[twitter-dev] Selling Content vs. Selling a Service
A number of "chat" groups have grown up around Twitter. One of the big requirements for these groups is to produce a transcript for each chat session. While the content is free, there is a cost associated with the collection of tweets and generation of the transcripts for each group. Many chat groups collect the tweets into a transcript, generate a PDF (or similar document), and post the transcripts to a common member website. 1) The Twitter TOS appears to allow the creation of chat transcripts using the API. 2) What does the TOS say about charging money for the transcripts? Would that be forbidden under Twitter's API terms (resale of tweets)? Or is it possible to sell a transcript based on the labor/technology costs involved in generating the transcript? -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk
[twitter-dev] Re: Getting 500 error with my twitter Account
It looks like the same error is being reported by other users: https://code.google.com/p/twitter-api/issues/detail?id=2178 I saw your profile once and received the Fail Whale on a couple of other attempts. -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk
Re: [twitter-dev] Adding more users to the twitter stream listener
I need to attack this issue too, so I'm looking forward to suggestions. On Fri, May 6, 2011 at 9:35 AM, Ray Slakinski wrote: > I'm working on a program that uses the stream api to listen for tweets > from a list of users, if that list of user changes it appears to me > that I need to drop connection and reconnect in order to listen to the > new list of users even if its just to add one new user. If I do this I > could loose tweets during the time it takes to reconnect, especially > if its frequent enough. > > So does the API handle this scenario and I'm just missing something? > or any tips/tricks that might make the transition smoother as users > get added/removed? > > Ray Slakinski > > -- > Twitter developer documentation and resources: http://dev.twitter.com/doc > API updates via Twitter: http://twitter.com/twitterapi > Issues/Enhancements Tracker: > http://code.google.com/p/twitter-api/issues/list > Change your membership to this group: > http://groups.google.com/group/twitter-development-talk > -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
Re: [twitter-dev] Re: Visual refresh of the OAuth screens
I just noticed that the oAuth window appears to be resetting the height so that the entire page is visible (no scrolling). For Firefox and Chrome that's fixed the issue. Thank you! However, there is still a problem with IE. It is worse now. The user no longer sees the scrollbar and cannot login at all. On Fri, Apr 29, 2011 at 9:21 PM, Stefan wrote: > Hi Matt, > > while being an improvement over the old oauth form, this form still > does not tell the user all she needs to know. In particular, it hides > the fact that the app will have almost total control over their > twitter account. > > In my experience, most users are totally unaware of this fact. Of > course, from a developer's point of view everything that will stop > user's from authorizing their apps will always be greeted with > skepticism. However, I hope that Twitter will sooner or later inform > users that authorizing an app with read/write access can be > potentially very dangerous -- and doing so in the oauth form would be > the best place to do so. > > Or we could just hope that we will never see any malicious Twitter > apps. > > Best regards, > Stefan > > -- > Twitter developer documentation and resources: http://dev.twitter.com/doc > API updates via Twitter: http://twitter.com/twitterapi > Issues/Enhancements Tracker: > http://code.google.com/p/twitter-api/issues/list > Change your membership to this group: > http://groups.google.com/group/twitter-development-talk > -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] Re: Visual refresh of the OAuth screens
Matt, Thanks for the reply. I'm referring to a popup browser window that displays the full url. The technique is not designed to mask the oAuth process, it's designed to improve the experience for the user. Devs have been using this technique since Twitter released oAuth. The popup allows the user to remain on the current web page so he or she isn't jarred through multiple screen changes during a login. The Sign in With Twitter button on my blog serves as an example - http://is.gd/qlpZ4L On Apr 28, 3:31 pm, Matt Harris wrote: > @Shannon: thanks for the feedback on this. The new screens are fluid in size > so wrap to the available space. Hosting in a local iframe isn't something > we've encouraged in the past. We prefer the user to be taken to the > authenticate or authorize page in a tab/new window that they can see the URL > of. This is a good area for us to write some guidance for so thanks for > raising this. > > @Orian: great feedback and definitely something for us to take on board - > thanks. This is a first release of these pages to get a feel for if they are > going in the right direction. We tried to select a number of phrases that > explain the access that's being granted to an application but that are also > easy to understand. I think there will always be some that don't make it, > but there are others, like the ones you raise, which would help aid > transparency more. > > @themattharris > > On Thu, Apr 28, 2011 at 3:00 PM, Orian Marx (@orian) > wrote: > > > > > > > > > I think it's good to be giving users more information on what they are > > granting access to, but by leaving out a number of things there are > > misleading implications. In particular, this list does not mention > > that users will be granting access to all their private DMs. I also > > find it interesting the list mentions the ability to follow new > > people, but not to unfollow existing people. > > > Obviously it's been to everyone's benefit who has built apps that rely > > on OAuth up to this point that there has been specific mentioning of > > access to DMs as this would likely turn off a lot of people from > > granting access to experimental apps. The reality is that the OAuth > > system needs finer-grained controls. It would be good to hear if there > > has been any new thought on this from Twitter engineering. > > > Otherwise, I like the new page :) > > > @orian > > > On Apr 28, 5:02 pm, Matt Harris wrote: > > > Hey Developers, > > > > Some of you may have noticed already that earlier today we deployed a > > > redesign of the OAuth screens. > > > > We know both you and your users have been asking for better clarity about > > > what an application can see and do with an account and these screens are > > a > > > step towards doing that. > > > > One of the areas we wanted to improve is showing the details of your > > > application. If you visit the new screens you will see we've separated > > your > > > application details from the permissions that are being requested. We did > > > this to help users see that it is your application, not Twitter's. > > Remember > > > you can update your application details at anytime onhttp:// > > dev.twitter.com/apps. > > > > Mobile and international support has also been improved and we now use > > the > > > same rendering templates as those created for Web Intents. This ensures > > the > > > design matches the rest of #newtwitter and, more importantly, works > > > cross-browser, cross-platform, and multilingual. > > > > We hope you find the new designs more welcoming and friendly. Let us know > > > what you think. > > > > Best, > > > @themattharris > > > Developer Advocate, Twitterhttp://twitter.com/themattharris > > > -- > > Twitter developer documentation and resources:http://dev.twitter.com/doc > > API updates via Twitter:http://twitter.com/twitterapi > > Issues/Enhancements Tracker: > >http://code.google.com/p/twitter-api/issues/list > > Change your membership to this group: > >http://groups.google.com/group/twitter-development-talk -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] Re: Visual refresh of the OAuth screens
Hi Matt, This is a big change and it negatively impacts many web applications that popup a browser window to display the oAuth screen. The popup windows were sized for the old content, and the new content will force the user to scroll. It's not a great experience. I wish there would have been a feedback phase before this change was pushed through. Can we work together to create another format that will fit within these windows? On Apr 28, 2:02 pm, Matt Harris wrote: > Hey Developers, > > Some of you may have noticed already that earlier today we deployed a > redesign of the OAuth screens. > > We know both you and your users have been asking for better clarity about > what an application can see and do with an account and these screens are a > step towards doing that. > > One of the areas we wanted to improve is showing the details of your > application. If you visit the new screens you will see we've separated your > application details from the permissions that are being requested. We did > this to help users see that it is your application, not Twitter's. Remember > you can update your application details at anytime > onhttp://dev.twitter.com/apps. > > Mobile and international support has also been improved and we now use the > same rendering templates as those created for Web Intents. This ensures the > design matches the rest of #newtwitter and, more importantly, works > cross-browser, cross-platform, and multilingual. > > We hope you find the new designs more welcoming and friendly. Let us know > what you think. > > Best, > @themattharris > Developer Advocate, Twitterhttp://twitter.com/themattharris -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] New oAuth Authenticate Page
I was surprised to see a newly formatted oAuth Authenticate Page. The new page doesn't account for the scores of oAuth implementations that popup a new window. There is an ad-hoc standard for the window height and width that makes for a decent user experience. The new format will cause issues for the user since it results in page scrolling. Can we discuss this new page format and determine if it can be changed or if we can have alternate formats? -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] Site Streams: Positive Feedback
Site Streams are working very well for me. If the beta is indefinite, I don't plan to wait much longer before using them in production. This technology is really impressive, and I'd like to thank all of the Twitter devs who worked on it. -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
Re: [twitter-dev] List Membership Add/Delete and 403 Error
Thanks, Arnaud. These are definitely owned by the "other account" and I'm utilizing the correct auth tokens. I'll double-check the body response and see if that has additional information. On Thu, Apr 21, 2011 at 10:39 PM, Arnaud Meunier wrote: > Hey Shannon, > > Only the list owner can add/remove members to it. If the "other account" > you're authenticating with is trying to add members to a list he doesn't > own, you'll receive a 403. Take a look to your HTTP body, the error message > is probably "You aren't allowed to add members to this list". > > Arnaud / @rno <http://twitter.com/rno> > > > > On Thu, Apr 21, 2011 at 1:01 PM, Shannon Whitley < > shannon.whit...@gmail.com> wrote: > >> I'm able to add and delete list members using "list/members" for *my* >> account, but the same process is failing with another account. I know >> that the oAuth tokens are good because I can retrieve the list >> members. >> >> A 403 error is generated when when I try to add or delete members for >> this other account. >> >> I can't seem to find any issues with the account or the lists. I've >> tried several different lists and the don't have too many members. >> Again, I can retrieve the membership, but I can't add or delete any >> members. >> >> Is this a known Twitter bug? >> >> -- >> Twitter developer documentation and resources: http://dev.twitter.com/doc >> API updates via Twitter: http://twitter.com/twitterapi >> Issues/Enhancements Tracker: >> http://code.google.com/p/twitter-api/issues/list >> Change your membership to this group: >> http://groups.google.com/group/twitter-development-talk >> > > -- > Twitter developer documentation and resources: http://dev.twitter.com/doc > API updates via Twitter: http://twitter.com/twitterapi > Issues/Enhancements Tracker: > http://code.google.com/p/twitter-api/issues/list > Change your membership to this group: > http://groups.google.com/group/twitter-development-talk > -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] List Membership Add/Delete and 403 Error
I'm able to add and delete list members using "list/members" for *my* account, but the same process is failing with another account. I know that the oAuth tokens are good because I can retrieve the list members. A 403 error is generated when when I try to add or delete members for this other account. I can't seem to find any issues with the account or the lists. I've tried several different lists and the don't have too many members. Again, I can retrieve the membership, but I can't add or delete any members. Is this a known Twitter bug? -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] Site Stream User Events and Status created_at
For user events such as follow, unfollow, etc., would it be possible to include information from the latest status (at least created_at)? This would be helpful in identifying stale accounts. -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] Re: Source Parameter Doesn't Change
My source parameter finally changed on its own. I'm not sure what triggered the change, but it's correct now. Thanks! On Mar 8, 6:02 pm, Shannon Whitley wrote: > I had previously setup a Twitter application and used it under one > name. I've recently changed the name and updated the Twitter app > settings (trying bothhttp://twitter.com/oauthandhttp://dev.twitter.com/apps). > > Everything is fine except for thesourceparameter. It still shows > the old value. Is there anything else that needs to be done to change > thesourceparameter(short of creating a new Twitter application)? -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] Re: consistency and ecosystem opportunities
Thanks, Raffi, but obviously I'm not the only one reaching these conclusions. If our interpretation is incorrect, then the policy isn't clear. Television shows, newspaper articles, and band pages are perfect examples of places where a "Twitter client" might be useful. I could build a full-featured Twitter client around a single news site and that might be the perfect solution for that set of users. Under the new guidelines, it sounds like I'd be shutdown. On Mar 12, 6:39 pm, Raffi Krikorian wrote: > in reading your blog post, i think you're misunderstanding what > @*rsarver*wrote. > > the API is open -- i personally love seeing all the innovation around > getting content into twitter (/1/status/update). there is a cafe in france > who's oven tweets whenever its done baking. that uses the platform to get > content in there. there was a NYU project that enabled your plants to tweet > when they needed water. that uses the platform to get content into twitter. > then there are people who match tweets to context. seeing twitter in > action with a television show, or a newspaper article, or a conference, or a > band -- that's how people really understand and get twitter. they see it > through the lens of what's happening in the world. > > what @*rsarver* said, effectively, was building a business around > *simply*rendering > /1/statuses/home_timeline was probably-not-the-best-thing-to-do. please go > still innovate. just don't bet money on simply making an API call to > grabbing a user's home_timeline and rendering it. that's thinking too > small, and @*rsarver* is telling you that. > > On Sat, Mar 12, 2011 at 4:29 PM, Shannon Whitley > wrote: > > > I was hoping that Ryan was just a few weeks early for his April Fools' > > post. > > > "Don't build clients?" It sounds like a bad joke. > > > I wrote a letter to Ryan on my blog in response to this post: > > >http://www.voiceoftech.com/swhitley/index.php/2011/03/a-letter-to-rya... > > > I know you guys can't be serious about this. Stage a mutiny if you > > have to, but don't let this boneheaded decision stand. > > -- > Raffi Krikorian > Twitter, Application Serviceshttp://twitter.com/raffi -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] Re: consistency and ecosystem opportunities
I was hoping that Ryan was just a few weeks early for his April Fools' post. "Don't build clients?" It sounds like a bad joke. I wrote a letter to Ryan on my blog in response to this post: http://www.voiceoftech.com/swhitley/index.php/2011/03/a-letter-to-ryan-sarver/ I know you guys can't be serious about this. Stage a mutiny if you have to, but don't let this boneheaded decision stand. -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] Source Parameter Doesn't Change
I had previously setup a Twitter application and used it under one name. I've recently changed the name and updated the Twitter app settings (trying both http://twitter.com/oauth and http://dev.twitter.com/apps). Everything is fine except for the source parameter. It still shows the old value. Is there anything else that needs to be done to change the source parameter (short of creating a new Twitter application)? -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] Re: Uploading a Profile Image help
This call was working fine for me using basic auth. I've been converting my code to oAuth on my test machine. I now receive a 200 reply and the user's profile data, but the image is not updated. On Aug 9, 8:33 am, MeltingIce wrote: > I too am waiting for the profileimageAPI call to be fixed. I have > checked the request and even dove into HTTP_Request2's internal code > just to verify that the request is correct. The only error I get back > is 500 Internal Server Error. No other hints or suggestions are > present in the response header. The images I am using are small and > well within the limits. Any update on when this may be working again? > > Thanks, > Ryan > > On Aug 9, 11:07 am, Taylor Singletary > wrote: > > > > > Also a reminder: the Twitter API is at thehttp://api.twitter.comsubdomain. > > Twitter API has version numbers in the URL as well. > > > The original poster in this thread is > > usinghttp://twitter.com/account/update_profile_image.xmlwhenthey should be > > usinghttp://api.twitter.com/1/account/update_profile_image.xml > > > And I'll echo what Tom has said: you should switch to using OAuth very soon > > or you'll find your script doesn't work at all in about 2 weeks. > > > Taylor > > > On Sun, Aug 8, 2010 at 10:28 PM, Raghu Prasad > > wrote: > > > > On Sun, Aug 8, 2010 at 5:58 AM, marketingmaniac > > > wrote: > > > > i use to have this app that suddenly doesn't work anymore,, it use to > > > > work perfectly and now ,, hmm,, > > > > any help would be appreciated,, > > > > Though I don't know a bit about VB, I can safely say that > > > profileimagefunctionality of Twitter has been broken for > > > many weeks. Updating profileimagehas not been working > > > via API. If you check the past threads, you'd find that one > > > of the Twitter developer is assigned the task of streamlining > > > theimageupload functionality. I am also waiting for that to > > > happen. > > > > Raghu > > > > > here is the code that update my users profile written in vb 2008/10 > > > > that worked flawlessly > > > > > 'THE BUTTON I MADE TO INITIATE THE SUB CALLED UPLOADPROFILEIMAGE > > > > Private Sub Button37_Click_1(ByVal sender As System.Object, ByVal e As > > > > System.EventArgs) Handles Button37.Click -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
[twitter-dev] Re: update_profile_image is returning 200OK but not updating Profile Image
Hi,
I was wondering if this issue was corrected. I'm having a problem
updating the background profile image. The API is returning 200 and
the user's profile data, but the image isn't updated.
On Jul 19, 6:54 am, Taylor Singletary
wrote:
> Thank you for the details, Bob. We're looking into it.
>
> Taylor
>
>
>
> On Mon, Jul 19, 2010 at 6:19 AM, Bob wrote:
> > We are again seeing behaviour where update_profile_image is returning
> > a 200OK but the image is not updated on Twitter. This happened last
> > week and was fixed under Issue 1745:
>
> >http://code.google.com/p/twitter-api/issues/detail?id=1745
>
> > But it has just reappeared. Behaviour is very slightly different in
> > that the previous profile image remains in place rather than becoming
> > a broken image.
>
> > Request and response shown below.
>
> > Thanks,
>
> > Bob
>
> > Founder
> > Twibbon.com
>
> > --REQUEST:http://api.twitter.com
> > POST /1/account/update_profile_image.json HTTP/1.1
> > Authorization: OAuth
> > oauth_consumer_key="cmrjngkKmoHNaSG1OfWFA",oauth_token="57184902-
>
> > BgSM4dVrnqDsPyFXmU2lYwsAzb406dVWMQMU6YwWE",oauth_nonce="81r7llydmekc186w",o
> > auth_timestamp="1279545055",oauth_signature_method="HMAC-
> > SHA1",oauth_signature="9MkFOvvVxEmQZcyJUvSEOSF0na4%3D",oauth_version="1.0"
> > Content-Type: multipart/form-data; boundary=ab0fd378-4c1f-445f-
> > aa8e-45488c90256d
> > --ab0fd378-4c1f-445f-aa8e-45488c90256d
> > Content-Disposition: file; name="image"; filename="5e55681f-878e-46bd-
> > a584-57fcfaf4b52b.png"
> > Content-Type: image/png
>
> > [FILE DATA][System.Text.Latin1Encoding]
> > --ab0fd378-4c1f-445f-aa8e-45488c90256d--
>
> > --RESPONSE:http://api.twitter.com/1/account/update_profile_image.json
> > HTTP/1.1 200 OK
> > Date: Mon, 19 Jul 2010 13:10:55 GMT
> > Server: hi
> > Status: 200 OK
> > X-Transaction: 1279545055-84509-57740
> > ETag: "b089d0f3bb2c84ad1283361318917271"
> > Last-Modified: Mon, 19 Jul 2010 13:10:55 GMT
> > X-Runtime: 0.10970
> > Content-Type: application/json; charset=utf-8
> > Content-Length: 1340
> > Pragma: no-cache
> > X-Revision: DEV
> > Expires: Tue, 31 Mar 1981 05:00:00 GMT
> > Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-
> > check=0
> > Set-Cookie: k=84.19.234.238.1279545055076066; path=/; expires=Mon, 26-
> > Jul-10 13:10:55 GMT; domain=.twitter.com,guest_id=127954505542692657;
> > path=/; expires=Wed, 18 Aug 2010 13:10:55 GMT,lang=en;
>
> > path=/,_twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCNQY1OopAToHaWQiJTMyOWI4OGU1Mj
> > FmNTg3%250AZTllNzNhOTQxYjVlOGVkNjQ3IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy
> > %250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--
> > da8b247094aedfa91e96f6b9fc02dbc701228e41; domain=.twitter.com; path=/
> > Vary: Accept-Encoding
> > Connection: close
>
> > {"statuses_count":
>
> > 327,"profile_sidebar_border_color":"87bc44","description":"","location":"",
> > "profile_use_background_image":true,"followers_count":
> > 31,"status":
> > {"contributors":null,"coordinates":null,"truncated":false,"source":" > href=\"http://twibbon.com\"; rel=\"nofollow\">Twibbon > a>","created_at":"Mon Jul 19 13:04:30 +
>
> > 2010","geo":null,"in_reply_to_screen_name":null,"favorited":false,"in_reply
> > _to_status_id":null,"place":null,"id":
> > 18914185988,"in_reply_to_user_id":null,"text":"Support
> > #natsuniji_blue, add a #twibbon to your avatar now! -
> >http://twb.ly/9rgeFs
> > "},"contributors_enabled":false,"friends_count":30,"geo_enabled":false,"pro
> > file_background_color":"9ae4e8","lang":"en","favourites_count":0,"created_a
> > t":"Thu
> > Jul 16 00:18:19 +
>
> > 2009","verified":false,"profile_text_color":"00","follow_request_sent":
> > false,"notifications":false,"time_zone":null,"following":false,"profile_lin
> > k_color":"ff","protected":false,"profile_background_image_url":"http://
> > a1.twimg.com/profile_background_images/123041250/
> > df10e21c-5216-4fcb-80f5-e2962b764d6f.jpg","profile_image_url":"http://
> > a2.twimg.com/profile_images/1079636046/30f17041-0f8c-4031-b0fd-
> > d1bdcf043ad1_normal.png","name":"Bob
> > Thomson","profile_sidebar_fill_color":"e0ff92","url":null,"id":
>
> > 57184902,"profile_background_tile":false,"utc_offset":null,"screen_name":"j
> > pfette"}
--
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group:
http://groups.google.com/group/twitter-development-talk?hl=en
[twitter-dev] Re: Issues with OAuth
ap, I'm experiencing the problem too. It's good to hear that Taylor et al are on the case.
Re: [twitter-dev] Re: Is OAuth working for *anyone* out there?
I've been keeping track of the major oAuth issues that developers report to me. I've also hit these a few times myself. 1. The date/time on your machine must be accurate. Make sure you’ve performed a recent sync with a known time source. 2. If you’re trying to call a Twitter API method that will update data, the oAuth setup must be Read/Write on Twitter.com/oAuth. 3. Recheck all of your querystring variables for proper encoding. The method that you use for encoding querystring variables may not be oAuth compliant.
Re: [twitter-dev] .NET Code for the Streaming API
Yes, I remember reading your post. I've seen a couple of other implementations, but they weren't quite what I needed. It'd be interesting to see your approach. On Mon, Apr 26, 2010 at 5:15 PM, Andrew Badera wrote: > Sweet Shannon, I have my own implementation, but I'd love to see > someone else's. (TweetSharp didn't have one when I did mine.) I'll try > to find time to take a look, thanks for publishing, I hadn't got > around to publishing mine yet, too busy! > > ∞ Andy Badera > ∞ +1 518-641-1280 Google Voice > ∞ This email is: [ ] bloggable [x] ask first [ ] private > ∞ Google me: http://www.google.com/search?q=andrew%20badera > > > > On Mon, Apr 26, 2010 at 8:10 PM, Shannon Whitley > wrote: > > I've been working on a project that uses all .NET code to connect to the > > streaming api (HttpWebRequest & native JSON parsing). Several people > have > > already released code samples and many of the libraries have this > > functionality, but I needed to build my own app. There were enough > issues > > along the way that I decided my code might help someone else to get > started. > > If you have any comments or suggestions, please leave them on the blog > > post. > > http://www.voiceoftech.com/swhitley/?p=898 > > > -- > Subscription settings: > http://groups.google.com/group/twitter-development-talk/subscribe?hl=en >
[twitter-dev] .NET Code for the Streaming API
I've been working on a project that uses all .NET code to connect to the streaming api (HttpWebRequest & native JSON parsing). Several people have already released code samples and many of the libraries have this functionality, but I needed to build my own app. There were enough issues along the way that I decided my code might help someone else to get started. If you have any comments or suggestions, please leave them on the blog post. http://www.voiceoftech.com/swhitley/?p=898 -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] Re: Can our twitter app call "/oauth/revoke"?
One example where it would be useful: I'm trying to troubleshoot a problem with a currently authorized user. The same token and secret are pulled from Twitter each time during the oAuth process, but any calls to the Twitter API respond with "unauthorized." I asked the user to revoke access to my app so that she can start with a fresh token. It would have been better if I could have revoked the access for her. I'd then be able to simply ask her to login to the app again. On Wed, Apr 21, 2010 at 1:55 PM, Dean Collins wrote: > On Wed, Apr 21, 2010 at 13:32, Caliban Darklock > wrote: > > It may seem stupid to revoke the access, but in a tiny minority of > cases it may be clever, and for that reason alone you may want to > consider including it. > > > And what are those cases? If I was Twitter I would not provide such a case > until some of those cases where presented. > > > > Abraham > > -- > > > > > > You already got provided those exaples you chose to steam roller over them. > > > > Basically same response when I said why restrict client apps runnign on > desktops to oath if basic auth does the job and as a desktop client doesn’t > have the issues of web apps. > > Parroting the pr spin doesn’t solve the problem. > > > > > > > > Cheers, > > Dean > > > > > -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] Re: Get user profile pic by name, unauthenticated?
This has to be the softest launch ever, especially for such an important feature (three years in-the-making). You're saving me time, aggravation, and money. Thank you! Are there any limitations? I've been using it for a few weeks and it seems stable. -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] Re: @Anywhere + Access Tokens
I spoke with the devs at Chirp and I'm planning to use the token during the auth process. They confirmed that it is short-lived though. On Sat, Apr 17, 2010 at 2:43 PM, Abraham Williams <4bra...@gmail.com> wrote: > My understanding is the @Anywhere access tokens are short lived of only a > few hours. Maybe Twitter can confirm that. > > Abraham > > On Sat, Apr 17, 2010 at 10:10, mike wrote: > >> Sort of wondering the same thing. After authenticating, you'll notice >> your browser stores a cookie called twtter_anywhere, which I believe >> contains the request token. >> >> Would love to be able to use that request token to make Twitter API >> calls, but have no idea how to get the token secret. >> >> Thanks in advance. >> >> On Apr 17, 1:03 pm, aztroboy wrote: >> > Hi! I just managed to use @Anywhere on a website for authentication. >> > Now, I would like to know how do I get the Access Token and the Token >> > Secret with @Anywhere. I've successfully made the "signin with >> > Twitter" example. However after I've got the user information, I don't >> > know any method that can give me his access tokens. Is there some way >> > to do it? >> > >> > thank you in advance. >> > >> > -- >> > Subscription settings: >> http://groups.google.com/group/twitter-development-talk/subscribe?hl=en >> > > > > -- > Abraham Williams | Developer for hire | http://abrah.am > PoseurTech Labs | Projects | http://labs.poseurtech.com > This email is: [ ] shareable [x] ask first [ ] private. >
Re: [twitter-dev] Re: Early look at Annotations
I think this will be a great addition to the platform. I suppose it will be up to each software client to determine how (classic) retweets are handled. The annotations could be copied and edited. I assume new retweets will simply reference the original tweet and its annotations. On Fri, Apr 16, 2010 at 3:12 PM, Nigel Legg wrote: > I'd say keep it all on dev.twitter.com - minimise sites to visit. > > > On 16 April 2010 22:44, Raffi Krikorian wrote: > >> i expect we'll put a page up on dev.twitter.com that will allow people to >> list out namespaces, keys, etc. all for the community. >> >> >> On Fri, Apr 16, 2010 at 2:41 PM, Robby Grossman wrote: >> >>> Thanks for all of the info, Marcel. Cool stuff! >>> >>> How would people feel about a wiki for developers to share thoughts on >>> how to use/standardize on annotations? That would give us a chance to >>> flesh out some of the namespacing issues that have been raised so that >>> we can hit the ground running when Annotations are launched. I'd be >>> happy to set up a PBWorks page or maybe a Google Doc that can be >>> shared >>> with this list. >>> >>> --Robby >>> >>> On Apr 16, 5:17 pm, Marcel Molina wrote: >>> > I've talked to the analytics team. Three main metrics we're going to >>> work to >>> > surface on something like dev.twitter.com initially (and maybe even an >>> API >>> > so you all can build experiences/explorers around annotations): >>> > >>> > 1) All time most used namespaces/keys. >>> > 2) Trending namespace/keys. >>> > 3) Most widely adopted namespace/keys (i.e. not necessarily the most >>> used >>> > but the ones used by the highest number of different client >>> applications) >>> > >>> > >>> > >>> > On Fri, Apr 16, 2010 at 1:43 PM, Marcel Molina >>> wrote: >>> > > This is a great idea for how to bootstrap and fuel the adoption and >>> > > consensus on namespaces and key names. I'm going to talk to our >>> analytics >>> > > team and see if we can surface analytics on the most used namespaces >>> and >>> > > those namespace's most used keys. >>> > >>> > > On Fri, Apr 16, 2010 at 1:05 PM, Jaanus wrote: >>> > >>> > >> Another 2c: you should think about publishing numbers/stats for >>> > >> annotations. Easiest to start on the level of namespaces. Publish >>> > >> stats about popularity of namespaces: how many tweets and how many >>> > >> users use which namespaces. And don't do "that's a good idea and >>> there >>> > >> are still many moving parts and we are thinking of it for the >>> future," >>> > >> do "this is absolutely vital for the community from day 1" :) This >>> > >> would be a good measure for community to inform what namespaces to >>> > >> support, what works and what doesn't, etc. >>> > >>> > >> J >>> > >>> > >> -- >>> > >> Subscription settings: >>> > >> >>> http://groups.google.com/group/twitter-development-talk/subscribe?hl=en >>> > >>> > > -- >>> > > Marcel Molina >>> > > Twitter Platform Team >>> > >http://twitter.com/noradio >>> > >>> > -- >>> > Marcel Molina >>> > Twitter Platform Teamhttp://twitter.com/noradio >>> >> >> >> >> -- >> Raffi Krikorian >> Twitter Platform Team >> http://twitter.com/raffi >> > >
Re: [twitter-dev] Re: @anywhere Drupal and WordPress Plugins?
I've updated Twit Connect for WordPress to include @anywhere. It adds hovercards, follow buttons, and tweetboxes. I really like the tweetbox on the WordPress comment form. http://wordpress.org/extend/plugins/twitconnect On Fri, Apr 16, 2010 at 3:11 PM, Pelechati wrote: > You can visit http://apture.com/plugin for a wordpress/drupal plugin > for @anywhere functionality. Apture has been serving up @anywhere > behavior for over a year in a single line of javascript. > > On Apr 16, 2:45 pm, Robby Grossman wrote: > > A Wordpress plugin makes a lot of sense, as it would let non- > > developers easily integrate with it. I was going to look over the docs > > this weekend to see what would be involved in writing a generic > > @anywhere plugin for hosted Wordpress installs. > > > > --Robby > > > > On Apr 16, 2:09 am, "M. Edward (Ed) Borasky" wrote: > > > > > > > > > Are there any plugins for @anywhere that will run on Drupal and > > > WordPress? My blog is on WordPress, and I want to get rid of as many > > > non-Twitter gizmos and widgets as possible. I'll be keeping AddToAny, > > > since it goes to Developer Zone, and I'll be keeping Twitoaster, since > > > it threads conversations. But I'm ditching Topsy and a couple of > > > others as soon as I can get @anywhere running. > > > > > I don't know the details of the Drupal site yet - I need to meet with > > > them and see if they want to do @anywhere. P.S.: If you blog for > > > developers, I highly recommend posting to Developer Zone. I get more > > > traffic to my blog that way than anywhere else. I've had 800-visitor > > > days just from them. > > > > > -- > > > Subscription settings: > http://groups.google.com/group/twitter-development-talk/subscribe?hl=en >
Re: [twitter-dev] chirp questions for non-attendee's
I had an app suspended because it was on the same domain as another app and it appeared to have the same functionality. I was setting up a test version. Guess that's a no-no. On Tue, Apr 13, 2010 at 5:58 PM, Peter Denton wrote: > Thanks to Dewald's advice, I started a new thread for questions those of us > not attending chirp could throw out: > > *Mine are:* > I know no one wants to spill beans for the sake of spammers, but can team > platform shed some light on app suspensions? > > obviously, there are the clear no no's but I have had an app suspended > because the title was "analytics", thus some reserved word for twitter inc. > > Also, do denial of oAuth requests come into play? > > Cheers > Peter > -- To unsubscribe, reply using "remove me" as the subject.
[twitter-dev] Re: 404 Errors on friends and followers using cursors
I've been hitting this a lot lately with data for my own id. It's a huge issue. I'm happy to see that it's been marked as a high priority, but it's been around for months. Do we have an estimate for a fix? Thanks!
[twitter-dev] Re: .NET and oAuth update problems
Desktop oAuth with .NET http://www.voiceoftech.com/swhitley/?p=856 This example includes an updated version of oAuth.cs and oAuthTwitter.cs It includes some changes to url encoding that one of my blog readers submitted. Those two files could be used in the web versions with minor adjustments. I'll go back and incorporate the changes into the original web example too. I also need to contact the oAuth.cs author to request code updates at the Google source. I should have an xAuth example out this week as well.
[twitter-dev] Re: Introduce yourself!
Hi, I'm Shannon Whitley. I prefer .NET coding, but I do a lot of work in PHP these days (thanks to WordPress and Facebook). A few of my projects are listed on http://whitleymedia.com, but my favorite is still a Twitter Excel client (that some suggested should be named "Excreet"). I run Chat Catcher and My Tweeple -- so, I'd love to see fewer limitations on the streaming API and more than 100 people per page in the REST API. And, I know they said they wouldn't do this, but I'd love to see Twitter create permanent urls for our profile images.
[twitter-dev] Re: What's up with OAuth?
Hi, What is the expected wait time after submitting a request for xAuth access? I'm trying to let a client know how long the development cycle will take, but a lot depends on this approval. My request is currently pending from Thursday or Friday of last week. Thank you.
[twitter-dev] Re: .NET Servers
Thanks for the feedback, Andy. I'll run your thoughts past GoGrid and see what they can do. I could offer 2008 at the same price as 2003 (if I drop the memory), but in my experience it's not even worth trying to run 2008 on less than a GB of RAM. I also want to know more about the ease with which folks can join BizSpark. I applied, but haven't heard anything back. One of my ideas was to run a shared SQL Server database for multiple developers under the BizSpark program.
[twitter-dev] .NET Servers
I develop various applications using .NET tools (and PHP). For many of my projects, I really need to run my own servers; shared webhosting just doesn't cut it (and that's going to be especially true when I get access to the firehose -- soon, I hope). I've been frustrated over the past year. Even though costs have come down, it's still been too expensive to run a server on my own. I have a feeling a lot of us are in the same boat. Luckily, I met some people on Twitter who work for a company called GoGrid. We discussed the low number of hosting sites for .NET devs and the high prices. GoGrid made me a deal (and I apologize if this sounds like a sales pitch, but I hope you find the information useful). The deal is, if I manage the orders from the .NET community, I can offer devs a deeply discounted rate on GoGrid servers. So, I'm passing the information onto the .NET devs on the Twitter list. If you'd like to know more, read the post below. You can contact me with any questions. http://www.voiceoftech.com/swhitley/?p=837
[twitter-dev] Re: 401 Unauthorized problem
I'm having the same problem. I can't delete members from lists using oAuth. I've tried using the DELETE method and adding the _method=DELETE parameter. All of the combinations return a "401 Unauthorized" error.
[twitter-dev] Re: About the oneforty application directory
Hi Robby, Thanks for the explanation on the read/write access. I hesitated to signon when I saw the access requirement. Many saavy users will hesitate as well. I want to see you get as many users as possible and this will probably come up again when you move to the next phase. It might be worth considering registering two separate applications, one with read access and one with read/write. It wouldn't be quite as seamless because you'd require the user to grant access again for the read/write features, but that approach would result in fewer questions at the initial signon.
[twitter-dev] Re: My Issue with the ReTweet API and my solutions
I agree with Paul. I've taken some time to really think about this and it does not seem to be a wise addition to the platform. It may come down to a matter of semantics. Project Retweet is actually about "liking" a tweet, which is already covered by Favorites. Why couldn't Favorites just be enhanced to show who else marked the tweet as a favorite? The big problem with Project Retweet is that it doesn't replicate user behavior at all. People are not simply copying tweets verbatim, and they are not always crediting the original author (not a bad thing when the context isn't needed). Project Retweet forces a new set of behaviors on people without addressing their current needs. It would have been far better to simply add a button that places "RT @username" in front of a copy of the tweet and then allow people to edit the tweet. "That" is the behavior that is represented by most other Twitter clients and could have been easily added to Twitter.com.
[twitter-dev] Re: Early developer preview: Retweeting API
The effort is great. Kudos to the team at Twitter for trying to tackle this. Unfortunately, from my view, Project Retweet uses a sledgehammer to drive a nail. The simplest solution is going to be the best, and I think the current changes are complicated and confusing. I agree with some of the other comments; tracking the original tweet id in a single field would have been sufficient (retweet_of_status_id). I like to comment on my retweets. Project Retweet actually increases the number of tweets that I'll have to post (one to retweet and another to comment). Project Retweet encourages thoughtless copies of tweets. While that happens anyway, there is at least a small barrier today. It appears that too much work has already gone into this project, so it looks like we're moving forward. With that in mind, I hope I'll be proven wrong.
[twitter-dev] ClickableNow Dev Partners
ClickableNow is a service that enables clickable Twitter backgrounds
via a browser add-on. We launched the service last week and so far
we've seen about 10,000 visitors to the website (http://
clickablenow.com).
We're now looking to add an additional page to the website to list
developers who have implemented the ClickableNow functionality. If
your app displays (or can display) a user's Twitter background, you
can use our code to enable the clickable links. It takes just a few
lines of code to add ClickableNow to your app.
You can see an example of the code on userscripts.org (http://
userscripts.org/scripts/show/53847
). If you have the ability to perform a cross-domain call in your
app, then you can drop the ".jsonp" extension and retrieve the json
directly.
http://s3.amazonaws.com/wmcp/{screen_name}
Send an e-mail to supp...@clickablenow.com if you've implemented
ClickableNow in your app and want to be listed on our site. You can
send questions to the same address.
Even if you can't add our functionality to your app, give ClickableNow
a try and make your background clickable -- http://clickablenow.com.
[twitter-dev] Re: Profile image urls - how to update
I recall seeing a post from a Twitter employee that static profile image urls would be delivered sometime in June 2009. Do we have any updates? Thanks. On May 21, 6:14 pm, Doug Williams wrote: > Thanks for your patience guys -- we realize the benefits of predictable > static URLs. It's unfortunately kind of back-burner work but we're getting > to it. As most of you can tell, the image uploading logic needs a lot of > love. > Cheers, > Doug > > -- > > Doug Williams > Twitter Platform Supporthttp://twitter.com/dougw > > > > On Thu, May 21, 2009 at 4:38 PM, Tim Haines wrote: > > > Hi Clint, > > > Thanks for that. I've added myself to the watchlist. I saw a similar > > note from 2007, so was hoping it was already done - but 'a month or > > so' sounds good to me. > > > Tim. > > > On May 21, 10:24 pm, Clint Shryock wrote: > > > the API team is in the process of re-engineering this functionality: in > > the > > > future the current profile image will have a static URL.see: > >http://code.google.com/p/twitter-api/issues/detail?id=497#c8 > > > > +Clint > > > > On Thu, May 21, 2009 at 6:11 AM, Tim Haines wrote: > > > > > Hey there, > > > > > I'm caching profile image urls. I'm finding quite a bit of churn, and > > > > have started wondering how I'm going to keep them up to date. > > > > > Is there anyway to predict or determine a profile image url from a > > > > screen name or something? The url's provided all seem to contain part > > > > of the original file name - which of course is impossible to guess. > > > > > If there's not a way to determine them from the screen name, is there > > > > an easy way to get a bulk update of the image urls? > > > > > Cheers, > > > > > Tim.- Hide quoted text - > > - Show quoted text -
[twitter-dev] Re: whitelist site -- horror story
I was thinking the same thing about the "referrer." I rushed over to
check on my apps after reading this thread. I know this has been
broached before, but it sure would be nice to have a beta site for the
devs to test against before changes go live.
On Jun 19, 7:04 am, Doug Williams wrote:
> Can you include the specific request you are making?
>
> Thanks,
> Doug
>
>
>
> On Fri, Jun 19, 2009 at 6:35 AM, Alan Evans wrote:
> > Just a shot in the dark, but could it be caused by this?:
>
> >http://groups.google.com/group/twitter-development-talk/browse_thread...
>
> > It sounds like exactly the sort of thing that could cause an app to
> > suddenly stop working. I see that your new code posted above contained a
> > referer, but what about the code that was failing? How about putting in a
> > User-Agent too, for good measure.
>
> > Regards,
>
> > Alan Evans
>
> > On Fri, Jun 19, 2009 at 2:50 PM, markanson wrote:
>
> >> Marco it was all working fine for a month or more
>
> >> then today it stopped working
>
> >> My new code that I got from somewhere seems ok but I don't feel really
> >> confident about this
>
> >> I am using this
>
> >> function file_post_contents($url,$headers=false) {
> >> $url = parse_url($url);
>
> >> if (!isset($url['port'])) {
> >> if ($url['scheme'] == 'http') { $url['port']=80; }
> >> elseif ($url['scheme'] == 'https') { $url['port']=443; }
> >> }
> >> $url['query']=isset($url['query'])?$url['query']:'';
>
> >> $url['protocol']=$url['scheme'].'://';
> >> $eol="\r\n";
>
> >> $headers = "POST ".$url['protocol'].$url['host'].$url['path']."
> >> HTTP/1.0".$eol.
> >> "Host: ".$url['host'].$eol.
> >> "Referer: ".$url['protocol'].$url['host'].$url['path'].
> >> $eol.
> >> "Content-Type: application/x-www-form-urlencoded".
> >> $eol.
> >> "Content-Length: ".strlen($url['query']).$eol.
> >> $eol.$url['query'];
> >> $fp = fsockopen($url['host'], $url['port'], $errno, $errstr, 30);
> >> if($fp) {
> >> fputs($fp, $headers);
> >> $result = '';
> >> while(!feof($fp)) { $result .= fgets($fp, 128); }
> >> fclose($fp);
> >> if (!$headers) {
> >> //removes headers
> >> $pattern="/^.*\r\n\r\n/s";
> >> $result=preg_replace($pattern,'',$result);
> >> }
> >> return $result;
> >> }
> >> }- Hide quoted text -
>
> - Show quoted text -
[twitter-dev] Re: New oAuth Redirect Page
In case anyone is having a similar issue, I changed my code to store the data using the user's IP address. This should work okay until Matt delivers the update. A cookie would also be an option, just not for my app in this case. On Jun 3, 2:37 pm, Shannon Whitley wrote: > That would be great. Thanks, Matt! > > On Jun 3, 2:03 pm, Matt Sanford wrote: > > > > > Hi there, > > > This page was needed because of a security problem with some > > browsers. When you need to log in we collect the username/password and > > POST back to our code. In the old flow this POST would return a > > redirect if you had approved the app. Some browsers re-submit that > > same POST body to the other app, pretty much giving the app the users > > password. This is the intended behavior in the HTTP spec if I recall, > > but either way we nipped that in the bud by putting in the new page. > > > As far as custom callback variables: my OAuth 1.0a changes should > > go out the beginning of next week and will allow dynamic callbacks > > again. The code is done and reviewed but because of the backwards > > incompatibility for desktop apps I am in a 7 day waiting period. With > > a dynamic callback you can set whatever you like and not have to base > > it on (easily spoofed) referrers. > > > Thanks; > > – Matt Sanford / @mzsanford > > Twitter Dev > > > On Jun 3, 2009, at 1:53 PM, Shannon Whitley wrote: > > > > It looks like an intermediary page has been inserted between the oAuth > > > login and the redirect back to the application. The HTTP referrer is > > > now null. I was using the referrer to pass and retrieve dynamic > > > variables associated with the login. Is this new page a necessary > > > addition to the oAuth flow? Is there any word on the ability to pass > > > variables through the oAuth signon back to the application?- Hide quoted > > > text - > > - Show quoted text -
[twitter-dev] Re: New oAuth Redirect Page
That would be great. Thanks, Matt! On Jun 3, 2:03 pm, Matt Sanford wrote: > Hi there, > > This page was needed because of a security problem with some > browsers. When you need to log in we collect the username/password and > POST back to our code. In the old flow this POST would return a > redirect if you had approved the app. Some browsers re-submit that > same POST body to the other app, pretty much giving the app the users > password. This is the intended behavior in the HTTP spec if I recall, > but either way we nipped that in the bud by putting in the new page. > > As far as custom callback variables: my OAuth 1.0a changes should > go out the beginning of next week and will allow dynamic callbacks > again. The code is done and reviewed but because of the backwards > incompatibility for desktop apps I am in a 7 day waiting period. With > a dynamic callback you can set whatever you like and not have to base > it on (easily spoofed) referrers. > > Thanks; > – Matt Sanford / @mzsanford > Twitter Dev > > On Jun 3, 2009, at 1:53 PM, Shannon Whitley wrote: > > > > > It looks like an intermediary page has been inserted between the oAuth > > login and the redirect back to the application. The HTTP referrer is > > now null. I was using the referrer to pass and retrieve dynamic > > variables associated with the login. Is this new page a necessary > > addition to the oAuth flow? Is there any word on the ability to pass > > variables through the oAuth signon back to the application?
[twitter-dev] New oAuth Redirect Page
It looks like an intermediary page has been inserted between the oAuth login and the redirect back to the application. The HTTP referrer is now null. I was using the referrer to pass and retrieve dynamic variables associated with the login. Is this new page a necessary addition to the oAuth flow? Is there any word on the ability to pass variables through the oAuth signon back to the application?
[twitter-dev] Re: User Icon in RSS Feed?
I don't think anything has changed. You can take a look at SPIURL - http://code.google.com/p/spiurl/ On May 13, 10:35 am, 51productions wrote: > I'm building a little sidebar on a website with a twitter RSS feed, > and I'd love to be able to use the user icons with it. I do not see > this included in the feed, nor do they appear to have consistent URLs. > Is there anyway to do this? > > I only found one post on the matter from two years ago in which it was > said that the developers were getting to it. Has that happened yet?
[twitter-dev] Re: Passing Parameters to Callback in OAuth
I've been using the referrer to capture callback data. You might want to try that. On May 1, 2:29 pm, Jesse Stay wrote: > Thanks Matt. I'll try to handle it in my session for now. BTW, I think > I've finally got Perl working - will be doing a post and transferring over > to the wiki as soon as I feel comfortable with it. > Jesse > > > > On Fri, May 1, 2009 at 3:12 PM, Matt Sanford wrote: > > > Hi Jesse, > > > This was available with the oauth_callback parameter but it had to be > > removed for security reasons. I'm currently working with the OAuth group to > > finalize a way to bring oauth_callback back. I have some working code based > > on the current discussion but we're still hashing some things out before it > > will be ready. Hopefully we'll be able to bring it back soon. I'll post and > > update to the list once I have something ready. > > > Thanks; > > – Matt Sanford / @mzsanford > > Twitter Dev > > > On May 1, 2009, at 2:09 PM, Jesse Stay wrote: > > > Forgive my OAuth n00bness, but I was curious if there was a way to pass > >> parameters that will in return get passed back to my callback URL in OAuth. > >> For instance, I want to pass the parameters, and then when Twitter > >> redirects back to my callback URL I want it to also pass the additional > >> parameters so I can do different things with the same callback URL > >> depending > >> on what I'm trying to do with OAuth at the time. > > >> Is this possible? And how? > > >> Thanks, > > >> @Jesse- Hide quoted text - > > - Show quoted text -
[twitter-dev] Re: Twitter's official comment on our disabling of OAuth
Thanks. That's exactly what I did. ;) On Apr 24, 7:56 am, Matt Sanford wrote: > Hi Shannon, > > There are some concerns about localhost redirection but in the > mean time I recommend changing your /etc/hosts (or equivalent) so you > can intercept calls on your local machine. This should also let you do > development once your project launches. > > Thanks; > – Matt Sanford / @mzsanford > Twitter API Developer > > On Apr 24, 2009, at 07:47 AM, Shannon Whitley wrote: > > > > > > > Thanks for all your hard work, Matt. > > > In one of my solutions, I am getting around the absence of the > > oauth_callback by using the referrer. I know referrer is unreliable, > > but I'm going with it for now. When the call comes back from the > > authorize page, the referrer still contains the information that I > > sent in the oauth_callback. > > > Additionally, if we need to setup dummy applications for testing, I'd > > like to request that localhost and ports be allowed on the > > registration page in the callback field. > > > On Apr 23, 1:41 pm, Matt Sanford wrote: > >> Hi Everybody! (Dr. Nick voice) > > >> OAuth is once again live, and as described below the > >> oauth_callback has been disabled. I've begun testing the replacement > >> options for oauth_callback and will hopefully get something out soon > >> to replace it. In the mean time successful authorization or > >> authentication will send the user to your pre-registered callback > >> URL. > > >> Thanks; > >> – Matt Sanford / @mzsanford > >> Twitter API Developer > > >> On Apr 23, 2009, at 07:59 AM, Matt Sanford wrote: > > >>> Hi all, > > >>> We had to wait for the midnight deadline before giving too many > >>> details because we're taking a slightly more active approach. The > >>> code for these changes was scheduled to go out yesterday but there > >>> was a problem with some unrelated changes and the whole thing was > >>> rolled back. I'm hoping to get it out early today as an emergency > >>> deploy. If anyone has missed it, Eran posted a good explanation [1] > >>> for people not digging the security advisory wording. > >>> While I'm still working to get the changes out here is what you > >>> can expect: > > >>> 1. The lifetime of a Request Token is now much, much shorter. This > >>> new time limit should be long enough for a person to complete the > >>> flow, but short enough that it cuts off attacks. > >>> » Note this is for request tokens, not access tokens. > > >>> 2. For the time being the oauth_callback parameter will be disabled > >>> for both authentication and authorization. The user will be sent to > >>> the application callback in both cases. > >>> » I'm working with the other OAuth implementers on a way to > >>> bring it back, and Eran mentions it a bit at the end of his post > >>> [1]. We want to make sure it works correctly before launching it so > >>> you don't end up spending time to implement something we then have > >>> to turn off. > > >>> As for questions about the severity of Twitter's initial > >>> response I think you'll find Yahoo! [2] has done the same. From the > >>> OAuth response mails I can assure you there were others as well but > >>> since they have no public mention of it I'll let them go unmolested. > >>> It wasn't just Twitter, that was just the only place you were > >>> looking :) > > >>> Thanks; > >>> — Matt Sanford, "of Alex and Doug fame" > > >>> [1] -http://www.hueniverse.com/hueniverse/2009/04/explaining-the-oauth-ses > >>> ... > >>> [2] -http://developer.yahoo.net/blog/archives/2009/04/oauth_update.html > > >>> On Apr 23, 2009, at 06:25 AM, mikehar wrote: > > >>>> Totally agree with Pierre. I think we all understand the security > >>>> issue. Why was twitter's approach so much more severe than other > >>>> services? Why not just a warning on login? Can Doug or Alex shed > >>>> some > >>>> light on this? > > >>>> wrt the ETA, can we get an update? One blog post said yesterday, > >>>> the > >>>> posting on this site says today. > > >>>> Also, I'm a little taken aback by the
[twitter-dev] Re: Twitter's official comment on our disabling of OAuth
Thanks for all your hard work, Matt. In one of my solutions, I am getting around the absence of the oauth_callback by using the referrer. I know referrer is unreliable, but I'm going with it for now. When the call comes back from the authorize page, the referrer still contains the information that I sent in the oauth_callback. Additionally, if we need to setup dummy applications for testing, I'd like to request that localhost and ports be allowed on the registration page in the callback field. On Apr 23, 1:41 pm, Matt Sanford wrote: > Hi Everybody! (Dr. Nick voice) > > OAuth is once again live, and as described below the > oauth_callback has been disabled. I've begun testing the replacement > options for oauth_callback and will hopefully get something out soon > to replace it. In the mean time successful authorization or > authentication will send the user to your pre-registered callback URL. > > Thanks; > – Matt Sanford / @mzsanford > Twitter API Developer > > On Apr 23, 2009, at 07:59 AM, Matt Sanford wrote: > > > > > Hi all, > > > We had to wait for the midnight deadline before giving too many > > details because we're taking a slightly more active approach. The > > code for these changes was scheduled to go out yesterday but there > > was a problem with some unrelated changes and the whole thing was > > rolled back. I'm hoping to get it out early today as an emergency > > deploy. If anyone has missed it, Eran posted a good explanation [1] > > for people not digging the security advisory wording. > > While I'm still working to get the changes out here is what you > > can expect: > > > 1. The lifetime of a Request Token is now much, much shorter. This > > new time limit should be long enough for a person to complete the > > flow, but short enough that it cuts off attacks. > > » Note this is for request tokens, not access tokens. > > > 2. For the time being the oauth_callback parameter will be disabled > > for both authentication and authorization. The user will be sent to > > the application callback in both cases. > > » I'm working with the other OAuth implementers on a way to > > bring it back, and Eran mentions it a bit at the end of his post > > [1]. We want to make sure it works correctly before launching it so > > you don't end up spending time to implement something we then have > > to turn off. > > > As for questions about the severity of Twitter's initial > > response I think you'll find Yahoo! [2] has done the same. From the > > OAuth response mails I can assure you there were others as well but > > since they have no public mention of it I'll let them go unmolested. > > It wasn't just Twitter, that was just the only place you were > > looking :) > > > Thanks; > > — Matt Sanford, "of Alex and Doug fame" > > > [1] > > -http://www.hueniverse.com/hueniverse/2009/04/explaining-the-oauth-ses... > > [2] -http://developer.yahoo.net/blog/archives/2009/04/oauth_update.html > > > On Apr 23, 2009, at 06:25 AM, mikehar wrote: > > >> Totally agree with Pierre. I think we all understand the security > >> issue. Why was twitter's approach so much more severe than other > >> services? Why not just a warning on login? Can Doug or Alex shed some > >> light on this? > > >> wrt the ETA, can we get an update? One blog post said yesterday, the > >> posting on this site says today. > > >> Also, I'm a little taken aback by the "it's beta" rationalization for > >> the massive disruption in service. It's one thing to mark it as > >> public > >> beta, it's another thing entirely to define 'beta' belatedly as "not > >> suitable for production use". Does that mean we get an SLA on the > >> non- > >> beta APIs? > > >> On Apr 23, 1:44 am, twitscoop wrote: > >>> Hi guys, is there an ETA for it to be restored ? It seems Oauth's > >>> recommended approach is to simply add a warning notice on > >>> authorization until this is fixed (this is what Google did). > >>> Anyways, > >>> even with this security flow, oauth is safer than providing twitter > >>> credentials to third parties... > > >>> Thanks! > >>> Pierre > > >>> On Apr 23, 7:30 am, Doug Williams wrote: > > Bill, > The majority of our developers find OAuth sufficient because they > are > writing a Web applications. We are pleased that the deprecation > of the > source parameter lowered our support load and continues to drive > adoption of > our preferred authentication scheme. > > There are of course other cases where developers find the current > implementation's beta status or browser requirement concerning. I > have yet > to reject a source parameter request that provides a valid argument > explaining why OAuth does not meet the application's needs. > > Thanks, > Doug Williams > Twitter API Supporthttp://twitter.com/dougw > > On Wed, Apr 22, 2009 at 6:50 PM, Bill Robertson > >
[twitter-dev] Re: Twitter's official comment on our disabling of OAuth
Thanks, Matt! Even though it kills my latest project, I'm still in agreement that turning oAuth back on without oauth_callback is preferable to leaving it off. oauth_callback is very important to me, though, so I would lobby for bringing it back in some form as quickly as possible. Apr 23, 9:37 am, Matt Sanford wrote: > Hi there, > > It isn't slowing anything. My first change was just to disable > oauth_callback, this other method is considered gravy. I'm in total > agreement (as the OAuth implementer at Twitter) that it beats the hell > out of 0% available. I'm pushing with all my might to get this > deployed despite anyone else's priorities. I take this all far too > seriously. > > Thanks; > – Matt Sanford / @mzsanford > Twitter API Developer > > On Apr 23, 2009, at 09:32 AM, Mobasoft wrote: > > > > > Please don't let this slow down Twitter's turning it back on. > > Just let everyone set it in the application and be done with it. > > > If they want a different callback url, then simply create a MyApp_Test > > app and put in a different application return url. > > > 100% working sure in the hell beats 0% implemented while we try to > > make it dynamic for a small percentage of applications/people. > > > Thanks for taking my $0.02 > > > On Apr 23, 10:57 am, Matt Sanford wrote: > >> Hi Michael, > > >> We've been discussing that in the group of people dealing with > >> the security issue. It seems like AuthSub tried that route and found > >> it to be very problematic. More often than not people went with open > >> redirectors to make it easy, and therefor bypassed all security. > >> We're > >> working on a way to allow it to be dynamic, but make sure it is > >> signed > >> so we don't have to keep it this way. This involves sending it when > >> you get the request token, and then making sure you know what you > >> sent > >> when you get the access token. Once we have a working version in the > >> wild for people to try I'll give a more detailed description. > > >> Thanks; > >> – Matt Sanford / @mzsanford > >> Twitter API Developer > > >> On Apr 23, 2009, at 08:47 AM, Michael Ivey wrote: > > >>> It would be nice to be able to set multiple allowed callbacks, if > >>> this is the case, and specify which one to use in the request. I use > >>> the callback on my dev environment so I don't have to maintain two > >>> applications. (Also, the URL verification on callbacks doesn't > >>> support port numbers, but that's a secondary issue) > > >>> -- ivey > > >>> On Thu, Apr 23, 2009 at 10:37 AM, Mobasoft > >>> wrote: > > >>> Good news, the oauth_callback parameter should /always/ be set in > >>> the > >>> application imho. > >>> Looking forward to your "flip the switch" celebrations today. > > >>> On Apr 23, 9:59 am, Matt Sanford wrote: > Hi all, > > We had to wait for the midnight deadline before giving too > many > details because we're taking a slightly more active approach. The > >>> code > for these changes was scheduled to go out yesterday but there was a > problem with some unrelated changes and the whole thing was rolled > back. I'm hoping to get it out early today as an emergency deploy. > >>> If > anyone has missed it, Eran posted a good explanation [1] for people > not digging the security advisory wording. > While I'm still working to get the changes out here is what > you > can expect: > > 1. The lifetime of a Request Token is now much, much shorter. This > >>> new > time limit should be long enough for a person to complete the flow, > but short enough that it cuts off attacks. > » Note this is for request tokens, not access tokens. > > 2. For the time being the oauth_callback parameter will be disabled > for both authentication and authorization. The user will be sent to > the application callback in both cases. > » I'm working with the other OAuth implementers on a way to > >>> bring > it back, and Eran mentions it a bit at the end of his post [1]. We > want to make sure it works correctly before launching it so you > >>> don't > end up spending time to implement something we then have to turn > >>> off. > > As for questions about the severity of Twitter's initial > >>> response > I think you'll find Yahoo! [2] has done the same. From the OAuth > response mails I can assure you there were others as well but since > they have no public mention of it I'll let them go unmolested. It > wasn't just Twitter, that was just the only place you were > >>> looking :) > > Thanks; > — Matt Sanford, "of Alex and Doug fame" > > [1] > -http://www.hueniverse.com/hueniverse/2009/04/explaining-the-oauth-ses > >>> ... > [2] -http://developer.yahoo.net/blog/archives/2009/04/oauth_update.html > > On Apr 23, 2009, at 06:25 AM, mikehar wrote: > > > Totally agree
[twitter-dev] Re: OAUTH Feature currently disabled
Hi, Doug. I think we understand the part about "authenticate" being down, but oAuth isn't working at all right now. On Apr 22, 8:33 am, Doug Williams wrote: > The feature was disabled over the weekend. It will hopefully be > restore within a day. That is all we can say at this time, but more > details will flow after restoration. We appreciate your patience. > > Doug > > On 4/22/09, Dossy Shiobara wrote: > > > > > On 4/22/09 11:15 AM, iematthew wrote: > >> If I'm not mistaken, OAuth is still in public Beta. Or did I miss the > >> memo? (wouldn't have been the first time). I doubt it is wise at this > >> point to push OAuth features live to the public. :) > > > You forgot to put the new cover page on your TPS report. > > > -- > > Dossy Shiobara | do...@panoptic.com |http://dossy.org/ > > Panoptic Computer Network |http://panoptic.com/ > > "He realized the fastest way to change is to laugh at your own > > folly -- then you can let go and quickly move on." (p. 70) > > -- > Sent from my mobile device > > Doug Williams > Twitter API Supporthttp://twitter.com/dougw
[twitter-dev] Re: OAUTH Feature currently disabled
Whatever your definition of public beta, I'd just love to at least know what's going on. On Apr 22, 8:15 am, iematthew wrote: > If I'm not mistaken, OAuth is still in public Beta. Or did I miss the > memo? (wouldn't have been the first time). I doubt it is wise at this > point to push OAuth features live to the public. :)
[twitter-dev] Re: OAUTH Feature currently disabled
Adding my S.O.S. here too. On Apr 22, 3:31 am, gissmog wrote: > Hello, > > is there a page where I can get the current status of the oauth > feature? > I justed started implementing the oauth feature and I'am not able to > continue ;-( > > How do the other developers behave in this situation? > > -- > gissmog
[twitter-dev] Re: Oauth button
I wish someone could have been there when I created the "Twit Connect" WordPress plugin. http://www.voiceoftech.com/swhitley/?p=683#twc_button I begged for someone to help me create a button, but I had to make my own. Thanks to Peter, I'll now be able to standardize on the next version. On Apr 6, 4:23 am, Alberto Bajo wrote: > Is there any button similar to "Facebook connect"? (http://spedr.com/ > rze1) > > Otherwise, are there any plans for that? > > Thanks :)
[twitter-dev] Re: The OAuth Conundrum
I've done a lot of work recently with Twitter's oAuth implementation. I'm happy with the the solution for my web apps. Having said that, I don't think it should be "the" way to authenticate. Basic Auth has been so easy to implement that I think it has fostered very creative solutions from people who just wanted to "try" a few ideas. I know I've thrown quite a few things together for fun (e.g. Twitter in Excel). The creativity that simple authentication spawns is important, and I agree with the others who have expressed that on this thread.
[twitter-dev] Re: Twitter user picture sizes
Don't forget the _mini. :) This is my list: (original) _mini _normal _bigger On Feb 25, 12:15 am, Dave Briccetti wrote: > Hi. I’ve searched around for 1/2 hour or so, and haven’t found an > authoritative explanation of the sizes of pictures, and how to > retrieve them. > > It seems that profile_image_url leads to a tiny picture: > http://s3.amazonaws.com/twitter_production/profile_images/66123958/IM... > > But there is also a slighter bigger version: > http://s3.amazonaws.com/twitter_production/profile_images/66123958/IM... > > And then a proper full-size one: > http://s3.amazonaws.com/twitter_production/profile_images/66123958/IM... > > Am I correct in this? That the big version URL can be derived from > that in profile_image_url by dropping the _normal from the name? Is > this part of the API spec? Safe to use? > > Thanks.
[twitter-dev] Re: Profile Images with no file extension
Great. Thanks for the info. On Mar 23, 5:10 pm, Alex Payne wrote: > There are a couple known bugs in our image processing that should soon > be rectified by a branch we have waiting to go out. > > On Mon, Mar 23, 2009 at 07:17, Shannon Whitley > > wrote: > > > I just discovered that there are profile images with no file > > extension. This is an example: > > >http://s3.amazonaws.com/twitter_production/profile_images/70479542/el... > > > Is this something that we should expect? I have been using the > > extension to determine the content-type. > > -- > Alex Payne - API Lead, Twitter, Inc.http://twitter.com/al3x
[twitter-dev] Profile Images with no file extension
I just discovered that there are profile images with no file extension. This is an example: http://s3.amazonaws.com/twitter_production/profile_images/70479542/eliteblogger_logo Is this something that we should expect? I have been using the extension to determine the content-type.
[twitter-dev] Re: Can OAuth approval process work in an IFRAME?
I really like that, Brooks. I was worried that this type of page might be stopped by popup blockers, but I suppose it works because you're using a button and not a link (please confirm). On Mar 21, 1:17 pm, Brooks Bennett wrote: > I whipped up a quick and dirty fix. Need to clean it up more, but it > works (this demo is subject to come down in the very near future)... > > The page is:http://tweetchat.com/iframe > > Load it into an iFrame with the following tacky script: > > http://tweetchat.com/iframe/"; style="height:400px; width: > 800px; border: 10px dotted pink;"> > > All I did was build the authorization link, but have it open in a new > child window via javascript. Set your application to have a callback > URL of a child page that handles the returned information, refreshes > the parent window and then closes itself. > > It is the best thing I could come up with on the quick, but at least > there will be an easy way (hey even I could dream it up) to balance > security with functionality... > > Brooks > > On Mar 21, 12:33 pm, Ivan Kirigin wrote: > > > > > Scott is correct here. > > > As a policy, web sites should never allow sign in through an iframe, > > as even the minority of users smart enough to verify the source URL is > > twitter.com can't verify it. > > > Ivanhttp://tipjoy.com > > > On Mar 20, 11:24 pm, Scott Carter wrote: > > > > I think Ivan's suggestion could answer the concern about the case > > > where a user needs to enter a username/password: > > > "If not signed in, a new window could load with the regular OAuth > > > process. " > > > > For the case where the user is already logged in, there doesn't appear > > > to be any risk here. Consider the scenario where the IFRAME is > > > populating a page from a site pretending to be Twitter with an Allow/ > > > Deny button. By clicking "Allow", nothing bad can happen. Twitter > > > isn't Allowing anything in this case since it wasn't their page to > > > begin with. > > > > FYI - I think my case is different than Ivan's since he is discussing > > > a widget whereas my app lives entirely in the IFRAME. The callback > > > from Twitter after authorization would simply cause the IFRAME to > > > redirect back to a page on bigtweet.com where I could then present a > > > different (logged in) view for the user. > > > > Joshua's suggestion would work, but providing IFRAME support with a > > > callback URL would save the user two steps - needing to close the > > > Authorization window, and clicking the Complete Connection button. > > > > Scott > > > > On Mar 20, 5:50 pm, Abraham Williams <4bra...@gmail.com> wrote: > > > > > If you have the approval process take place in the iframe there is no > > > > way to > > > > for the user to actually verify they are interacting with twitter. if > > > > they > > > > are not logged into twitter already you are then asking users to enter > > > > username/password on a potentially unsafe site and opening up to > > > > fishing. > > > > > On Fri, Mar 20, 2009 at 16:29, Joshua Perry wrote: > > > > > > The interesting thing is, that you could omit the callback URL in your > > > > > application registration with Twitter. On your site when the user > > > > > clicks > > > > > the "connect twitter" button you would go and grab a request token > > > > > and pop a > > > > > new window with that request token in the URI like usual. The user > > > > > would > > > > > click accept and since there is not a callback URL Twitter will say > > > > > "You can > > > > > close this window and complete the Connect process". Waiting on your > > > > > webpage would be the "complete connection" button which, when > > > > > clicked, would > > > > > request Twitter to convert the request token into an access token. > > > > > > Instead of popping a window I don't know why you couldn't load the > > > > > Twitter > > > > > authorization page into an IFrame, but the message to "close this > > > > > window" > > > > > may be a bit confusing to the user. > > > > > > This flow is the same as a desktop application has to use to > > > > > accomplish an > > > > > OAuth connection and should work the similarly well with a web > > > > > application. > > > > > > Josh > > > > > > Ivan Kirigin wrote: > > > > > >> I'd love to be able to do this also, and have mentioned it off the > > > > >> list. > > > > > >> Imagine a "Twitter Connect" button, which would be a tiny iframe > > > > >> loaded from twitter.com. If signed in, the token exchange could take > > > > >> place right there. If not signed in, a new window could load with the > > > > >> regular OAuth process. The callback in the button would be to a tiny > > > > >> iframe acting as a confirmation of the success, loaded by the > > > > >> consumer. > > > > > >> There is a diminished phishing risk, because the widget isn't asking > > > > >> for your password. Only the new window would. > > > > > >> The only question is how the rest of the widget gets the notification > > > > >>
[twitter-dev] Re: Proof of identity rather than authorization
Very timely. I was thinking through this last night. I may develop a general application for this purpose. On Mar 22, 3:17 am, GraemeF wrote: > Hi Elliott, > > This scenario worked well with basic authentication; you could just > delegate the login to Twitter. Now I don't see a way to do it without > requiring the user to create another account so that the token can be > associated with it. I haven't got that far myself, but I think you're > missing the bit where you store the token and reuse it the next time > the user logs in to your app. > > In my case, I'm working on a web service to compliment Twitter and > want desktop Twitter clients to be able to access it to store/retrieve > supplementary information about a Twitter account. But if I can't > prove that the user running the client owns the Twitter account then I > can't see a way to avoid making them go through yet another > registration process with my web service. > > I suppose an alternative would be to ask the desktop clients for their > tokens and use that to call verify credentials? Feels very wrong, but > I really want to avoid the complication of a duplicate set of accounts > for Twitter users. > > Cheers, > G. > > P.S. Sorry about my accidental post - my palm slipped onto my laptop > trackpad while I was typing and it clicked send! > > On Mar 21, 4:16 pm, Elliott Kember wrote: > > > > > Hi Graeme, > > > I think I'm doing a similar thing - I want to use Twitter as the > > registration and login process for my app. Right now, Twitter asks for > > approval every time the user logs into the account. Is there a way to > > say "remember this application" and then always accept auth requests > > from that application in future, like OpenID does? > > > Long story short, I'm using OAuth like OpenID. Sorry to hijack your > > thread, but I think we're after the same thing.- Hide quoted text - > > - Show quoted text -
[twitter-dev] Re: OAuth POST requests
Yep. That must have been the problem. On Mar 19, 3:54 pm, Dimebrain wrote: > That makes sense, .NET's HttpUtility.UrlEncode method doesn't encode > in uppercase hexadecimal, and the OAuth 1.0 spec requires that. > > On Mar 19, 7:20 pm, Shannon Whitley wrote: > > > > > It's working now. I changed the method for url encoding my post > > variables and that seemed to fix the problem. I'm using the UrlEncode > > method from the .NET oAuth library instead of HttpUtility's method. > > > On Mar 19, 2:40 pm, Shannon Whitley wrote: > > > > I'm running into this as well. My POSTs are not working (401 error). > > > GETs are fine. > > > > On Feb 16, 11:50 pm, Ryan W wrote: > > > > > Any luck with this? Running into the same problem here, wondering > > > > what the right combination of data to put in URL params vs post data > > > > vs headers, etc. > > > > > On Feb 14, 12:18 pm,ChadEtzel wrote: > > > > > > I have gottenOAuthGET requests working nicely, but POST is a > > > > > different story. I am trying to post an update (tweet) usingOAuth, > > > > > and I'm not quite sure where to put all of the parameters. > > > > > > Endpoint:http://twitter.com/statuses/update.xml > > > > > > I have tried puting all of the parameters (status, source, > > > > > in_reply_to_id, oauth_*) in the POSTDATA fields of the request, but I > > > > > get a 401 "InvalidOAuthRequest" response. > > > > > > Then I tried putting just the twitter specific params (status, source, > > > > > in_reply_to_id) in the POSTDATA fields, and leaving the oauth_* params > > > > > in the query string of the URL. Same 401 "InvalidOAuthRequest" > > > > > response. > > > > > > I am curious which of these ways *should* work? > > > > > > I can get verify_credentials, favorites, etc using the same > > > > > oauth_token and nonce/signature methods just fine. > > > > > > Anybody got POST requests going yet? > > > > > > Thanks, > > > > > -Chad- Hide quoted text - > > - Show quoted text -
[twitter-dev] Re: OAuth POST requests
It's working now. I changed the method for url encoding my post variables and that seemed to fix the problem. I'm using the UrlEncode method from the .NET oAuth library instead of HttpUtility's method. On Mar 19, 2:40 pm, Shannon Whitley wrote: > I'm running into this as well. My POSTs are not working (401 error). > GETs are fine. > > On Feb 16, 11:50 pm, Ryan W wrote: > > > Any luck with this? Running into the same problem here, wondering > > what the right combination of data to put in URL params vs post data > > vs headers, etc. > > > On Feb 14, 12:18 pm,ChadEtzel wrote: > > > > I have gottenOAuthGET requests working nicely, but POST is a > > > different story. I am trying to post an update (tweet) usingOAuth, > > > and I'm not quite sure where to put all of the parameters. > > > > Endpoint:http://twitter.com/statuses/update.xml > > > > I have tried puting all of the parameters (status, source, > > > in_reply_to_id, oauth_*) in the POSTDATA fields of the request, but I > > > get a 401 "InvalidOAuthRequest" response. > > > > Then I tried putting just the twitter specific params (status, source, > > > in_reply_to_id) in the POSTDATA fields, and leaving the oauth_* params > > > in the query string of the URL. Same 401 "InvalidOAuthRequest" > > > response. > > > > I am curious which of these ways *should* work? > > > > I can get verify_credentials, favorites, etc using the same > > > oauth_token and nonce/signature methods just fine. > > > > Anybody got POST requests going yet? > > > > Thanks, > > > -Chad
[twitter-dev] Re: OAuth POST requests
I'm running into this as well. My POSTs are not working (401 error). GETs are fine. On Feb 16, 11:50 pm, Ryan W wrote: > Any luck with this? Running into the same problem here, wondering > what the right combination of data to put in URL params vs post data > vs headers, etc. > > On Feb 14, 12:18 pm,ChadEtzel wrote: > > > I have gottenOAuthGET requests working nicely, but POST is a > > different story. I am trying to post an update (tweet) usingOAuth, > > and I'm not quite sure where to put all of the parameters. > > > Endpoint:http://twitter.com/statuses/update.xml > > > I have tried puting all of the parameters (status, source, > > in_reply_to_id, oauth_*) in the POSTDATA fields of the request, but I > > get a 401 "InvalidOAuthRequest" response. > > > Then I tried putting just the twitter specific params (status, source, > > in_reply_to_id) in the POSTDATA fields, and leaving the oauth_* params > > in the query string of the URL. Same 401 "InvalidOAuthRequest" > > response. > > > I am curious which of these ways *should* work? > > > I can get verify_credentials, favorites, etc using the same > > oauth_token and nonce/signature methods just fine. > > > Anybody got POST requests going yet? > > > Thanks, > > -Chad
[twitter-dev] Re: oAuth and IE7
Push worked. The authorization page looks good in IE.
I'm still getting valid tokens for "andiojeda" if I leave the username
and password fields blank and click 'Allow' on the authorization page.
On Mar 17, 2:21 pm, Alex Payne wrote:
> We're pushing out a fix for this just now.
>
>
>
> On Tue, Mar 17, 2009 at 12:56, Abraham Williams <4bra...@gmail.com> wrote:
> > I'm not sure about the JS error but I just wanted to say that the
> > oauth_token_secret does not need to be in the url string and for security it
> > should be left off.
>
> > On Tue, Mar 17, 2009 at 12:49, Shannon Whitley
> > wrote:
>
> >> I'm testing oAuth with IE7. The authorization page is displaying a
> >> javascript error. The same url opens fine in Firefox.
>
> >> Url =
> >>http://twitter.com/oauth/authorize/?oauth_token={token}&oauth_token_secret={secret}
>
> >> Error = Object Required
>
> >> JS Line = if(window.top === window.self) {document.getElementById
> >> ('twitainer').style.display='block';}
>
> >> Has anyone else had problems with IE7 on the authorization page?
>
> > --
> > Abraham Williams |http://the.hackerconundrum.com
> > Web608 | Community Evangelist |http://web608.org
> > This email is: [ ] blogable [x] ask first [ ] private.
> > Sent from: Madison WI United States.
>
> --
> Alex Payne - API Lead, Twitter, Inc.http://twitter.com/al3x
[twitter-dev] Re: OAuth preparation
If I leave the username and password blank on the authorization page, and then click Allow, I receive a valid token for a user named, andiojeda. Has anyone else seen this? Is it a "feature" when using the oauth_callback?
[twitter-dev] Re: oAuth and IE7
Good call. Thanks. The secret should only be used for signing.
On Mar 17, 12:56 pm, Abraham Williams <4bra...@gmail.com> wrote:
> I'm not sure about the JS error but I just wanted to say that the
> oauth_token_secret does not need to be in the url string and for security it
> should be left off.
>
> On Tue, Mar 17, 2009 at 12:49, Shannon Whitley
> wrote:
>
>
>
> > I'm testing oAuth with IE7. The authorization page is displaying a
> > javascript error. The same url opens fine in Firefox.
>
> > Url =
> >http://twitter.com/oauth/authorize/?oauth_token={token}&oauth_token_secret={secret}<http://twitter.com/oauth/authorize/?oauth_token=%7Btoken%7D&oauth_tok...>
>
> > Error = Object Required
>
> > JS Line = if(window.top === window.self) {document.getElementById
> > ('twitainer').style.display='block';}
>
> > Has anyone else had problems with IE7 on the authorization page?
>
> --
> Abraham Williams |http://the.hackerconundrum.com
> Web608 | Community Evangelist |http://web608.org
> This email is: [ ] blogable [x] ask first [ ] private.
> Sent from: Madison WI United States.
[twitter-dev] oAuth and IE7
I'm testing oAuth with IE7. The authorization page is displaying a
javascript error. The same url opens fine in Firefox.
Url =
http://twitter.com/oauth/authorize/?oauth_token={token}&oauth_token_secret={secret}
Error = Object Required
JS Line = if(window.top === window.self) {document.getElementById
('twitainer').style.display='block';}
Has anyone else had problems with IE7 on the authorization page?
[twitter-dev] Re: TinyUrl and Twitter. Should I use it?
Checkout bit.ly, tr.im, is.gd, snurl.com, adjix.com -- They all have easy REST APIs and very helpful developers. You can shoot me an email (swhitley [at] whitleymedia [dot] com) if you'd like some sample C# code. On Mar 11, 4:14 am, shapper wrote: > Does anyone knows if there is a reliable C# library to generate bit.ly > urls? > > Thanks, > Miguel > > On Mar 11, 4:16 am, Steve Brunton wrote: > > > > > [top quoting is the debil] > > > Another +1 for bit.ly. I was trying to do a "tweet this" for .com, but > > I couldn't work any ju-ju to get it to work the way I wanted. When > > OAuth is public (or out of private beta) I'll work on it again and use > > bit.ly to shorten the URL's back to the news story. > > > -steve- Hide quoted text - > > - Show quoted text -
[twitter-dev] Re: missing comma in status creation time not parsing with Date in IE
Here's a commonly used function for the date fix:
// Make date parseable in IE [Jon Aquino 2007-03-29]
//
http://jonaquino.blogspot.com/2006/12/twitter-increasing-number-of-twitters.html
function fixDate(d) {
var a = d.split(' ');
var year = a.pop();
return a.slice(0, 3).concat([year]).concat(a.slice(3)).join(' ');
}
On Mar 8, 3:38 am, Adrian wrote:
> In IE, this date won't Date.parse
>
> Sun Mar 08 09:47:49 + 2009
>
> this will
>
> Sun, 08 Mar 2009 09:58:01 +
>
> the problem is with the missing comma in the former.
>
> The former are status creation times coming from the twitter.com API,
> the latter are coming from the search.twitter.com API.
>
> Could the comma be inserted.
[twitter-dev] Re: Twitter Profile Image(s)
You may want to look at the SPIURL project: http://code.google.com/p/spiurl/ It provides static urls for each Twitter profile image. On Feb 22, 8:43 am, dougw wrote: > I take that back, Ricardo. I looks like this has already been > officially requested. > > Be sure to star it if you want to add your vote. > > http://code.google.com/p/twitter-api/issues/detail?id=242 > > @dougw > > On Feb 21, 11:12 pm, dougw wrote: > > > > > Ricardo, > > It's not possible through the API as it stands, and has been brought > > up before as a shortcoming. I didn't find any duplicate issues in my > > searches. Sounds like an enhancement defect to report: > > addhttp://code.google.com/p/twitter-api/issues/entry > > > @dougw > > > On Feb 21, 5:28 pm, Ricardo Sousa wrote: > > > > Hello, > > > > I'm working as the developer of a Wordpress plugin that pulls twittar > > > avatars into wordpress comments. What it actually does is to pull the > > > avatar img each time user comments but the problem is that users > > > change the avatar often so we need to make API calls very often. > > > > The default syntax url for Twitter profile images is: > > > >http://s3.amazonaws.com/twitter_production/profile_images/80319404/av... > > > (avatars is the name of the image in user computer) > > > > The problem is is that "avatars" change whenever users change avatar > > > making it impossible to store the user's avatar url in DB and forcing > > > me to do a lot of API calls in order to get the most recent image. > > > What i want is to be able to call directly the user profile image > > > whitout need to call API first. Any ideas? > > > > My question is if there's another syntax which is independent from the > > > image name? Something like: > > > >http://s3.amazonaws.com/twitter_production/profile_images/80319404/bi... > > > > If yes: How can i do that without need to call the API on each page > > > load (which is huge and terrible)? > > > > if no: is that planned?- Hide quoted text - > > - Show quoted text -
Re: Recent Changes To Twitter.com Has Broken My App
Thanks everyone. I didn't have all of the information regarding the clickjacking incidents and only saw the effects of the script changes. I agree that the iframe restriction was the best and easiest thing for Twitter to implement. On Feb 15, 12:24 pm, John Adams wrote: > I'm fairly certain we've patched the IE vulnerability, and that it > only affected users on IE6. I'd have to ask our UX team, though. > > -j > > On Feb 15, 2009, at 12:19 PM, Abraham Williams wrote: > > > > > > > Supposedly there are a couple of methods of blocking Twitters > > JavaScript but I can't find the page anymore. My recollection is > > they mostly relied on vulnerabilities in IE... Kind of ironic > > actually. I would not recommend this method as it probably could get > > you banned from Twitter. > > > On Sun, Feb 15, 2009 at 12:11, John Adams wrote: > > > Actually, forcing an app to use the API is better for Twitter. You > > get the data directly, and the system doesn't spend any time > > rendering the HTML. Less data from us = less time tying up server > > resources. > > > There's no reason why you can't write a small amount of code to > > fetch a user's Tweets and display them in an IFRAME in the same way > > that you've described, with your site as the IFRAME's source. > > > There were few options to defend against clickjacking. Denying > > IFRAMEs and preventing authenticated sessions from opening in them > > (when part of another page) was our best defense. > > > -john > > > On Feb 15, 2009, at 8:18 AM, Shannon Whitley wrote: > > > I hope Twitter will reconsider these changes. With My Tweeple, I was > > able to provide a preview of a user's updates by displaying the page > > in an iframe. It was very convenient for the user to review someone's > > tweets before deciding to follow someone. It also appears that > > Twummize.com no longer works (one of my favorite simple mashups of > > Twitter and Twitter Search). Forcing an app to hit the API to > > recreate a page that already exists on Twitter.com seems like a bad > > thing for Twitter. > > > On Feb 13, 3:10 pm, Cameron Kaiser wrote: > > Because if the click-jacking incident yesterday it seems you've added > > > something like: > > > // > > > Which I guess fixes the click-jack problem but now our app at > >http://topichawk.com/isbroken because we use an iFrame in a harmless > > way to display tweets. Is there a process to keep our site from being > > treated like a spammer? > > > Twitter doesn't support using s and anything you had working > > before > > was almost certainly by accident. You're going to have to code > > something up > > that queries the API. > > > -- > > > > personal:http://www.cameronkaiser.com/-- > > Cameron Kaiser * Floodgap Systems *www.floodgap.com* > > ckai...@floodgap.com > > -- The faster we go, the rounder we get. -- The Grateful Dead, on > > relativity --- Hide quoted text - > > > - Show quoted text - > > > -- > > Abraham Williams |http://the.hackerconundrum.com > > Web608 | Community Evangelist |http://web608.org > > This email is: [ ] blogable [x] ask first [ ] private. > > Sent from: Madison Wi United States. > > --- > John Adams > Twitter Operations > j...@twitter.comhttp://twitter.com/netik- Hide quoted text - > > - Show quoted text -
Re: Recent Changes To Twitter.com Has Broken My App
I hope Twitter will reconsider these changes. With My Tweeple, I was able to provide a preview of a user's updates by displaying the page in an iframe. It was very convenient for the user to review someone's tweets before deciding to follow someone. It also appears that Twummize.com no longer works (one of my favorite simple mashups of Twitter and Twitter Search). Forcing an app to hit the API to recreate a page that already exists on Twitter.com seems like a bad thing for Twitter. On Feb 13, 3:10 pm, Cameron Kaiser wrote: > > Because if the click-jacking incident yesterday it seems you've added > > > something like: > > > // > > > Which I guess fixes the click-jack problem but now our app at > >http://topichawk.com/is broken because we use an iFrame in a harmless > > way to display tweets. Is there a process to keep our site from being > > treated like a spammer? > > Twitter doesn't support using s and anything you had working before > was almost certainly by accident. You're going to have to code something up > that queries the API. > > -- > personal:http://www.cameronkaiser.com/-- > Cameron Kaiser * Floodgap Systems *www.floodgap.com* ckai...@floodgap.com > -- The faster we go, the rounder we get. -- The Grateful Dead, on relativity > --- Hide quoted text - > > - Show quoted text -
Re: New API methods to retrieve social graph without pagination
I was really looking forward to implementing these API methods. After dealing with the pagination for so long, this seemed perfect. Then I realized that I have to call "/users/show" for every user to get the most current bio etc. So instead of making 10 calls for a user with 1,000 followers, I'm now making 1,000 calls for that same user. It won't take long to hit the 20K limit. I suppose I could stagger the user updates, but I really need the current data. Am I coming at this from the right angle? Does anyone see any flaws in my thinking here? On Feb 3, 5:01 pm, Alex Payne wrote: > Happy to announce two new API methods today, delivered in response to > developer demand for an easier way to keep tabs on users' social graphs. > The methods, /friends/idsand /followers/ids, return the entire list of > numeric userIDsfor a user's set of followed and following users, > respectively. Responses to these methods are cached until the user's > social graph changes. The responses come direct from our denormalized > list data stores, and should be reasonably fast even for users with a > large number of followers/follows. > > These new methods are most useful for services that are maintaining a > cache of user details. If you see a user ID that you don't have cached, > you'll have to call /users/show to retrieve that user's details. But for > services with large user bases, or those that simply want to diff a > user's social graph over time, we hope these methods will come in handy. > > You can find the documentation > athttp://apiwiki.twitter.com/REST-API-Documentation#SocialGraphMethods. > > -- > Alex Payne - API Lead, Twitter, Inc.http://twitter.com/al3x
Re: OAuth Documentation Preview
The consumer key and consumer secret are required to open the conversation with Twitter. How can this be handled with a desktop app unless the app talks to a web proxy? You wouldn't embed the key/ secret in the code (especially if it's open source). On Feb 9, 1:12 pm, Blaine Cook wrote: > On Feb 9, 4:37 pm, Shannon Whitley wrote: > > > It's not clear to me how desktop apps will authenticate. Will each > > author need to maintain a website to perform the authentication? I > > don't see how it can be done otherwise. > > OAuth was designed with explicit desktop application support in mind. > To see how it works in practice, try using a desktop Flickr Uploader > or iMovie's YouTube integration. > > Normally your app will open a browser window (all modern environments > do this seamlessly) and ask the user to authorize the application. > Once they've done that, they should be told to go back to the > application (close the browser window) and continue the setup process > (usually by just clicking "Continue" or OK so that the desktop app > knows that it's OK to exchange the request token for the access > token). > > b.
Re: OAuth Documentation Preview
It's not clear to me how desktop apps will authenticate. Will each author need to maintain a website to perform the authentication? I don't see how it can be done otherwise. On Feb 6, 9:52 pm, Matt Sanford wrote: > Hi all, > > We launched our OAuth code to production yesterday with employee- > only access to check for any problems that didn't show up during our > testing. We've been running it through it's paces and fully plan to > have it open to the closed beta group by next week. If you didn't hear > back from Alex and I don't worry, we're working to expand the beta > once things are a bit more stable. As part of a company meeting today > I presented OAuth to the people who haven't been working on it via a > demo app I wrote … it was exciting times to see this run on > production. I think of the application developers on this list as an > extension of our team so I don't want to wait until next week to send > you the documentation. I wrote up a quick how-to sort of thing on the > wiki about writing a very simple OAuth app for Ruby on Rals. Check it > out athttp://bit.ly/api-oauth-ruby. > With any luck we can add some more examples and things during this > beta period, most notably in PHP since that seems to be the majority > of the questions on the list. > > Thanks; > — Matt Sanford
Static Profile Image Link
I've developed a Google App Engine project that creates static links
for user profile images.
This is the format for the static link:
http://spiurl.appspot.com?screen_name={screen_name}
You can use my service or download the code here -
http://code.google.com/p/spiurl/
It is a slower process, but it might be acceptable for many
applications.
I'm currently using it on My Tweeple (http://mytweeple.com)
Of course I make no guarantees of performance or stability. ;)
Re: how can I get my @replies?
I second that. On Dec 29, 9:06 pm, pnoeric wrote: > thanks Alex and BTW, thanks also for being such an active > participant here! I think a big piece of why the API is so successful > is the support you (and the other members of the twitter dev > community) provide here. > > best > E > > On Dec 29, 8:39 pm, "Alex Payne" wrote: > > > > > We don't currently have an API method for this. You could use the > > Search API, however:http://apiwiki.twitter.com/Search+API+Documentation. > > > On Mon, Dec 29, 2008 at 20:25, pnoeric wrote: > > > > I see I can usehttp://twitter.com/statuses/replies.formattoget > > > replies sent TO me... how can I get a list of all @replies that I've > > > sent out? > > > -- > > Alex Payne - API Lead, Twitter, Inc.http://twitter.com/al3x- Hide quoted > > text - > > - Show quoted text -
Re: verify_credentials response changed
I'll be following the @twitterapi bot from now on. This took me by surprise. 8 days notice is not a lot of time for everyone. Considering development, testing, and release cycles, even a small change can take longer than 8 days for larger applications.
Re: Change to Twitter API?
I am having problems with My Tweeple as well.
Re: Static URL to profile picture
We should also consider the user experience. Some of my friends change their avatar daily (if not hourly). If each application caches the avatar, the user might end up with a different avatar on each application. That would especially apply to applications that do not need to update data regularly. I like the 302 redirect approach. On Oct 9, 8:26 am, jstrellner <[EMAIL PROTECTED]> wrote: > I don't think they should do anything, but ask you guys to cache the > profile pictures yourself. By linking directly to the file, you are > increasing their Amazon costs. It doesn't take much to cache it > yourself, and then every time someone does an update, you just check > to see if the old URL that you have matches the new one, and if it > doesn't, go get another copy of it to replace your cached file. > > I am not sure if they have encouraged, or discouraged hot-linking to > their files, but it probably is the best solution to cache it, and one > that Twitturly uses. > > -Joel > > On Oct 8, 4:25 pm, Nicolas Grasset <[EMAIL PROTECTED]> wrote: > > > > > Is there a way to get a static profile picture URL when using the API, > > since picture updates will break old links? > > > My > > photo:http://s3.amazonaws.com/twitter_production/profile_images/38643882/av... > > > ... will have a different URL if I change it on Twitter, which means > > we cannot trust our local cache of events, which means we would need > > to call the APIs for all events all the time. > > > And in our case that is not really an option. > > > Thanks!!- Hide quoted text - > > - Show quoted text -
Re: Static URL to profile picture
I agree too. This request could really cut down on API calls. On Oct 8, 4:25 pm, Nicolas Grasset <[EMAIL PROTECTED]> wrote: > Is there a way to get a static profile picture URL when using the API, > since picture updates will break old links? > > My > photo:http://s3.amazonaws.com/twitter_production/profile_images/38643882/av... > > ... will have a different URL if I change it on Twitter, which means > we cannot trust our local cache of events, which means we would need > to call the APIs for all events all the time. > > And in our case that is not really an option. > > Thanks!!
