I think it's pretty lousy that this change was pushed with no warning at all. It's discouraging when you see that your app is failing after it had been working just fine with no code change. I didn't even know my app was broken until I attempted to use it. Now if I want this thing to work, I have to spend time to fix an app that was fine and I hadn't worked on in a while. And then what happens two weeks from now? You're going to issue another oauth update that breaks my app again? Well guess what. I'm not fixing it, and I'm not developing on your api anymore. Bad form. And for the record I wrote the oauth implementation I'm using myself and I do not send a oauth_callback=oob parameter.
I have got better things to do than deal with this. I should have just gone with http auth instead of willingly submitted myself to the continued abuse you subject on conscientious developers who went with oauth. On Jun 9, 4:23 pm, Doug Williams <d...@twitter.com> wrote: > Today we deployed code that implemented the changes that accompanied the > update to the 1.0a OAuth specification. LuckyCal has a great article on the > subtle differences that come with the update [1] so please peruse this > article if you are getting 401 errors with your implementation. > > Callbacks for non-desktop apps are now supported with these rules: > - When making the call to request_token [4] (server-to-server), you can pass > &oauth_callback=[url here] > - The response from request_token will contain oauth_callback_confirmed=true > to confirm we received it. > - The user will be sent to twitter.com as usual > - When the user is finished they will be redirected to the URL provided in > the first step along with a new parameter, oauth_verifier [1] > - The call to access_token [5] to exchange the request token for an access > token MUST contain the oauth_verifier parameter as sent in the redirect. > - If you want to use your pre-configured callback, then do not include a > oauth_callback parameter. > - If you want to force the PIN-based solution, send oauth_callback=oob with > your request to oauth/authenticate > > Additionally, as a couple developers have already noticed, we deployed the > code that implemented PINs for desktop apps originally mentioned by Matt. > Please review the linked documentation [2] and discussion [5] and let us > know what questions you have. > > If you find that your browser-based OAuth application is returning a PIN as > if it were a desktop app, then remove the oauth_callback=oob parameter from > your signature, if it exists. > > 1.http://blog.luckycal.com/?p=121 > 2.http://apiwiki.twitter.com/Authentication > 3.http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-oauth-request_t... > 4.http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-oauth-access_token > 5.http://groups.google.com/group/twitter-development-talk/browse_frm/th... > > Thanks, > Doug
