Today we deployed code that implemented the changes that accompanied the
update to the 1.0a OAuth specification. LuckyCal has a great article on the
subtle differences that come with the update [1] so please peruse this
article if you are getting 401 errors with your implementation.
Callbacks for non-desktop apps are now supported with these rules:
- When making the call to request_token [4] (server-to-server), you can pass
&oauth_callback=[url here]
- The response from request_token will contain oauth_callback_confirmed=true
to confirm we received it.
- The user will be sent to twitter.com as usual
- When the user is finished they will be redirected to the URL provided in
the first step along with a new parameter, oauth_verifier [1]
- The call to access_token [5] to exchange the request token for an access
token MUST contain the oauth_verifier parameter as sent in the redirect.
- If you want to use your pre-configured callback, then do not include a
oauth_callback parameter.
- If you want to force the PIN-based solution, send oauth_callback=oob with
your request to oauth/authenticate
Additionally, as a couple developers have already noticed, we deployed the
code that implemented PINs for desktop apps originally mentioned by Matt.
Please review the linked documentation [2] and discussion [5] and let us
know what questions you have.
If you find that your browser-based OAuth application is returning a PIN as
if it were a desktop app, then remove the oauth_callback=oob parameter from
your signature, if it exists.
1. http://blog.luckycal.com/?p=121
2. http://apiwiki.twitter.com/Authentication
3. http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-oauth-request_t...
4. http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-oauth-access_token
5.
http://groups.google.com/group/twitter-development-talk/browse_frm/th...
Thanks,
Doug
|
