oauth

Twitter OAuth via a popup

I was wondering how to do twitter OAuth via a popup, i.e. load up the Oauth page in a popup and make the callback close the child window and reload the parent window. Edit: OK iframes are bad, but how would you accomplish the above, I notice posterous.com does this - I'm looking to achieve the same flow as FB connect. ...

Securly Storing OpenID identifiers and OAuth tokens

I am creating a web app that will use OpenID logins and OAuth tokens with Youtube. I am currently storing the OpenID identity and OAuth token/token secret in plain text in the database. Is it inappropriate to store these values as plain text? I could use a one-way encryption for the OpenID identifier but I don't know if that is necess...

Is OAuth and OpenID the right approach in this case?

I am still trying to wrap my mind around the workings of OAuth/OpenID, as such... I am developing an "installed app" that will run on computers and iPhone. A given user may install the client app on multiple machines, and all of the user's installed clients will synchronize via a centralized Google App Engine service. The GAE service ...

oauth vs authsub

why do we need authsub when we have oauth? ...

Different Access token every time - using Google OAuth and Authlogic

Greetings! I have some troubles enabling OAuth authentication for my web application running on Ruby on Rails. I am using authlogic and authlogic_oauth and that is, in the end, using OAuth gem and therefore I decided to ask here. So shortly: I succesfully "register" (i.e. obtain the first Access Token for the user) but then, whenever I...

Twitter Oauth question

I've read through documentation where possible but unable to figure out this basic question. When using Oauth with Twitter in my web application, does it require the user to be logged into Twitter everytime? For example, if a user authorises their account with my website, in future sessions, if they complete an action that posts to thei...

Oauth authentication with a known user?

Most Oauth implementations require the user to login with the originating site in the process. An example is: http://code.google.com/apis/accounts/images/OAuthDiagram.png Now, what if I want to use my own account to access a generic feature, such as a search for people outside of my network, and don't want them to login? Is there any w...

OAuth request token for an installed application

Hi all I'm trying to use/understand Google request token mechanism. I intend to use it for an application I've start to develop to access Orkut data using OpenSocial API. I read this document that explains the steps to obtain a token for an installed application. This document tells you to use the OAuthGetRequestToken method from Goog...

httplib CannotSendRequest error in WSGI

I've used two different python oauth libraries with Django to authenticate with twitter. The setup is on apache with WSGI. When I restart the server everything works great for about 10 minutes and then the httplib seems to lock up (see the following error). I'm running only 1 process and 1 thread of WSGI but that seems to make no diff...

Persistent OAuth session

Is is possible to keep a single OAuth session available across multiple users? My client wants to add their private tweets on one of their intranet pages. The tweets need to just show up without the need for their employees to authenticate with Twitter. Their employees wouldn't be able to authenticate anyways since they wouldn't know th...

OAuth secrets in mobile apps

When using the OAuth protocol, you need a secret string obtained from the service you want to delegate to. If you are doing this in a web app, you can simply store the secret in your data base or on the file system, but what is the best way to handle it in a mobile app (or a desktop app for that matter)? Storing the string in the app is...

What is Facebook's new OAuth Wrap Framework? Should I worry about it if I am using OAuth?

I have just implemented OAuth as a signup mechanism complementing the standard signup we have. Recently, Facebook seems to have started using OAuth WRAP. What is new in OAuth WRAP? What are the pros and cons and is it supported widely? ...

Twitter Oauth duration of autorization

Does Twitter Oauth allow a user to authorize a consumer for a long period of time? For example, if a user uses a consumer app that generates status updates automatically, can the user authorize that consumer once and then let it send status updates for the following 12 months? ...

Twitter API - Logout

I'm using OAuth in my web app, and users can login with twitter. I want to add "switch twitter account" button, which actually clears the session and then opens the authorize_url. As clearing the session in my web app doesn't log out of twitter, the authorize_url will automatically authenticate the current twitter.com user. That means ...

Oauth script: Error 401: Unauthorized

Hello! Does someone have a successful experience in using oauth script for Twitter (for example)? According to official Oauth docs obtaining an Unauthorized Request Token results in getting The Request Token and The Token Secret in the HTTP response's body. But while using this script i am getting an exception raise HTTPError(req.g...

Twitter OAuth with MGTwitterEngine

I'm using the MGTwitterEngine to connect to twitter and I want to use OAuth with the MGTwitterEngine? ...

OAuth instance state in Android

I'm trying to use OAuth in an Android app. I have it working correctly but have sometimes run into a problem during the authentication phase. In Android, I launch the browser for the user to login and authenticate. Then the callback url will redirect back to my application. Here is the problem. My application has a OAuth consumer and pr...

Yahoo OAuth callback URL

I am trying to connect with Yahoo OAuth. When I specify the callback URL to be example.com/YahooOauth.aspx everything works fine. But when I specify example.com:2358/YahooOauth.aspx, that is, add a port it does not work. My Yahoo application URL is example.com:2358. What can the problem be? ...

Twitter OAuth Request Token in JavaScript

I've written a twitter client for Win7 desktop gadgets (html + JavaScript). I'm trying to convert over to OAuth but can't even "get off the ground" so to speak. I'm using the twitter suggested JavaScript lib. Here's the request I'm sending and the 401 response. Can anyone spot the issue. I'm stumped. GET /oauth/request_token HTTP/1.1 x...

What is oauth_token_secret in Twitter OAuth

When I get an access token from Twitter I get something like the following: oauth_token=14410002-F5Bi8hMpQbXamM8MBBw8zw2LYIBL4FEBvxLZfaSwX&oauth_token_secret=K8QNvDcC2f9qtGU8tfa75exwLZ2Sc1jeHrThnk6Co&user_id=14410002&screen_name=blueonion What is the oauth_token_secret? Is that what is used to sign protected requests or is the consume...