oauth

OAuth - lexicographical byte value ordering in c#

I have written an Service Provider implementation for OAuth and one of the Devs found a bug in the way the implementation was ordering query parameters. I totally missed the lexicographical ordering requirement in the OAuth spec and was just doing a basic string sort on the name value parameters Given the following URI request from the...

How to get Uri.EscapeDataString to comply with RFC 3986

The Uri class defaults to RFC 2396. For OpenID and OAuth, I need Uri escaping consistent with RFC 3986. From the System.Uri class documentation: By default, any reserved characters in the URI are escaped in accordance with RFC 2396. This behavior changes if International Resource Identifiers or International Domain Name parsing i...

2 legged oauth - looking for information

I want to implement a new REST-based api on our infrastructure, and oauth seems to be the way to go. For our implementation there will first just be server-to-server access, which will be completely unrestricted. I believe this is called 2-legged authorization. Later on, we'd like to allow the API to be consumed by the browser, which w...

Can OAuth be used to schedule Twitter status updates in the future?

I'm developing a Twitter application on OAuth and I want to provide the ability to post updates in the future. The basic plan is to run a script every hour and find any updates which need to be posted, and then authenticate the appropriate user and use the statuses/update API call. However, I don't know how I can use OAuth for this. I ...

XSRF protection in an AJAX style app

We're currently developing an entirely AJAX based app that will interact with the server via a RESTful API. I've considered potential schemes to protect against XSRF attacks against the API. User authenticates and receives a session cookie, which is also double-submitted with each request. We implement an OAuth consumer in Javascript,...

Login system just like stackoverflow's, written in php

The question Is there a simple way to implement the login system that stackoverflow uses using php? For a long time I have developed websites, and have used a typical web form username/password with a mysql db for login systems. I would like to have it so users can log into the system using google, yahoo, facebook, etc, and without th...

How does youtube sign you in with your gmail account?

I have an idea of how they would do this but it seems very hacky way about going about it. The problem I see from this is that youtube needs to grab gmail or google cookies. The way I would do this would be to open another frame from the gmail domain that reads the gmail cookies and forwards this information to a youtube url. This yout...

Sending tweets from iPhone apps using Oauth

Does anyone know of a good example utilizing the twitter API and Oauth authentication for iPhone SDK 2.2.1 or older? Found an example, but it seems to utilize a 3.0 only framework at http://ow.ly/bdpm . ...

Oauth revoked token

Is there any way to determine if an oauth token has been revoked besides actually making a function call? I am working with an Oauth provider that has a single function call that is time consuming and costs money. On my website, I'd like to be able to determine if my access token is valid withing making that call. Thanks ...

Work flow for authentication and API use with Twitter on OAuth

I'm a bit confused about all this OAuth bruhaha in the sense that all the examples I can find are for web applications and none of them for desktop applications. I understand the Web application work flow, but that includes some redirections between the web app and twitter. How does one do this in an desktop application? How does the ...

uninitialized constant Twitter::OAuth - Overlooking a require somewhere?

I'm looking to use the latest Twitter gem for a Rails app I'm working on. However, executing the following line: oauth = Twitter::OAuth.new(ServiceAPIKeys.twitter['api_key'], ServiceAPIKeys.twitter['secret_key']) Triggers the following exception: uninitialized constant Twitter::OAuth I do have the gem configured in my environment....

Twitter API + OAuth: Can't send status updates, getting 401

I'm trying to use Twitter's API and OAuth to send status updates (new Tweets). I am using Shannon Whitley .NET code example http://www.voiceoftech.com/swhitley/?p=681 (as recommended on the Twitter API docs). I can read (GET) using OAuth just fine, however when I try to send a status update via http ://twitter.com/statuses/update.xml (us...

Testing strategies for Ruby on Rails & Twitter OAuth

I am developing an application that utilizes twitter oauth and ran into a brick wall trying to figure out how to test twitter oauth. Particularly trying to use Cucumber and Webrat/Selenium to do test the functionality -- Certain steps in the registration/logon process behave differently if the user has given oauth access to the app or no...

Coldfusion/OAuth/Twitter API

I'm trying to integrate with twitter using their OAuth api. I have downloaded and tried the CF implementation here: http://oauth.riaforge.org/ with no success. Anyone have a simple CF to twitter OAuth example for authorizing a user, getting a token, and using it? ...

twitter status message update through bot using php and twitter oauth

Hi, I have followed the steps defined in the following link for twitter oauth implementation. https://docs.google.com/View?docID=dcf2dzzs_2339fzbfsf4 Its working fine when i run through web browser but i want a user should be able to update status of twitter account through gmail chat i.e. he should only be authenticated once through ...

Protocol to secure a connection between a mobile device and a web service?

Hi, I'm looking for a protocol to secure a connection between a mobile device and a web service. I want to ensure that only the mobile device can perform actions on the web service and vice versa. Data doesn't need to be encrypted. I know Oauth, but it seems that it's more used to secure connections when you got 3 different entities (...

How to solve a while true loop as it is expensive and Risky

Hello all, I make an AJAX request to see if a sesion variable has been set. I make a GET request to this script: <?php session_start(); while(true){ if(isset($_SESSION['screen_name'])){ return true; break; } } ?> Clearly there are problems with this script and I wanted to solve these problems such as the continuou...

Open an HttpURLConnection in a browser

I am working on a jsp page which uses a bean to create an OAuth authenticated HttpURLConnection and am able to connect successfully. Is there anyway that I can take that open HttpURLConnection and somehow display the contents in a browser window? ...

How do you use OAuth to Twitter from an iphone app?

I'm looking for a simple example of how to send a Tweet from an iphone app. I've seen some very complex methods, but it can't be that difficult. I have registered the app with twitter, so I have the key & secret. Just need to know where to put these so I can send a status update and have it say "sent from MyApp". ...

What's the difference between OpenID and OAuth?

I'm really trying to understand the difference between OpenID and OAuth? Maybe they're two totally separate things and I'm just totally confused. Could someone explain it to me please? Thanks! ...