I dont think it has any bug (i have not verified this fix yet). I think the fix is actually for this problem http://groups.google.com/group/twitter-development-talk/browse_thread/thread/a195ea9b9952e297/9f4b9249f9ff96be?lnk=gst&q=consumer+secret#9f4b9249f9ff96be
Need to verify that the parameters are signed by both consumer secret and access secret. On Tue, Jul 28, 2009 at 11:44 AM, goodtest <goodtest...@gmail.com> wrote: > > BTW, I am using oauth Javascript client library( > http://oauth.googlecode.com/svn/code/javascript/ ) to create > signature. Wondering if it has a bug? > > > > On Jul 27, 10:53 pm, goodtest <goodtest...@gmail.com> wrote: > > btw, oauth_playground seems to be down as well. > > > > Also, I don't understand why create account which uses the same core > > method to create signature works but none of the other methods > > (friends_timeline, update statuses) dont work :( waiting for some > > hints > > > > On Jul 27, 9:40 pm, Doug Williams <d...@twitter.com> wrote: > > > > > Please use the OAuth playground [1] to test your signatures against the > > > expected result. I am working to gather specifics to help your debug > process > > > (i.e. what changed?) in the mean time. > > > 1.http://googlecodesamples.com/oauth_playground/ > > > > > Thanks, > > > Doug > > > > > On Mon, Jul 27, 2009 at 9:29 PM, winrich <winric...@gmail.com> wrote: > > > > > > ok guys. > > > > > > so my calls were failing on the verify_credentials call and not on > the > > > > update or timeline calls. the only difference i saw was the the > > > > verify_credential call wasn't secured. i changed it to https and it > > > > worked. ??? lol > > > > > > On Jul 27, 9:19 pm, Chad Etzel <jazzyc...@gmail.com> wrote: > > > > > On Mon, Jul 27, 2009 at 11:55 PM, Duane > > > > > > > Roelands<duane.roela...@gmail.com> wrote: > > > > > > RTFM is not a helpful answer, especially when many developers are > > > > > > relying on libraries that they did not write. > > > > > > > That's a risk you run when using code you didn't write. > > > > > > > I'm not saying that this situation doesn't suck for those affected. > > > > > I'm sure that it does. But, for a technology so new as OAuth, the > > > > > libraries may not be mature yet. > > > > > > > Officially, Twitter OAuth is still in Public Beta and has never > been > > > > > officially recommended to integrate into production code. That > being > > > > > said, there could still be a problem on Twitter's end with their > > > > > signature verification mechanism and the libraries could all be > valid. > > > > > I don't have a way of knowing. > > > > > > > I do agree that at least a note that "a security change was pushed > > > > > today" would be nice, though. > > > > > > > -Chad >