I have written an Service Provider implementation for OAuth and one of the Devs found a bug in the way the implementation was ordering query parameters. I totally missed the lexicographical ordering requirement in the OAuth spec and was just doing a basic string sort on the name value parameters Given the following URI request from the...
The Uri class defaults to RFC 2396. For OpenID and OAuth, I need Uri escaping consistent with RFC 3986. From the System.Uri class documentation: By default, any reserved characters in the URI are escaped in accordance with RFC 2396. This behavior changes if International Resource Identifiers or International Domain Name parsing i...
I want to implement a new REST-based api on our infrastructure, and oauth seems to be the way to go. For our implementation there will first just be server-to-server access, which will be completely unrestricted. I believe this is called 2-legged authorization. Later on, we'd like to allow the API to be consumed by the browser, which w...
I'm developing a Twitter application on OAuth and I want to provide the ability to post updates in the future. The basic plan is to run a script every hour and find any updates which need to be posted, and then authenticate the appropriate user and use the statuses/update API call. However, I don't know how I can use OAuth for this. I ...
We're currently developing an entirely AJAX based app that will interact with the server via a RESTful API. I've considered potential schemes to protect against XSRF attacks against the API. User authenticates and receives a session cookie, which is also double-submitted with each request. We implement an OAuth consumer in Javascript,...
The question Is there a simple way to implement the login system that stackoverflow uses using php? For a long time I have developed websites, and have used a typical web form username/password with a mysql db for login systems. I would like to have it so users can log into the system using google, yahoo, facebook, etc, and without th...
I have an idea of how they would do this but it seems very hacky way about going about it. The problem I see from this is that youtube needs to grab gmail or google cookies. The way I would do this would be to open another frame from the gmail domain that reads the gmail cookies and forwards this information to a youtube url. This yout...
Does anyone know of a good example utilizing the twitter API and Oauth authentication for iPhone SDK 2.2.1 or older? Found an example, but it seems to utilize a 3.0 only framework at http://ow.ly/bdpm . ...
Is there any way to determine if an oauth token has been revoked besides actually making a function call? I am working with an Oauth provider that has a single function call that is time consuming and costs money. On my website, I'd like to be able to determine if my access token is valid withing making that call. Thanks ...
I'm a bit confused about all this OAuth bruhaha in the sense that all the examples I can find are for web applications and none of them for desktop applications. I understand the Web application work flow, but that includes some redirections between the web app and twitter. How does one do this in an desktop application? How does the ...
I'm looking to use the latest Twitter gem for a Rails app I'm working on. However, executing the following line: oauth = Twitter::OAuth.new(ServiceAPIKeys.twitter['api_key'], ServiceAPIKeys.twitter['secret_key']) Triggers the following exception: uninitialized constant Twitter::OAuth I do have the gem configured in my environment....
I'm trying to use Twitter's API and OAuth to send status updates (new Tweets). I am using Shannon Whitley .NET code example http://www.voiceoftech.com/swhitley/?p=681 (as recommended on the Twitter API docs). I can read (GET) using OAuth just fine, however when I try to send a status update via http ://twitter.com/statuses/update.xml (us...
I am developing an application that utilizes twitter oauth and ran into a brick wall trying to figure out how to test twitter oauth. Particularly trying to use Cucumber and Webrat/Selenium to do test the functionality -- Certain steps in the registration/logon process behave differently if the user has given oauth access to the app or no...
I'm trying to integrate with twitter using their OAuth api. I have downloaded and tried the CF implementation here: http://oauth.riaforge.org/ with no success. Anyone have a simple CF to twitter OAuth example for authorizing a user, getting a token, and using it? ...
Hi, I have followed the steps defined in the following link for twitter oauth implementation. https://docs.google.com/View?docID=dcf2dzzs_2339fzbfsf4 Its working fine when i run through web browser but i want a user should be able to update status of twitter account through gmail chat i.e. he should only be authenticated once through ...
Hi, I'm looking for a protocol to secure a connection between a mobile device and a web service. I want to ensure that only the mobile device can perform actions on the web service and vice versa. Data doesn't need to be encrypted. I know Oauth, but it seems that it's more used to secure connections when you got 3 different entities (...
Hello all, I make an AJAX request to see if a sesion variable has been set. I make a GET request to this script: <?php session_start(); while(true){ if(isset($_SESSION['screen_name'])){ return true; break; } } ?> Clearly there are problems with this script and I wanted to solve these problems such as the continuou...
I am working on a jsp page which uses a bean to create an OAuth authenticated HttpURLConnection and am able to connect successfully. Is there anyway that I can take that open HttpURLConnection and somehow display the contents in a browser window? ...
I'm looking for a simple example of how to send a Tweet from an iphone app. I've seen some very complex methods, but it can't be that difficult. I have registered the app with twitter, so I have the key & secret. Just need to know where to put these so I can send a status update and have it say "sent from MyApp". ...
I'm really trying to understand the difference between OpenID and OAuth? Maybe they're two totally separate things and I'm just totally confused. Could someone explain it to me please? Thanks! ...