Changed to authorizeURL; get the proper permission, but now get 401, 401 after one call

33 views
Skip to first unread message

PeriVisioN

unread,
Jul 4, 2011, 7:59:35 PM7/4/11
to Twitter Development Talk
Very confused. I have abrahams API lib, works fine. After the
change, I updated my apps permission and then changed the following in
his code.

function getAuthorizeURL($token, $sign_in_with_twitter = TRUE) {

if (is_array($token)) {
$token = $token['oauth_token'];
}
return $this->authorizeURL() . "?oauth_token={$token}";
/*
if (empty($sign_in_with_twitter)) {
echo 'calling authorizeURL<br>';
return $this->authorizeURL() . "?oauth_token={$token}";
} else {
echo 'calling authenticateURL<br>'; return;
return $this->authenticateURL() . "?oauth_token={$token}";
}
*/
}

So I can make 1 call, but after that, its give me a 403
Could not authenticate with OAuth. /1/account/verify_credentials.xml?

Any thoughts????

Abraham Williams

unread,
Jul 5, 2011, 12:45:15 PM7/5/11
to twitter-deve...@googlegroups.com
You don't need to change the code in twitteroauth.php. You just use $connection->getAuthorizeURL($token, false) to get the authorize URL instead of the authenticate URL. 

If you are having other issues it is likely unrelated to this change as the only difference is sending users to api.twitter.com/oauth/authorize instead of api.twitter.com/oauth/authenticate. If you can make one call then you are likely either not properly saving the access token in sessions/db or you are overwriting it with a new request token at some point.

Abraham
-------------
Abraham Williams | InboxQ | abrah.am
@abraham | github.com/abraham | blog.abrah.am
This email is: [ ] shareable [x] ask first [ ] private.




--
Twitter developer documentation and resources: https://dev.twitter.com/doc
API updates via Twitter: https://twitter.com/twitterapi
Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list
Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk

oosswwaalldd

unread,
Jul 5, 2011, 2:58:47 PM7/5/11
to Twitter Development Talk
I am little bit confused, I understood that the problem was solved by
changing to "FALSE" in this line
"function getAuthorizeURL($token, $sign_in_with_twitter = TRUE) {"
in twitteroauth.php, but I am reading from you that the change is not
in this file.

In my code the only call I have to authorize/authenticate is this
(main file where I process the DMs, this file requires
twitteroauth.php)

/* Create a TwitterOauth object with consumer/user tokens. */
$connection = new TwitterOAuth($consumer_key,$consumer_secret,
$oauth_token,$oauth_token_secret);

where am I supposed to change this "FALSE"?

Thanks for the help


On Jul 5, 12:45 pm, Abraham Williams <4bra...@gmail.com> wrote:
> You don't need to change the code in twitteroauth.php. You just use
> $connection->getAuthorizeURL($token, false) to get the authorize URL instead
> of the authenticate URL.
>
> If you are having other issues it is likely unrelated to this change as the
> only difference is sending users to api.twitter.com/oauth/authorize instead
> of api.twitter.com/oauth/authenticate. If you can make one call then you are
> likely either not properly saving the access token in sessions/db or you are
> overwriting it with a new request token at some point.
>
> Abraham
> -------------
> Abraham Williams | InboxQ <http://inboxq.com/> | abrah.am
> @abraham <https://twitter.com/intent/follow?screen_name=abraham> |

Abraham Williams

unread,
Jul 5, 2011, 3:55:22 PM7/5/11
to twitter-deve...@googlegroups.com
You don't need to change the TRUE to FALSE in twitteroauth.php you pass FALSE as the second parameter when you call the getAuthorizeURL method. This is only used when a (generally) unauthenticated user gets redirected to twitter.com with a request token to allow access to their account. For all existing users they will have to do this again before the access tokens will have DM access.

In the example code this is done in line 22 of redirect.php https://github.com/abraham/twitteroauth/blob/master/redirect.php#L22

Abraham
-------------
Abraham Williams | InboxQ | abrah.am

This email is: [ ] shareable [x] ask first [ ] private.

oosswwaalldd

unread,
Jul 5, 2011, 4:18:06 PM7/5/11
to Twitter Development Talk
Turns out I use themattharris lib to get the login credentials (token
and token_secret) which I store on my db, and Abraham lib (yours) to
interact with Twitter once I am authenticated. I know this is not you
lib but Matt Harris's, but can you help me please to know where in the
mattharris lib should I change this method? I think it would be in the
line with the <-- below. Because Twitter every two days (more than
less) gives me this error when I try to get DMs with an authenticated
user [error] -> "no permission to access to DMS (or some like that)"
when I check the users Token and Secret in my app (dev.twitter.com/
apps) they are different than the ones stored on my db. I appreciate
you help a lot.

// start the OAuth dance
} elseif ( isset($_REQUEST['signin']) || isset($_REQUEST['allow']) ) {
$callback = isset($_REQUEST['oob']) ? 'oob' : $here;

$code = $tmhOAuth->request('POST', $tmhOAuth->url('oauth/
request_token', ''), array(
'oauth_callback' => $callback
));

if ($code == 200) {
$_SESSION['oauth'] = $tmhOAuth->extract_params($tmhOAuth-
>response['response']);
$method = isset($_REQUEST['signin']) ? 'authenticate' :
'authorize'; <-- "HERE SHOULD I WRITE $METHOD='authorize'; RIGHT?"
$force = isset($_REQUEST['force']) ? '&force_login=1' : '';
$forcewrite = isset($_REQUEST['force_write']) ?
'&oauth_access_type=write' : '';
$forceread = isset($_REQUEST['force_read']) ?
'&oauth_access_type=read' : '';
header("Location: " . $tmhOAuth->url("oauth/{$method}", '') . "?
oauth_token={$_SESSION['oauth']['oauth_token']}{$force}{$forcewrite}
{$forceread}");

}



On Jul 5, 3:55 pm, Abraham Williams <4bra...@gmail.com> wrote:
> You don't need to change the TRUE to FALSE in twitteroauth.php you pass
> FALSE as the second parameter when you call the getAuthorizeURL method. This
> is only used when a (generally) unauthenticated user gets redirected to
> twitter.com with a request token to allow access to their account. For all
> existing users they will have to do this again before the access tokens will
> have DM access.
>
> In the example code this is done in line 22 of redirect.phphttps://github.com/abraham/twitteroauth/blob/master/redirect.php#L22
>
> Abraham
> -------------

Matt Harris

unread,
Jul 7, 2011, 7:12:16 PM7/7/11
to twitter-deve...@googlegroups.com
Hey oosswwaalldd,

The code you pasted above is the example auth.php file which shows how to do each form of OAuth with the Twitter API. The method it uses when performing the OAuth flow depends on which option you choose from the page. If you use any of the "Sign in with Twitter" links you won't be able to get the direct message permission. Instead you need to use the "Allow Application" options.

In a full application you would reduce all of this code to just one of those flows.
I've added an example to my library which shows a really cut down version of the oauth authorize flow:

Best,
Twitter

oosswwaalldd

unread,
Jul 7, 2011, 10:13:09 PM7/7/11
to Twitter Development Talk
Thanks! very helpful!

On Jul 7, 7:12 pm, Matt Harris <thematthar...@twitter.com> wrote:
> Hey oosswwaalldd,
>
> The code you pasted above is the example auth.php file which shows how to do
> each form of OAuth with the Twitter API. The method it uses when performing
> the OAuth flow depends on which option you choose from the page. If you use
> any of the "Sign in with Twitter" links you won't be able to get the direct
> message permission. Instead you need to use the "Allow Application" options.
>
> In a full application you would reduce all of this code to just one of those
> flows.
> I've added an example to my library which shows a really cut down version of
> the oauth authorize flow:
>
> https://github.com/themattharris/tmhOAuth/blob/master/examples/oauth_...
>
> Best,
> @themattharris <https://twitter.com/intent/follow?screen_name=themattharris>
Reply all
Reply to author
Forward
0 new messages