tags:

views:

450

answers:

2
Q: 

mgtwitterengine and oauth 401 error: Boggled

OK... so here is my code:

twitterEngine = [[MGTwitterEngine alloc] initWithDelegate:self];    
    [twitterEngine setConsumerKey:CONSUMER_KEY secret:CONSUMER_SECRET];
    accessToken = [twitterEngine getXAuthAccessTokenForUsername:profile.twitterUserId password:profile.twitterPassword];
    NSLog(@"Access token: %@", accessToken);

the console shows the access token returned just fine (so it seems to work) eg. Access token: C8A24515-0F11-4B5A-8813-XXXXXXXXXXXXXX

but instead of accessTokenReceived method being called next on my delegate, it calls requestFailed with a 401. How can I be getting a 401 unauthorized and getting an access token back from the method call?????

A: 

Found the issue... for anyone else that has this problem... Getting your app approved for OAuth is only part of the process. Although it looks like you are done and the twitter page gives you your key and secret... there is one not-quite-so-easy-to-find next step. You must send an email to [email protected] and ask them to actually enable it.

That was fun figuring out. :)

Jason  2010-05-22 01:14:08
A: 

xAuth, the process for exchanging a login and password for an access token, is a privilege for applications that verifiably meet Twitter's criteria: desktop or mobile applications that are otherwise unable to provide the entire three-legged OAuth flow. Out-of-band OAuth and custom URI schemes are still preferred over xAuth.

If you've exhausted other OAuth implementations and want to use xAuth, you can contact Twitter through [email protected] from an email address directly associated with the account owning the application. Include full details about your application, its user base, links to screenshots of it in action, and a detailed description on why this form of authorization is appropriate for your application. Inquires for xAuth are considered on a case-by-case basis and will not be granted to all applicants.

Implementors of xAuth must not store logins and passwords within their applications -- this is not a drop-in replacement for basic auth or a way to avoid implementing OAuth authentication.

Taylor Singletary  2010-07-16 17:53:33

related questions

XSRF protection in an AJAX style app
Can OAuth be used to schedule Twitter status updates in the future?
2 legged oauth - looking for information
How to get Uri.EscapeDataString to comply with RFC 3986
OAuth - lexicographical byte value ordering in c#
OpenID authentication from an installed application
What is excatly the technology stack defining Web APIs?
Problem with Google Hybrid Protocol (OpenID + OAuth) Demo
How to integrate google's Step2 with acegi security in the Grails Framework?
OAuth alternative?
OAuth? ,OpenID? Neither? Which one should my site support?
Twitter oAuth callbackUrl - localhost development
Example of a good Webservice
Sorting by key and value in case keys are equal
What does the oauth guide mean by "8 bit array"?
Using OAuth for server-to-server authentication?
Getting 401 on Twitter OAuth POST requests
How do I develop against OAuth locally?
Can OAuth work with mobile phone applications?
Security of REST authentication schemes
How do you manage api keys
How can I verify a Google authentication API access token?
How do you debug an ASP.Net application accessing an OAuth secured API?
oAuth REST and C# What's the missing piece
PHP Tutorial for OpenId and OAuth