Anyone using PHP can use https://github.com/abraham/twitteroauth . It supports the oauth_verifier (as of its most recent update). Earlier versions of twitteroauth didn't support it and had a different parameter order for making requests, so if you're updating, be sure to check those things out.
This guide will help those looking to be walked through a bit too - http://blancer.com/tutorials/73877/how-to-authenticate-users-with-twitter-oauth/ On Dec 2, 7:19 pm, kprobe <goo...@kprobe.com> wrote: > I am using TwitterEPI library. Mine was out of date. Uploaded the > newest version and my app now works. > Mark > > On Dec 2, 7:06 pm, Tim Haines <tmhai...@gmail.com> wrote: > > > > > > > > > Hey Taylor, > > > Thanks for rolling this back. It seems odd that you'd push this out without > > notice when you know it will break apps. Or was there notice somewhere? > > > Can you deploy your new code to a test endpoint so people (myself included) > > can test that their new code complies with your new requirements? > > > Cheers, > > > Tim. > > > On Fri, Dec 3, 2010 at 7:59 AM, Taylor Singletary < > > > taylorsinglet...@twitter.com> wrote: > > > Hi Folks, > > > > We're going to rollback a subset of these changes for now. Before we give > > > this another try, we'll let everyone know the specific pain points and > > > give > > > some time to adjust to them. In the meantime, those who experienced > > > trouble > > > today will want to verify that their libraries are doing the right thing > > > in > > > regard to the bullet points I posted above. > > > > Also useful is making sure that you don't send additional headers related > > > to basic auth in an OAuth request, that you're using the proper, versioned > > > api-subdomain end points, etc. > > > > Dave: It's pretty crucial that you send an oauth_verifier on the access > > > token step. It's not valid OAuth 1.0a without it. > > > > Sorry about the mess folks. We should never have let these bugs persist > > > for > > > so long. > > > > Taylor > > > > On Thu, Dec 2, 2010 at 2:45 PM, Tom van der Woerdt <i...@tvdw.eu> wrote: > > > >> Waiting doesn't help solve the issue. The spec hasn't changed, the API is > > >> just a bit more watching for the mistakes which some developers tend to > > >> make. > > > >> I'd recommend diving into the code and fixing the errors, instead of > > >> asking the Twitter API team to accept your "broken" OAuth > > >> implementations. > > >> :-) > > > >> Tom > > > >> On 12/2/10 11:42 PM, LeeS - @semel wrote: > > > >>> I am using this library on all my sites: > > >>>https://github.com/jmathai/twitter-async, > > >>> all of which are now broken and fail to let anyone log in. > > > >>> Any way this can be rolled back until all the various oAuth libraries > > >>> people are using are brought up to date? > > > >>> Lee > > > >>> On Dec 2, 5:35 pm, Dave-twiends<i...@davesumter.com> wrote: > > > >>>> Thanks Taylor, yip unfortunately I wrote my oauth code about 18 months > > >>>> ago, before most of the libraries were out, so there could be anything > > >>>> wrong. It's probably not 100% spec compliant, which is probably why it > > >>>> broke. > > > >>>> I've tracked down the issue to the access_token exchange part of the > > >>>> process. The access token's that I have from before are still working, > > >>>> just can't get new ones. I've noticed I'm not passing oauth_verifier > > >>>> back in the request, which could be causing the issue.. > > > >>>> Will let you guys know how I get on... > > > >>>> Thanks for the pointers > > >>>> Dave > > > >>>> On Dec 2, 9:57 pm, Taylor Singletary<taylorsinglet...@twitter.com> > > >>>> wrote: > > > >>>> We've corrected a number of long-standing OAuth-related bug fixes -- > > >>>>> mainly > > >>>>> in areas where we more liberal than we should have been when verifying > > >>>>> signatures. > > > >>>> Here are a few things to verify: > > > >>>> * Verify that you are using your consumer key where the consumer key > > >>>> is > > >>>>> supposed to go. Compare this to what you see for you app on > > >>>>> dev.twitter.com > > >>>>> * Likewise, verify that you are using your consumer secret where it is > > >>>>> supposed to go. Compare this to what you see for you app on > > >>>>> dev.twitter.com > > >>>>> * Laugh at the obviousness and absurdity of a check like that. Cry a > > >>>>> little > > >>>>> because we already know some people were doing the wrong thing here, > > >>>>> especially on end points that didn't require authentication. > > >>>>> * Verify that your timestamps are in range > > >>>>> * If you're sending a request to a resource that doesn't require > > >>>>> authentication but you're including OAuth credentials: > > >>>>> - we used to just give you a free pass even if the credentials were > > >>>>> incorrect. Hey, it doesn't require auth, so why bother checking? > > >>>>> - now we check this. if you pass us an OAuth header or anything > > >>>>> that > > >>>>> looks like an OAuth-based request, we will check it for validity, even > > >>>>> if > > >>>>> it's a resource that doesn't require auth. > > > >>>> We haven't changed anything about our actual core signature validation > > >>>>> code > > >>>>> -- what was a valid signature before should be a valid one now. We're > > >>>>> just > > >>>>> checking the validity in more use cases than we were previously, and > > >>>>> checking other validity points we were flexible with previously. > > > >>>> Taylor > > > >>>> On Thu, Dec 2, 2010 at 1:32 PM, Twitlonger<stu...@abovetheinternet.org > > >>>>> >wrote: > > > >>>> I'm seeing a lot of invalid/expired token errors. > > > >>>> On Dec 2, 9:21 pm, Dave-twiends<i...@davesumter.com> wrote: > > > >>>>>>> I noticed I've just started getting 401's for all my oAuth requests. > > >>>>>>> Seems to be happening on more than one site for me.. My application > > >>>>>>> keys and status still look good.. > > > >>>> Just wondering if anyone else is having an issue..? > > > >>>> -- > > >>>>>> Twitter developer documentation and resources: > > >>>>>>http://dev.twitter.com/doc > > >>>>>> API updates via Twitter:http://twitter.com/twitterapi > > >>>>>> Issues/Enhancements Tracker: > > >>>>>>http://code.google.com/p/twitter-api/issues/list > > >>>>>> Change your membership to this group: > > >>>>>>http://groups.google.com/group/twitter-development-talk > > > >> -- > > >> Twitter developer documentation and resources:http://dev.twitter.com/doc > > >> API updates via Twitter:http://twitter.com/twitterapi > > >> Issues/Enhancements Tracker: > > >>http://code.google.com/p/twitter-api/issues/list > > >> Change your membership to this group: > > >>http://groups.google.com/group/twitter-development-talk > > > > -- > > > Twitter developer documentation and resources:http://dev.twitter.com/doc > > > API updates via Twitter:http://twitter.com/twitterapi > > > Issues/Enhancements Tracker: > > >http://code.google.com/p/twitter-api/issues/list > > > Change your membership to this group: > > >http://groups.google.com/group/twitter-development-talk -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk