http://groups.google.com/group/twitter-development-talk/browse_thread/thread/472500cfe9e7cdb9
On Thu, Jun 11, 2009 at 09:10, DrBigFresh <drbigfr...@gmail.com> wrote: > > Were custom callbacks by any chance pushed live yet? Is there any info > on how to use them anywhere? Being able to pass variables through will > solve a HOST of issues for me. Thanks! > > On Jun 3, 2:03 pm, Matt Sanford <m...@twitter.com> wrote: > > Hi there, > > > > This page was needed because of a security problem with some > > browsers. When you need to log in we collect the username/password and > > POST back to our code. In the old flow this POST would return a > > redirect if you had approved the app. Some browsers re-submit that > > same POST body to the other app, pretty much giving the app the users > > password. This is the intended behavior in the HTTP spec if I recall, > > but either way we nipped that in the bud by putting in the new page. > > > > As far as custom callback variables: my OAuth 1.0a changes should > > go out the beginning of next week and will allow dynamic callbacks > > again. The code is done and reviewed but because of the backwards > > incompatibility for desktop apps I am in a 7 day waiting period. With > > a dynamic callback you can set whatever you like and not have to base > > it on (easily spoofed) referrers. > > > > Thanks; > > – Matt Sanford / @mzsanford > > Twitter Dev > > > > On Jun 3, 2009, at 1:53 PM, Shannon Whitley wrote: > > > > > > > > > It looks like an intermediary page has been inserted between the oAuth > > > login and the redirect back to the application. The HTTP referrer is > > > now null. I was using the referrer to pass and retrieve dynamic > > > variables associated with the login. Is this new page a necessary > > > addition to the oAuth flow? Is there any word on the ability to pass > > > variables through the oAuth signon back to the application? > > > > > -- Abraham Williams | Community | http://web608.org Hacker | http://abrah.am | http://twitter.com/abraham Project | http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private.