Hi Matt,
I have started implementing these changes. The app's permissions setting is
set to Read, Write DM (the new one).
However, when the user gets redirected to the auth page, it still indicates
that the app will not be able to read or send DM's. Is this something that
will automatically
Jonathan,
It's only /home?status= that does not currently work, /?status= does
still work. As a quick workaround you could simply use /?status=. Of
course, I'd strongly recommend making the switch to web intents asap.
Tom
On 5/19/11 2:42 AM, Jonathan Strauss wrote:
I'm totally with you
True, but I've seen some people saying that they want a normal Twitter
page, not an intent. Like I said, I really recommend using intents
instead, but the option is still there.
Tom
On 5/19/11 11:57 AM, Mohan Arun wrote:
On May 19, 2:25 pm, Tom van der Woerdti...@tvdw.eu wrote:
Jonathan,
Apologies to the forum if this is considered bad form but there are sources
other than the Twitter API to find out who follows who on Twitter, so you
could search for the tweets using the Twitter API, assemble a list of users,
and then call another service to find out who follows who. You're
In any security or permissions context the default should be the most secure
and least amount of permissions to get the job done. That is Computer and
Network Security 101.
A user must explicitly configure more loose permissions on their own after
understanding the implications. This is the
For some developers it's not just a pain in the you know what, it's a
case of it simply not working. @janole explained how it just doesn't
work with symbian. For me, and adobe air app, it's a pain, but we can
get over the inconvenience - although it's always nice to have a bit
more time. I think 8
+1. I'm seeing the same thing and not sure if it is a waiting game or
something that needs adjusted in the flow from the client side as
well.
Any insight is appreciated.
Has anyone who adjusted their app permissions on dev.twitter.com seen
this reflected on the OAuth login page at Twitter?
On
On May 18, 1:01 pm, Matt Harris thematthar...@twitter.com wrote:
If you do need access to direct messages: you will need to edit your
application record onhttps://dev.twitter.com/appsand change the permission
level of your application to “Read, Write and Direct Messages”. The new
permission
Hi guys,
Is there a limit in the length of the friends id array initially sent
within an User Stream? I mean, using the User Stream API with an
account having 3,000,000 followers, may I expect to receive all the
3,000,000 ids?
Thanks!
--
Twitter developer documentation and resources:
I making android twitter app.
I want to add log-out funtion in my app, but oAuth has no log-out.
So I open web-view with 'http://api.twitter.com/logout' for log-out,
but twitter logout page redirecting automatically 'http://
mobile.twitter.com/', so i cant see logout page.
Is this normal
Hi!
On 18 Mai, 14:08, Anil Chawla ani...@gmail.com wrote:
Our application is experiencing the exact same problem. The block API
call often works but will consistently fail when trying to block
certain accounts. For example, one of our users reported the error
when trying to block
Gentle Twitter Support Folks,
There is an ambiguity in the OAuth flow for mobile devices. As I now
have little time to move from xAuth to OAuth, I would appreciate it if Twitter
Support would confirm the following OAuth flow which uses your routes.
1) Use POST oauth/request_token to
If using a UIWebView is against the TOS, how should app developers
(standalone apps, that is) authenticate without xauth, in the light of
yesterday's announcements?
Adriaan Pelzer
//))//\\//\\||//
//\\//7//7///\\
putting you in touch with your crowds
http://www.wewillraakyou.com
Like I mentioned in my post - use the actual browser which includes an
address bar (that's what it's about - without the address bar the user
doesn't know it's actually twitter.com and you might just as well use
xAuth, lol). Use a callback URL which includes a custom scheme
On May 19, 2011, at 9:53 AM, Tom van der Woerdt wrote:
Also, don't display it in a WebView, use the normal browser instead and use a
callback URL with a custom scheme - for example myapp://. Let the browser
redirect this URL back to the app. Again, do NOT use a UIWebView - I'm pretty
sure
http://dev.twitter.com/pages/api_terms - II. Principles - 1. Don't
surprise users - C. Your application should not: - replicate, frame,
or mirror the Twitter website or its design.
Tom
On 5/19/11 5:10 PM, hax0rsteve wrote:
Tom,
Could you clarify :
If using a web view is against the ToS,
Understood. In other words, there is no way to consume the authenticated
parts of the Twitter API on devices without web browsers anymore?
This severe limitation will haunt Twitter in future, without a doubt.
Adriaan Pelzer
//))//\\//\\||//
//\\//7//7///\\
putting you in touch with your
1) it isn't
C) it doesn't
Of course, it depends how you read it. But what really matters is what Twitter
intended
when they wrote it.
+1 for an official twitter comment please.
On 19 May 2011, at 16:13, Tom van der Woerdt wrote:
http://dev.twitter.com/pages/api_terms - II. Principles -
Can you name a modern device on which people will want a client with
access to direct messages, without a webbrowser? I can't.
Tom
On 5/19/11 5:17 PM, Adriaan Pelzer wrote:
Understood. In other words, there is no way to consume the
authenticated parts of the Twitter API on devices without
Can you name a modern device on which people will want a client with
access to direct messages, without a webbrowser? I can't.
A terminal?
scnr
--
personal: http://www.cameronkaiser.com/ --
Cameron Kaiser * Floodgap Systems * www.floodgap.com *
An Arduino.
And yes, that's a vanishingly small minority of of users.
#imaginationfail
On 19 May 2011, at 16:20, Tom van der Woerdt wrote:
Can you name a modern device on which people will want a client with access
to direct messages, without a webbrowser? I can't.
Tom
On 5/19/11
Appliances.
I've been quite excited for quite a while now about Twitter's possibilities
in the Internet of things. Imagine, for instance, wall sockets that tweet
their power consumption. Bathroom scales that tweet your weight.
We've started talking to chip manufacturers about the development
On Thu, May 19, 2011 at 08:18, hax0rsteve hax0rc...@btinternet.com wrote:
1) it isn't
Ask users if they know that JavaScript can be inserted into UIWebViews that
can read their password and I think you will find most of them will be
surprised.
C) it doesn't
Twitter.com is being framed
Abraham,
I am not in the least interested in arguing, my point being that our differing
subjective
interpretations are meaningless.
Since this isn't a statute, we needn't spend endless hours teasing the intent
out of it,
we can just ask the guys who wrote it what they meant. As we have now
Damon,
with all due respect and in all politeness, have you even read what
this thread is about?
Do you really think an xAuth application - that knows the users full
credentials - is getting more secure without the right to access
direct messages? I mean ... really ;-)
We both do not know why
Hi, Max,
First of all, this is just from personal experience with my own application,
so, take it with all the necessary grains of salt about rate limits changing
based on traffic and time of day, your searches being different from mine,
etc, etc.
My experience has been that I tend not to run
Hey Max,
That looks pretty extreme! What's your use case? Why would you need to make
that much queries? Are you going to use the Search API or the website? If
you're using the API, Did you consider using the Streaming API
statuses/filter method with the track parameter?
Hey there,
You cannot control Twitter website sessions (i.e. login / logout actions).
OAuth is just an authorization / authentication mechanism to execute API
requests from your app on behalf of a User. You have to handle that logout
feature on your app (i.e. allowing the User to authorize or
Only people with modern devices should read direct messages? Why?
What about the 100.000.000 ( yes, 100 million! ) Symbian smartphones,
where apps cannot use the external browser for the web oauth flow?
As far as I know from my users, they really want to read their direct
messages on their
Hey there,
If looks like you've hit this bug: http://bit.ly/j1mLSS
If you could capture the exact request you made (+ full HTTP response with
headers) and share this on the issue page linked above, that would help us a
lot.
Thanks!
Arnaud / @rno http://twitter.com/rno
On Wed, May 18, 2011 at
Hey Javier,
We do not support OAuth 2.0 but OAuth 1.0a. If you're looking for a Twitter
/ OAuth 1.0a library, take on look on this page:
https://dev.twitter.com/pages/libraries
Hope that helps!
Arnaud / @rno http://twitter.com/rno
2011/5/19 Javier Solís jso...@tssolutions.co.cr
Hi, i have
Janole
None, taken. I am a network sysadmin, developer and ultimately businessman so I
do know a little bit about how they are all related.
I understand you are in a slightly different position having to deal with
xAuth. However, xAuth is not a secure system in itself. Any system that passes
If you're a developer who got bit in the ass by this move by Twitter,
and need to migrate your application from using xAuth to using OAuth,
I have a sample project which shows you how to obtain authorization
for a user. It's Objective-C, but the concepts should be applicable to
whatever language
Users do not need protection from their personal mobile Twitter
clients any more than they do from their browsers. It's their app
running on their device accessing their account at their direction.
Requiring separate authentication for DMs for a mobile client app is
like requiring separate cars
Yes i've seen the changes on my applications page and on the OAuth
login page. Further, my other device that was logged in using the old
Read,Write token was getting Unauthorized (401) responses as that
token was revoked an replaced with the Read, Write, Private message
token. Should be handled
It will be interesting to see where the PR nightmare falls more squarely on
when it happens... Twitter or the app developers themselves. We will get the
tech support nightmare but if recent history is any indication (ie. Ubertwitter
ban) many users are going to ultimately blame Twitter.
--
That is to be expected regarding the 401.
However, while I see the changes on the application page of a
particular account, the OAuth login screen at Twitter for my
application still states:
This application will not be able to:
Access your private messages.
See your Twitter password.
TheGuru,
I set my app to RWPM permission at dev.twitter.com/apps and now it
displays as such on the OAuth login page and on twitter.com/settings/
applications.
On May 19, 2:04 pm, TheGuru jsort...@gmail.com wrote:
That is to be expected regarding the 401.
However, while I see the changes on
Hmm, thanks.
Wonder why some are seeing this take affect and others, as reported in
this thread (including myself), are not...
On May 19, 1:13 pm, Mark Pavlidis mark.pavli...@gmail.com wrote:
TheGuru,
I set my app to RWPM permission at dev.twitter.com/apps and now it
displays as such on the
Hi Damon,
None, taken. I am a network sysadmin, developer and ultimately businessman so
I do know a little bit about how they are all related.
Cool, so we have exactly the same background :-)
I understand you are in a slightly different position having to deal with
xAuth. However, xAuth
I've also been trying to figure this out. Could someone from Twitter maybe
respond?
My assumption is that it will stay in this state until they activate it. Is
this right, or do we have to pass an extra permission parameter?
Sent from my iPod
On 19 May 2011, at 19:04, TheGuru
Hi there,
Is there a maximum limit on how long we can maintain the connection to
the Streaming API or on the number of tweets consumed?
Thanks
--
Twitter developer documentation and resources: https://dev.twitter.com/doc
API updates via Twitter: https://twitter.com/twitterapi
No.
On 19 May 2011, at 20:26, Tereno wrote:
Hi there,
Is there a maximum limit on how long we can maintain the connection to
the Streaming API or on the number of tweets consumed?
Thanks
--
Scott Wilcox
@dordotky | sc...@dor.ky | http://dor.ky
+44 (0) 7538 842418 | +1 (646) 827-0580
Ole-
You make some very good points, but you can't use the tired users create poor
passwords argument as a reason to stick with outdated security protocols. By
that logic, no security upgrade is worth the time because some dumb users are
going to foil you every time.
If a user wants to chose
Hey everyone,
There has been some really great discussion and questions since the
last set of answers. I've responded to the ones we seen since last
night below.
Can Read/Write applications send direct messages?
Yes. Read/Write tokens can send direct messages using direct_messages/
new.
The
I could not agree more! I was about to write the same when I saw this
message.
I do not mind changing the Read/Write on my apps page. I do not even
mind
having to change my app to allow 'Re-connect' to re-authenticate. Even
though it is
a pain (but it is done at least).
I DO mind now having to
Hi Matt,
thanks for the follow-up. I've still got some questions ... ;-)
Can Read/Write applications send direct messages?
Yes. Read/Write tokens can send direct messages using direct_messages/
new.
Does this mean xAuth applications can still send direct messages but
not read them?
Hey everyone,
There have been some great discussions and questions across several threads
and also directly on Twitter. In order to make it simple for you guys to get
answers to your questions, we've just set up a dedicated FAQ page for the
new Application Permission model:
I wish they would just tell the developers to go to hell in a way and let us
know they hate us instead of doing these back handed attacks on our apps all
the time. This has very very little to do with privacy. Especially for the
developer that wants to abuse accounts, this doesn't stop them and
On that day when your users open up our various clients and see issues with
direct messages I suggest you insert your own DMs to your users with succinct
descriptions to the root of the problem and links to further info.
It looks like there is no way to prevent having to update apps for those
On Thu, May 19, 2011 at 5:18 PM, Frank Ash nut...@gmail.com wrote:
To disguise this as a security issue is laughable at best and a bit insulting.
As USAmericans learned after 9/11/2001, you can push through just
about any policy you want if you wrap it up as security.
It's just astounding to
Hi Frank,
Think about the normal person that uses tweetdeck. They will load the all,
see nothing, and think its broken.
will the new policy be applied to all clients - even TweetDeck Mobile?
Ole
--
Twitter developer documentation and resources: https://dev.twitter.com/doc
API updates via
Hi
I'm trying the following code snippet to connect to your API but it is
timing out while waiting for the response.
string url = http://stream.twitter.com/1/statuses/filter.json?
follow=12;
WebRequest req = WebRequest.Create(url);
req.Credentials = new NetworkCredential(ConnectTweetPRO,
I am teaching a course in client GUI Java programming in the fall. In
the past I had my students write an email or calendar application. I
am thinking of having them write a Twitter program this time around. I
would appreciate any suggestions anyone could provide. I am
experimenting with Twitter4J
I am working on a web app and it's been working fine all day, but for
the last few hours the results have changed dramatically.
I use the following to get my timeline, normally I would retrieve 200
tweets at a time but thought I would test it out at lower numbers.
This line works fine and
Yes janol, everything but twitters official apps will fail. This is
specifically aimed at client apps. It is a way to specifically Target client
apps because it deals only with DM's which are mostly viewed through client
applications. And specifically you said even tweetdeck, I would say
I'll give an example for people using multiple accounts. From a customer point
of view. I have 12 Twitter accounts, and I use 3 separate clients for different
things. When this comes out I will have to re-authorize 36 times over these 3
apps alone. And they won't work until I do. If I was a
Hey Steven,
I can't reproduce the problem (receiving 5 tweets for page 2). Are you
still having this issue?
Arnaud / @rno http://twitter.com/rno
On Thu, May 19, 2011 at 12:38 PM, StevenBullen stevenbul...@gmail.comwrote:
I am working on a web app and it's been working fine all day, but for
Frank-
Correct me if I'm wrong, but the applications won't quit working altogether.
You'll get a 403 error when trying to access DMs through the API. Everything
else should work as normal.
Has there been a better official answer if this affects Twitter's own apps
other than this:
Will
Cartmetrix, We don't know for sure what will happen. That's kinda the problem.
My guess is we all prepare now by making our app request rwdm access, then when
the switch takes effect any token that has been changed with this update will
then need to be reauthorized. Not effecting us now, but
Just noticed you're not including retweets (include_rts parameter). The
count parameter specifies the number of Tweets to retrieve, but the number
of tweets you'll receive can be lower (if they've been published by a
deleted or suspended user, for example). In your case, it's because you're
Frank-
http://dev.twitter.com/pages/application-permission-model-faq
The way I read the FAQ posted is _only_ apps requiring DM read access will be
affected under the following endpoints:
/1/direct_messages.{format}
/1/direct_messages/sent.{format}
/1/direct_messages/destroy.{format}
That would be much better cartmatrix but either way, its a negative and
unnecessary to take this approach. I am still a bit sceptical that everything
will still work fine, just if they try to send a DM it will fail to a 403
error. There is language in the post that suggests both outcomes as
Hey there,
Please be careful when you share pieces of code on this Mailing List. I had
to reset your Twitter password because you just shared it publicly. Please
go to http://twitter.com/account/resend_password so we can send you password
reset instructions.
Concerning your issue, the Streaming
This is where my confusion stemmed from.
I'm not sure I was aware of the fact there were 2 OAuth login flows,
web flow versus sign in with Twitter.
As soon as I flipped the boolean in my PHP include for OAuth to set
sign_in_with_twitter = FALSE, so that it would use /authorize instead
of
Hello guys,
A beginner here trying to get started with user streams api and use
oauth.
I cannot seem to get the following code to work.
@consumer = OAuth::Consumer.new(consumer key, consumer_secret)
@access = OAuth::Token.new(access_token, access_secret)
- the consumer_key,
Twitter4J is by far the best library for java.
think about if you want to do a client for an end user or tap into
streams to for instance do research on certain keywords.
best, dirk
On 19 mei, 11:22, Ken Fogel omnip...@gmail.com wrote:
I am teaching a course in client GUI Java programming in
I have been away from my app for hours and just tried running it
again, with the same 400 error message and bad data:
Current API hits remaining: 1305853176.
Current API Hourly limit: .
Current API Reset Time: Fri May 20 00:59:36 + 2011.
API Method HTTP Code Response Length
With 1.3 billions API requests remaining I'm going to go out on a limb and
guess that there is an issue on Twitter's side. Hopefully it is a
transient corruption that will just fix itself shortly. If you are using
authentication other users on the same IP should not effect your limit.
Abraham
Matt Harris said:
* Why are permissions attached to the user token?
Permissions are attached to the user token to ensure an application only
has the access a user has authorised.
*
Only because that is the way the system is currently built, but it doesn't
have to be that way (see: Facebook).
*
Another suggestion, would it hurt to say Hey, we're thinking about
doing X, what do you guys think? That way we can give you feedback
before any firm decisions or deadlines are set.
Lol you're new around here aren't you.. Twitter have never seen
developers as equals and don't do things
71 matches
Mail list logo