Hey Josh, Good to see I reached you, albeit not through the channel I'd anticipated. :)
I really think the issue is quite simple; sorry I haven't expressed it clearly enough. If you look at the source of the http://(api.)?twitter.com/oauth/authorize page, you'll see that the sign up link is a relative url: <a href="/signup?oauth_token=<removed>">Sign up and Join the Conversation!</a> And http://api.twitter.com/signup?oauth_token=<removed> yields a 404 but http://twitter.com/signup?oauth_token=<removed> does not. So either (1) one is only supposed to use twitter.com for oauth/authorize, or (2) Twitter ought to be using an absolute url to point to http://twitter.com/signup, or (3) http://api.twitter.com/signup oughtn't be a 404, but a signup page. All the same goes, mutatis mutandis, for the sign out page. Hope that clarifies the issue a little. Oh, and by the way, thanks for the awesome library. :) -josh On Thu, Dec 17, 2009 at 3:16 PM, Josh Roesslein <jroessl...@gmail.com> wrote: > Sorry left off the link to the issue. > > [1] http://github.com/joshthecoder/tweepy/issues#issue/8 > > Josh > > On Thu, Dec 17, 2009 at 2:15 PM, Josh Roesslein <jroessl...@gmail.com> wrote: >> Hey, >> >> Thanks for bringing this issue to my attention. I have opened an issue >> for it here [1]. >> I will look into this and see what I can do to help resolve it. Shiplu >> is probably on the right track >> about this being cookie related. Will post updates here and on the >> issue as I make progress. >> >> Thanks, >> >> Josh Roesslein >> Tweepy author >> >> On Thu, Dec 17, 2009 at 1:42 PM, shiplu <shiplu....@gmail.com> wrote: >>> On Fri, Dec 18, 2009 at 2:22 AM, Josh Bleecher Snyder >>> <joshar...@gmail.com> wrote: >>>> Hi all, >>>> >>>> The tweepy twitter client uses api.twitter.com for the host for oauth >>>> calls: >>>> >>>> REQUEST_TOKEN_URL = 'http://api.twitter.com/oauth/request_token' >>>> AUTHORIZATION_URL = 'http://api.twitter.com/oauth/authorize' >>>> AUTHENTICATE_URL = 'http://api.twitter.com/oauth/authenticate' >>>> ACCESS_TOKEN_URL = 'http://api.twitter.com/oauth/access_token' >>>> >>>> I've found that this works, until the user tries to sign out or sign >>>> up during the authorization; if this happens, they get a 404. If, >>>> however, twitter.com is used as the host: >>> >>> >>> I think this happens due to cookie. People sign in twitter.com. not in >>> api.twitter.com. When a user already signed in, the cookie's domain is >>> twitter.com. >>> Now if you redirect to http://api.twitter.com/oauth/authorize, browser >>> wont load the cookie as its from twitter.com. It'll try to find >>> cookies from api.twitter.com. But there is no cookie. So you have to >>> sign in again I guess. >>> >>> Its better to use twitter.com instead of api.twitter.com when its one >>> of those 4 oauth urls. >>> >>> -- >>> Shiplu Mokaddim >>> My talks, http://talk.cmyweb.net >>> Follow me, http://twitter.com/shiplu >>> SUST Programmers, http://groups.google.com/group/p2psust >>> Innovation distinguishes bet ... ... (ask Steve Jobs the rest) >>> >> >