Defend against the more likely threats > > before worrying about the less likely ones. > > I wholeheartedly disagree. Sit in a tech conference room with a > laptop and sniff away at least a hundred accounts in under 5 minutes. > I'm not saying I've done it, but I'm not saying I haven't, either > > > > >> Man in the middle attacks are certainly possible with Basic Auth as > >> well. They just eat the original request, steal the user/pass combo, > >> and do whatever they want with it. > > > This is a standard phishing attack, and standard advice for anti-phishing > > applies here. > > No, phishing != man-in-the-middle. If I hack a router to intercept > all traffic headed toward twitter.com and then grok out the > credentials, this is has nothing to do with social engineering or > phishing... I've just screwed your account, and you have no idea how. > > Obviously there are attack vectors with both methods, but I contend > that Basic Auth is much much much easier to attack than OAuth (even in > its current state, and even moreso when it is upgraded/patched to deal > with this new vector). > > -Chad
[twitter-dev] Re: Anyone updating email address from API?
Well, the criteria for email should be looked at either way. "email. Optional. Maximum of 40 characters. Must be a valid email address." alexander.h.wann...@mobility.domainisnothere.org (48 characters and could easily be valid) On Apr 23, 12:23 pm, Abraham Williams <4bra...@gmail.com> wrote: > Are there many apps using the email parameter for update_profile? being able > to change the email associated with an account seems to defeat some of the > purpose of using OAuth. > > http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-account%C2%A0up... > > Abraham > > -- > Abraham Williams |http://the.hackerconundrum.com > Hacker |http://abrah.am|http://twitter.com/abraham > Web608 | Community Evangelist |http://web608.org > This email is: [ ] blogable [x] ask first [ ] private. > Sent from Madison, Wisconsin, United States
[twitter-dev] Re: Twitter's official comment on our disabling of OAuth
Please don't let this slow down Twitter's turning it back on. Just let everyone set it in the application and be done with it. If they want a different callback url, then simply create a MyApp_Test app and put in a different application return url. 100% working sure in the hell beats 0% implemented while we try to make it dynamic for a small percentage of applications/people. Thanks for taking my $0.02 On Apr 23, 10:57 am, Matt Sanford wrote: > Hi Michael, > > We've been discussing that in the group of people dealing with > the security issue. It seems like AuthSub tried that route and found > it to be very problematic. More often than not people went with open > redirectors to make it easy, and therefor bypassed all security. We're > working on a way to allow it to be dynamic, but make sure it is signed > so we don't have to keep it this way. This involves sending it when > you get the request token, and then making sure you know what you sent > when you get the access token. Once we have a working version in the > wild for people to try I'll give a more detailed description. > > Thanks; > – Matt Sanford / @mzsanford > Twitter API Developer > > On Apr 23, 2009, at 08:47 AM, Michael Ivey wrote: > > > It would be nice to be able to set multiple allowed callbacks, if > > this is the case, and specify which one to use in the request. I use > > the callback on my dev environment so I don't have to maintain two > > applications. (Also, the URL verification on callbacks doesn't > > support port numbers, but that's a secondary issue) > > > -- ivey > > > On Thu, Apr 23, 2009 at 10:37 AM, Mobasoft wrote: > > > Good news, the oauth_callback parameter should /always/ be set in the > > application imho. > > Looking forward to your "flip the switch" celebrations today. > > > On Apr 23, 9:59 am, Matt Sanford wrote: > > > Hi all, > > > > We had to wait for the midnight deadline before giving too many > > > details because we're taking a slightly more active approach. The > > code > > > for these changes was scheduled to go out yesterday but there was a > > > problem with some unrelated changes and the whole thing was rolled > > > back. I'm hoping to get it out early today as an emergency deploy. > > If > > > anyone has missed it, Eran posted a good explanation [1] for people > > > not digging the security advisory wording. > > > While I'm still working to get the changes out here is what you > > > can expect: > > > > 1. The lifetime of a Request Token is now much, much shorter. This > > new > > > time limit should be long enough for a person to complete the flow, > > > but short enough that it cuts off attacks. > > > » Note this is for request tokens, not access tokens. > > > > 2. For the time being the oauth_callback parameter will be disabled > > > for both authentication and authorization. The user will be sent to > > > the application callback in both cases. > > > » I'm working with the other OAuth implementers on a way to > > bring > > > it back, and Eran mentions it a bit at the end of his post [1]. We > > > want to make sure it works correctly before launching it so you > > don't > > > end up spending time to implement something we then have to turn > > off. > > > > As for questions about the severity of Twitter's initial > > response > > > I think you'll find Yahoo! [2] has done the same. From the OAuth > > > response mails I can assure you there were others as well but since > > > they have no public mention of it I'll let them go unmolested. It > > > wasn't just Twitter, that was just the only place you were > > looking :) > > > > Thanks; > > > — Matt Sanford, "of Alex and Doug fame" > > > > [1] -http://www.hueniverse.com/hueniverse/2009/04/explaining-the-oauth-ses > > ... > > > [2] -http://developer.yahoo.net/blog/archives/2009/04/oauth_update.html > > > > On Apr 23, 2009, at 06:25 AM, mikehar wrote: > > > > > Totally agree with Pierre. I think we all understand the security > > > > issue. Why was twitter's approach so much more severe than other > > > > services? Why not just a warning on login? Can Doug or Alex shed > > some > > > > light on this? > > > > > wrt the ETA, can we get an update? One blog post said yesterday, > > the > > > >
[twitter-dev] Re: Get Twitter users list(by screenname)
Well, it's easy to get, just start with TwitterID 1001 and increment by 1 On Apr 23, 10:38 am, Nick Arnett wrote: > On Thu, Apr 23, 2009 at 6:34 AM, kkp <33spa...@gmail.com> wrote: > > > How can we get the twitter users list?. > > Sounds like you're asking for a list of all Twitter users, which is not > available. And if it were, I doubt any client would want to download and > store it. > > Nick
[twitter-dev] Re: Twitter's official comment on our disabling of OAuth
Good news, the oauth_callback parameter should /always/ be set in the application imho. Looking forward to your "flip the switch" celebrations today. On Apr 23, 9:59 am, Matt Sanford wrote: > Hi all, > > We had to wait for the midnight deadline before giving too many > details because we're taking a slightly more active approach. The code > for these changes was scheduled to go out yesterday but there was a > problem with some unrelated changes and the whole thing was rolled > back. I'm hoping to get it out early today as an emergency deploy. If > anyone has missed it, Eran posted a good explanation [1] for people > not digging the security advisory wording. > While I'm still working to get the changes out here is what you > can expect: > > 1. The lifetime of a Request Token is now much, much shorter. This new > time limit should be long enough for a person to complete the flow, > but short enough that it cuts off attacks. > » Note this is for request tokens, not access tokens. > > 2. For the time being the oauth_callback parameter will be disabled > for both authentication and authorization. The user will be sent to > the application callback in both cases. > » I'm working with the other OAuth implementers on a way to bring > it back, and Eran mentions it a bit at the end of his post [1]. We > want to make sure it works correctly before launching it so you don't > end up spending time to implement something we then have to turn off. > > As for questions about the severity of Twitter's initial response > I think you'll find Yahoo! [2] has done the same. From the OAuth > response mails I can assure you there were others as well but since > they have no public mention of it I'll let them go unmolested. It > wasn't just Twitter, that was just the only place you were looking :) > > Thanks; > — Matt Sanford, "of Alex and Doug fame" > > [1] -http://www.hueniverse.com/hueniverse/2009/04/explaining-the-oauth-ses... > [2] -http://developer.yahoo.net/blog/archives/2009/04/oauth_update.html > > On Apr 23, 2009, at 06:25 AM, mikehar wrote: > > > > > Totally agree with Pierre. I think we all understand the security > > issue. Why was twitter's approach so much more severe than other > > services? Why not just a warning on login? Can Doug or Alex shed some > > light on this? > > > wrt the ETA, can we get an update? One blog post said yesterday, the > > posting on this site says today. > > > Also, I'm a little taken aback by the "it's beta" rationalization for > > the massive disruption in service. It's one thing to mark it as public > > beta, it's another thing entirely to define 'beta' belatedly as "not > > suitable for production use". Does that mean we get an SLA on the non- > > beta APIs? > > > On Apr 23, 1:44 am, twitscoop wrote: > >> Hi guys, is there an ETA for it to be restored ? It seems Oauth's > >> recommended approach is to simply add a warning notice on > >> authorization until this is fixed (this is what Google did). Anyways, > >> even with this security flow, oauth is safer than providing twitter > >> credentials to third parties... > > >> Thanks! > >> Pierre > > >> On Apr 23, 7:30 am, Doug Williams wrote: > > >>> Bill, > >>> The majority of our developers find OAuth sufficient because they > >>> are > >>> writing a Web applications. We are pleased that the deprecation of > >>> the > >>> source parameter lowered our support load and continues to drive > >>> adoption of > >>> our preferred authentication scheme. > > >>> There are of course other cases where developers find the current > >>> implementation's beta status or browser requirement concerning. I > >>> have yet > >>> to reject a source parameter request that provides a valid argument > >>> explaining why OAuth does not meet the application's needs. > > >>> Thanks, > >>> Doug Williams > >>> Twitter API Supporthttp://twitter.com/dougw > > >>> On Wed, Apr 22, 2009 at 6:50 PM, Bill Robertson > >>> wrote: > > I respectfully disagree. (I would colorfully disagree, but you > seem > pretty beat up right now and you don't deserve any guff) I think > developers of smaller apps see that little tag-line as a good > source > of advertising, and it seems inaccessible now if you're new (right? > wrong?). You can only get it if you use OAuth, but OAuth is now > disabled? > > Anyway, just my $0.02. Prioritize it like everything else you > need to > do (i.e. it's the 37th #1 thing on your list.) > > Good luck. > > On Apr 22, 7:58 pm, Alex Payne wrote: > > We don't consider source registration a "key feature". It's an > > incentive we provide to our developers. We wanted to encourage new > > developers to look into OAuth. It won't be in beta forever, > > after all. > > > We have to balance the reality of testing a new technology in our > > stack with encouraging that technology's adoption.
[twitter-dev] OAuth API
When is authentication going to be restored? Also, after reading "The Consumer will need this new extra parameter to exchange the Request Token for an Access Token, ensuring that the real user has to return to the application to complete the flow." what details can you provide about how Twitter is going to implement that? Instead of waiting around for you guys to patch it, the rest of us could be getting ready for when you turn it back on. Thanks in advance for your response.
[twitter-dev] Re: OAUTH Feature currently disabled
Doug, Patience is key here, I understand that, but it seems to me (and I'm sure to others) that what you had in place was working. If you are rolling out a new feature or something, fine, but do it on a test server while the rest of us can continue to develop our new apps and have our existing ones keep on working. By the way, since I'm here, I need Twitter's permission to adapt the terms of service (much like you did from Flickr). Thanks. Michael Developer http://twitter.com/mobasoft On Apr 22, 11:37 am, Doug Williams wrote: > Shannon, > More details to come. Thank you for your patience. > > Doug Williams > Twitter API Supporthttp://twitter.com/dougw > > On Wed, Apr 22, 2009 at 8:43 AM, Shannon Whitley > wrote: > > > > > Hi, Doug. I think we understand the part about "authenticate" being > > down, but oAuth isn't working at all right now. > > > On Apr 22, 8:33 am, Doug Williams wrote: > > > The feature was disabled over the weekend. It will hopefully be > > > restore within a day. That is all we can say at this time, but more > > > details will flow after restoration. We appreciate your patience. > > > > Doug > > > > On 4/22/09, Dossy Shiobara wrote: > > > > > On 4/22/09 11:15 AM, iematthew wrote: > > > >> If I'm not mistaken, OAuth is still in public Beta. Or did I miss the > > > >> memo? (wouldn't have been the first time). I doubt it is wise at this > > > >> point to push OAuth features live to the public. :) > > > > > You forgot to put the new cover page on your TPS report. > > > > > -- > > > > Dossy Shiobara | do...@panoptic.com |http://dossy.org/ > > > > Panoptic Computer Network |http://panoptic.com/ > > > > "He realized the fastest way to change is to laugh at your own > > > > folly -- then you can let go and quickly move on." (p. 70) > > > > -- > > > Sent from my mobile device > > > > Doug Williams > > > Twitter API Supporthttp://twitter.com/dougw
[twitter-dev] Re: OAUTH Feature currently disabled
Alright! That does it. I'm giving you one hour to restore the OAuth page. Then if you are not back online, I'll complain some more... lol, well, I'd better use this time to make some more coffee. On Apr 22, 9:54 am, Abraham Williams <4bra...@gmail.com> wrote: > On Wed, Apr 22, 2009 at 09:49, Chad Etzel wrote: > > > As per Doug's email yesterday, I'm playing the "Transparency" card. > > Maybe at least a little acknowledgment that you've turned off the > > switch for a lot of apps? > > Thanks, > > -Chad > > Can't have a carrot without a little stick can we? :-P > > > > > > > On Wed, Apr 22, 2009 at 9:55 AM, Hong Xiaowan > > wrote: > > > > Yes, in my side also stop work. Maybe I refresh so often. > > > > On Apr 22, 9:48 pm, tweetalkr wrote: > > >> I have found the same thing. Feature disabled message. Until it is > > >> enabled again no one on my site can access Twitter. I am beginning to > > >> not like OAuth. > > > >> On Apr 22, 6:31 am, gissmog wrote: > > > >> > Hello, > > > >> > is there a page where I can get the current status of the oauth > > >> > feature? > > >> > I justed started implementing the oauth feature and I'am not able to > > >> > continue ;-( > > > >> > How do the other developers behave in this situation? > > > >> > -- > > >> > gissmog > > -- > Abraham Williams |http://the.hackerconundrum.com > Hacker |http://abrah.am|http://twitter.com/abraham > Web608 | Community Evangelist |http://web608.org > This email is: [ ] blogable [x] ask first [ ] private. > Sent from Madison, Wisconsin, United States
[twitter-dev] Re: OAUTH Feature currently disabled
Picked a bad morning to launch a 3rd party Twitter service using OAuth - I hope that things are restored soon On Apr 22, 8:55 am, Abraham Williams <4bra...@gmail.com> wrote: > I believe this is an issue with using the recently oauth/authenticate > feature. If you use oauth/authorize until Twitter gets it enabled you should > be fine. > > > > On Wed, Apr 22, 2009 at 08:48, tweetalkr wrote: > > > I have found the same thing. Feature disabled message. Until it is > > enabled again no one on my site can access Twitter. I am beginning to > > not like OAuth. > > > On Apr 22, 6:31 am, gissmog wrote: > > > Hello, > > > > is there a page where I can get the current status of the oauth > > > feature? > > > I justed started implementing the oauth feature and I'am not able to > > > continue ;-( > > > > How do the other developers behave in this situation? > > > > -- > > > gissmog > > -- > Abraham Williams |http://the.hackerconundrum.com > Hacker |http://abrah.am|http://twitter.com/abraham > Web608 | Community Evangelist |http://web608.org > This email is: [ ] blogable [x] ask first [ ] private. > Sent from Madison, Wisconsin, United States
[twitter-dev] Re: Settings->Connections
Verified. Works for me. Thanks! On Apr 10, 6:44 pm, Matt Sanford wrote: > Hi there, > > A fix for this was deployed a few moments ago. > > Thanks; > — Matt Sanford > > On Apr 10, 2009, at 05:19 AM, Mobasoft wrote: > > > > > Friday morning report: still seeing 500 error on the connections tab > > in some accounts. > > > On Apr 8, 11:40 am, Doug Williams wrote: > >> There were a lot of system issues that could have caused the > >> robots. The > >> site should be much happier as the week goes on. Thanks for your > >> patience. > > >> Doug Williams > >> Twitter API Supporthttp://twitter.com/dougw > > >> On Wed, Apr 8, 2009 at 4:28 AM, Mobasoft wrote: > > >>> Checked again this morning - after seeing robots on the home page > >>> and > >>> now link to logout (UI flaw) I cleared browser cookies and tried > >>> again. Now I see the connections tab and the one authenticated > >>> application for that account. > > >>> On Apr 7, 5:11 pm, Mobasoft wrote: > >>>> I have another account, where I could not see the Connections > >>>> tab, but > >>>> was able to navigate to the url. > >>>> I've also just granted OAuth access to that account and I still > >>>> do not > >>>> see a Connections tab, and navigating to the connections url still > >>>> says, "No applications have been approved to use your account." > > >>>> I'll assume that it is a Twitter caching problem (which seems to > >>>> have > >>>> been a bigger overall problem lately). > > >>>> If it shows up anytime soon, I'll add another reply here. > > >>>> Michael > > >>>> On Apr 7, 4:56 pm, Mobasoft wrote: > > >>>>> Robots. > >>>>> "Something is technically wrong. > >>>>> Thanks for noticing—we're going to fix it up and have things > >>>>> back to > >>>>> normal soon." > > >>>>> On Apr 7, 4:53 pm, Doug Williams wrote: > > >>>>>> Michael, > >>>>>> All of the API development team read this forum so it's the best > >>> place for > >>>>>> issues like this. As Chad replied, the connections tab is > >>>>>> working for > >>> me as > >>>>>> expected. Can you go into more detail about what you are seeing > >>>>>> that > >>> seems > >>>>>> off? > > >>>>>> Doug Williams > >>>>>> Twitter API Supporthttp://twitter.com/dougw > > >>>>>> On Tue, Apr 7, 2009 at 2:43 PM, Chad Etzel > >>> wrote: > > >>>>>>> Working for me, and displaying all of the authorized apps I've > >>> used... > >>>>>>> -Chad > > >>>>>>> On Tue, Apr 7, 2009 at 5:41 PM, Mobasoft > >>> wrote: > > >>>>>>>> I understand that a lot of this OAuth development has been and > >>> out of > >>>>>>>> some flux lately, but is thathttps:// > >>> twitter.com/account/connections > >>>>>>>> link working for anyone? > > >>>>>>>> If there is a more prominent place to ask Twitter dev team > >>> directly, > >>>>>>>> please inform me. > > >>>>>>>> Thanks, > > >>>>>>>> Michael
[twitter-dev] OAuth Deny action should trigger a Revoke
I was just doing some implementation testing. Here's the scenario: Assumption: Visitor has previously authorized the application. 1) Visitor was in my app 2) Visitor clicks on link to authorize app with Twitter 3) Visitor lands on https://twitter.com/oauth/authorize 4) Visitor enters userid and p/w 5) Visitor clicks Deny 6) Visitor is now stuck over on Twitter The application authorization was not revoked, as it still appears in Twitters Authorized App list for visitor. My assumption would be that visitor would expect the application access to have been revoked when they clicked Deny instead of Allow. Since that is not the case, visitor must now log in to Twitter, navigate to Settings->Connections and then click again to Revoke access.
[twitter-dev] Re: Settings->Connections
Friday morning report: still seeing 500 error on the connections tab in some accounts. On Apr 8, 11:40 am, Doug Williams wrote: > There were a lot of system issues that could have caused the robots. The > site should be much happier as the week goes on. Thanks for your patience. > > Doug Williams > Twitter API Supporthttp://twitter.com/dougw > > On Wed, Apr 8, 2009 at 4:28 AM, Mobasoft wrote: > > > Checked again this morning - after seeing robots on the home page and > > now link to logout (UI flaw) I cleared browser cookies and tried > > again. Now I see the connections tab and the one authenticated > > application for that account. > > > On Apr 7, 5:11 pm, Mobasoft wrote: > > > I have another account, where I could not see the Connections tab, but > > > was able to navigate to the url. > > > I've also just granted OAuth access to that account and I still do not > > > see a Connections tab, and navigating to the connections url still > > > says, "No applications have been approved to use your account." > > > > I'll assume that it is a Twitter caching problem (which seems to have > > > been a bigger overall problem lately). > > > > If it shows up anytime soon, I'll add another reply here. > > > > Michael > > > > On Apr 7, 4:56 pm, Mobasoft wrote: > > > > > Robots. > > > > "Something is technically wrong. > > > > Thanks for noticing—we're going to fix it up and have things back to > > > > normal soon." > > > > > On Apr 7, 4:53 pm, Doug Williams wrote: > > > > > > Michael, > > > > > All of the API development team read this forum so it's the best > > place for > > > > > issues like this. As Chad replied, the connections tab is working for > > me as > > > > > expected. Can you go into more detail about what you are seeing that > > seems > > > > > off? > > > > > > Doug Williams > > > > > Twitter API Supporthttp://twitter.com/dougw > > > > > > On Tue, Apr 7, 2009 at 2:43 PM, Chad Etzel > > wrote: > > > > > > > Working for me, and displaying all of the authorized apps I've > > used... > > > > > > -Chad > > > > > > > On Tue, Apr 7, 2009 at 5:41 PM, Mobasoft > > wrote: > > > > > > > > I understand that a lot of this OAuth development has been and > > out of > > > > > > > some flux lately, but is thathttps:// > > twitter.com/account/connections > > > > > > > link working for anyone? > > > > > > > > If there is a more prominent place to ask Twitter dev team > > directly, > > > > > > > please inform me. > > > > > > > > Thanks, > > > > > > > > Michael
[twitter-dev] Re: how to put my own "source" instead of "web"
What was the problem/issue? On Apr 9, 2:19 pm, "K.A.Noorani" wrote: > Thanks everybody (except Andrew) for the support. I finally got my > source parameter working.
[twitter-dev] Re: oAuth - App Revoke User Access
IMHO, That is beyond the scope of OAuth. Your app should contain/maintain the logic for who is allowed in or in this case, kept out. It is foreseeable that having an OAuth API call to revoke your application from the user (on their behalf, if you had read/write access) could be a good thing to have. On Apr 9, 2:17 pm, Dossy Shiobara wrote: > On 4/9/09 3:14 PM, Peter Denton wrote: > > > An App should be able to revoke User access. > > Sure, just store a boolean in your app with the OAuth token as to > whether they're allowed to use your app or not. > > -- > Dossy Shiobara | do...@panoptic.com |http://dossy.org/ > Panoptic Computer Network |http://panoptic.com/ > "He realized the fastest way to change is to laugh at your own > folly -- then you can let go and quickly move on." (p. 70)
[twitter-dev] Re: oAuth Problems - 9:36AM EST
I too noticed some funky stuff this morning, but the authentication flow worked fine for me. What I did notice is that the verify_credentials.xml request is now forcing the use of GET (I had been using POST up until now). Are you certain that you are not re-using the same AccessToken? If you are, those should be denied as a new one should be generated for each new request for authorization. On Apr 9, 9:15 am, Abraham Williams <4bra...@gmail.com> wrote: > I just went through the authentication flow withhttp://twitter.abrah.amand > it worked fine. > > > > On Thu, Apr 9, 2009 at 09:11, Adam wrote: > > > I too am having problems with OAuth. > > > All of my keys have been de-authorized and I can't seem to re > > authenticate as well. > > > On Apr 9, 8:36 am, Jason Korkin wrote: > > > Woke up this AM and went to check on a few things on our site... found > > that > > > all of the oAuth keys had been de-authorized that we had saved in our > > > database. > > > > When I went to re-authorize, I got this error: > > > > Woah there! > > > This page is no longer valid. It looks like someone already used the > > token > > > information you provided. Please return to the site that sent you to this > > > page and try again … it was probably an honest mistake. > > > > I tried to re-generate the URL for authorization (it changed, I verified) > > > and it again gave the same "Woah There" message. > > > > Any ideas? > > > > Jason > > -- > Abraham Williams | Hacker |http://abrah.am > @poseurtech |http://the.hackerconundrum.com > Web608 | Community Evangelist |http://web608.org > This email is: [ ] blogable [x] ask first [ ] private. > Sent from Madison, WI, United States
[twitter-dev] Re: Deprecation of source parameter registration
When I discovered that Twitter used the name from my recetly created app via OAuth, I was pleased. While the turn-around time for manual approval was great, I think that using the data which we've already supplied through the creation of a new OAuth app is the right way to go. Keep up the good work.
[twitter-dev] Re: Freelance Twitter API Dev directory?
I'm requesting to be added to the list. Real Name: Michael Bailey Twitter Username(s): @mobasoft, @mobatalk, @mychingo, @redbox, @tagbucket email: mobat...@gmail.com Freelance developer/engineer/analyst/architect based in Independence, Missouri. Prior life experience on the Microsoft side of the road, ASP, SQL, HTML, OWL, C++ more recently crossed the road to open-source, PHP, Linux, Apache, MySQL, jquery, mootools. AJAX from both sides (since back in the days when we called it RemoteScripting). Creator/Developer/Maintainer of MyChingo.com, MobaTalk.com, and occasionally blogging on Mobasoft.com Thanks, Michael
[twitter-dev] Re: OAuth/authorize "Sign out" link
Thanks, I'll check there first from now on. Appreciate it. On Apr 8, 7:38 am, Abraham Williams <4bra...@gmail.com> wrote: > http://code.google.com/p/twitter-api/issues/detail?id=422 > > On Wed, Apr 8, 2009 at 07:29, Mobasoft wrote: > > > When an application sends the visitor over to Twitter for > > authroiziation, viahttps://twitter.com/oauth/authorize, the Sign out > > link no longer works. It was working fine a few days ago. > > -- > Abraham Williams | Hacker |http://abrah.am > @poseurtech |http://the.hackerconundrum.com > Web608 | Community Evangelist |http://web608.org > This email is: [ ] blogable [x] ask first [ ] private.
[twitter-dev] OAuth/authorize "Sign out" link
When an application sends the visitor over to Twitter for authroiziation, via https://twitter.com/oauth/authorize , the Sign out link no longer works. It was working fine a few days ago.
[twitter-dev] Re: Settings->Connections
Checked again this morning - after seeing robots on the home page and now link to logout (UI flaw) I cleared browser cookies and tried again. Now I see the connections tab and the one authenticated application for that account. On Apr 7, 5:11 pm, Mobasoft wrote: > I have another account, where I could not see the Connections tab, but > was able to navigate to the url. > I've also just granted OAuth access to that account and I still do not > see a Connections tab, and navigating to the connections url still > says, "No applications have been approved to use your account." > > I'll assume that it is a Twitter caching problem (which seems to have > been a bigger overall problem lately). > > If it shows up anytime soon, I'll add another reply here. > > Michael > > On Apr 7, 4:56 pm, Mobasoft wrote: > > > Robots. > > "Something is technically wrong. > > Thanks for noticing—we're going to fix it up and have things back to > > normal soon." > > > On Apr 7, 4:53 pm, Doug Williams wrote: > > > > Michael, > > > All of the API development team read this forum so it's the best place for > > > issues like this. As Chad replied, the connections tab is working for me > > > as > > > expected. Can you go into more detail about what you are seeing that seems > > > off? > > > > Doug Williams > > > Twitter API Supporthttp://twitter.com/dougw > > > > On Tue, Apr 7, 2009 at 2:43 PM, Chad Etzel wrote: > > > > > Working for me, and displaying all of the authorized apps I've used... > > > > -Chad > > > > > On Tue, Apr 7, 2009 at 5:41 PM, Mobasoft wrote: > > > > > > I understand that a lot of this OAuth development has been and out of > > > > > some flux lately, but is thathttps://twitter.com/account/connections > > > > > link working for anyone? > > > > > > If there is a more prominent place to ask Twitter dev team directly, > > > > > please inform me. > > > > > > Thanks, > > > > > > Michael
[twitter-dev] Re: Settings->Connections
I have another account, where I could not see the Connections tab, but was able to navigate to the url. I've also just granted OAuth access to that account and I still do not see a Connections tab, and navigating to the connections url still says, "No applications have been approved to use your account." I'll assume that it is a Twitter caching problem (which seems to have been a bigger overall problem lately). If it shows up anytime soon, I'll add another reply here. Michael On Apr 7, 4:56 pm, Mobasoft wrote: > Robots. > "Something is technically wrong. > Thanks for noticing—we're going to fix it up and have things back to > normal soon." > > On Apr 7, 4:53 pm, Doug Williams wrote: > > > Michael, > > All of the API development team read this forum so it's the best place for > > issues like this. As Chad replied, the connections tab is working for me as > > expected. Can you go into more detail about what you are seeing that seems > > off? > > > Doug Williams > > Twitter API Supporthttp://twitter.com/dougw > > > On Tue, Apr 7, 2009 at 2:43 PM, Chad Etzel wrote: > > > > Working for me, and displaying all of the authorized apps I've used... > > > -Chad > > > > On Tue, Apr 7, 2009 at 5:41 PM, Mobasoft wrote: > > > > > I understand that a lot of this OAuth development has been and out of > > > > some flux lately, but is thathttps://twitter.com/account/connections > > > > link working for anyone? > > > > > If there is a more prominent place to ask Twitter dev team directly, > > > > please inform me. > > > > > Thanks, > > > > > Michael
[twitter-dev] Re: Settings->Connections
Robots. "Something is technically wrong. Thanks for noticing—we're going to fix it up and have things back to normal soon." On Apr 7, 4:53 pm, Doug Williams wrote: > Michael, > All of the API development team read this forum so it's the best place for > issues like this. As Chad replied, the connections tab is working for me as > expected. Can you go into more detail about what you are seeing that seems > off? > > Doug Williams > Twitter API Supporthttp://twitter.com/dougw > > On Tue, Apr 7, 2009 at 2:43 PM, Chad Etzel wrote: > > > Working for me, and displaying all of the authorized apps I've used... > > -Chad > > > On Tue, Apr 7, 2009 at 5:41 PM, Mobasoft wrote: > > > > I understand that a lot of this OAuth development has been and out of > > > some flux lately, but is thathttps://twitter.com/account/connections > > > link working for anyone? > > > > If there is a more prominent place to ask Twitter dev team directly, > > > please inform me. > > > > Thanks, > > > > Michael
[twitter-dev] Settings->Connections
I understand that a lot of this OAuth development has been and out of some flux lately, but is that https://twitter.com/account/connections link working for anyone? If there is a more prominent place to ask Twitter dev team directly, please inform me. Thanks, Michael
