On Tue, 2009-07-28 at 00:06 -0400, Bojan Rajkovic wrote: > On Mon, 2009-07-27 at 20:55 -0700, Duane Roelands wrote: > > "I would start by looking at the OAuth spec at Section 9 - Signing > > Process. " > > > > RTFM is not a helpful answer, especially when many developers are > > relying on libraries that they did not write. It's not unreasonable > > to expect some advance notice on breaking changes to the API or > > guidance on what specifically was changed. > > > > > > > > > > On Jul 27, 11:45 pm, chinaski007 <chinaski...@gmail.com> wrote: > > > This is frustrating for those of us relying on authentication > > > libraries which now may no longer work. The apparent solution is to > > > either recode the possibly problematic library oneself, or encourage > > > users to swap to Basic Authentication. > > > > > > While I certainly understand Twitter's need to ensure that everything > > > is secure on their end, this is another unannounced API change (like > > > the verify_credentials limit last week) that leaves some of us in the > > > lurch. > > > > > > On Jul 27, 8:35 pm, Chad Etzel <jazzyc...@gmail.com> wrote: > > > > > > > > > > > > > I would start by looking at the OAuth spec at Section 9 - Signing > > > > Process. > > > > > > >http://oauth.net/core/1.0a#signing_process > > > > > > > In fact, if you (meaning everyone) have never read the whole spec, you > > > > need to. > > > > > > > -Chad > > > > > > > On Mon, Jul 27, 2009 at 11:31 PM, goodtest<goodtest...@gmail.com> wrote: > > > > > > > > Yeah, I agree, can you please point out what (in general) we might be > > > > > doing wrong? I still think you probably have a further-regression bug. > I'm with Duane here, some advanced notification of what's changed would > be nice--my OAuth library code worked up until a few days ago, and now > is suddenly failing with "incorrect signature" responses. It would be > nice to know what exactly causes this without having to go read the > specification head to toe to figure it out. A cryptic RTFM is not > helpful. > Hmm. Seems to be a false alarm on my part, since tweeting works--I had seemingly forgotten to URL-encode something when I was testing the OAuth process by hand (my Twitter.API library does the URL encoding programmatically, and sending a tweet via it worked fine).
My point about announcing changes and making what's changed more explicit still remains though. -- Bojan Rajkovic <boj...@brandeis.edu> Biochemistry '10, Brandeis University PGP Signature Key ID: 0x8783D016 PGP Encryption Key ID: 0x2497B8B2
signature.asc
Description: This is a digitally signed message part