Thought this change would be helpful #6
Conversation
|
+1 |
|
Hi brennannovak, this pull request was already made earlier there RayFranco@eef8b68e992635e72b1e464c0fb0e212b8219318 |
|
In what way does it not work? I've used this new URL for quite some time... even with Elliot's old Twitter library. Perhaps the problem is not in this library, but rather in your Twitter Side App settings... there is that checkbox that asks "Will you use this app for signing in?" that may be causing "http://api.twitter.com/oauth/authenticate" to not work properly... |
|
@brennannovak I don't see a setting on dev.twitter.com for "Will you use this app for signing in?" Is it somewhere else? |
|
The thing I'm thinking of isn't in the dev section of the site, but rather in your actual "app" setting: Just above the Captcha it says "Use Twitter for login" |
|
@brennannovak Crap. There is no way to tell if my app has that selected or not. Weird. |
|
@brennannovak Do you think this might be why Twitter is replying with oauth_verifier instead of oauth_token_secret which makes the app not work? #2 (comment) |
|
I don't see "Use Twitter for login" but rather "Read" vs "Read and Write" - Write would require auth. I have it set at "Read and Write" and I'm still experiencing this issue. |
|
@carolinecblacker The only place you will see it is when you're creating a new application not when you are editing the details of an existing one. |
|
When going to a screen to register a new app, there is only Read vs Read and Write, and no "use Twitter for login" option. |
|
Whoa. You're right Caroline... I've never created a new Twitter via that link... I still use Which does still have the "Use Twitter for login" option. Weird. |
|
@carolinecblaker @brennannovak @rayfranco I think the thing that boggles my mind the most, is why I never get oauth_token_secret back from Twitter. I get oauth_verifier which, based on my inspection of the code, is not used by this Library. I've now moved everything to my staging server in hopes that it was a localhost cURL issue and I'm having the same exact issue. I'm logging every single thing that happens too. And as far as I can tell, this Library simply ignores the callback URL of /tweet_test/auth?oauth_token=WHATEVER&oauth_verifier=WHATEVER It simply does not know that I'm logged in. :( |
|
Okay okay okay I think I may have solved this: Consider: http://dev.twitter.com/pages/auth#access-token This authorization process actually falls short of an entire exchange that twitter requires for Authentication. I'm not sure when this was put in place, but clearly it was between the time that this was coded and now. Can you guess what it is? If you answered "Exchanging a request token for an access token" (As in the 401 error we are getting with the latest auth and tweet-test.) you are right. There needs to be a POST exchange (detailed in the above link) at the endpoint: Give a quick find search in tweet.php - it's non-existent. Now, since I've given up an entire work day to get to this point - do one of y'all have enough nerd energy to code this puppy? I'm neither nerdy enough nor energetic enough. Many thanks. CCB |
|
Hmmmm... I dunno what your issue is. Very weird. Feel free to play with my app that actually uses the Twitter auth signin (and creates new user account) located at http://github.com/socialigniter/twitter as part of my larger distributed social network platform located at http://social-igniter.com you can test the signup / login functionality there :) |
|
Alternately, according to the above mentioned docs, this code appears to be confusing two different secret access strings - the "oauth_token_secret" and the "oauth_verifier" - the "oauth_token_secret" should be delivered by the API before the user is sent to authorize, at which point they get the "oauth_verifier" which is saved as a token as "access_secret" in the userdata. The "oauth_token_secret," either by being lost or never requested or saved, is untraceable and is critical to getting the access token at the last step of the authentication. |
|
@brennannovak You've been holding out on us! Checking our socialigniter. |
|
@brennannovak Boy do I wish my code worked as well as yours. After a week I'm still not going to give up. Though I may write my own library. |
|
@carolinecblaker Are you sure the issue you've found is what is wrong? Somehow, and I'm not yet sure how, everyone else is able to use this Library except you and I. |
|
This is true. We're still finding a variety of idiosyncrasies with how Twitter registers apps and perhaps how they treat new apps vs existing apps in respect to oauth/basic auth. It would appear that now they are specifying a version of oauth to call in the url even through there is only one version at this time. While it may not be wrong for everyone, I am certain that I am finding that the twitter oAuth errors are completely explained by the docs I am using. No secret token is saved as a result of the initial token request and in its place the oauth_verifier is saved as access_secret. They are needed separately to complete the third step of the Authorizaiton. So basically we're playing with four ingredients when we need five. I've written code on my version that saves this extra var and I look forward to cracking into this. |
|
I'm having a conversation with Twitter devs right now about this... I'll update this thread when a resolution comes to the fore. Suffice to say, this Library is following a slightly old OAuth spec and we may need to update it before it will work properly. |
|
Wonderful. Can't wait to get this up and running. |
|
So, I got some excellent information from http://twitter.com/episod about exactly what is going on here. As we expected, this Library is not handling the OAuth requests properly anymore. The OAuth spec has changed and Twitter has been slowly, but consistently, tightening everything up and depreciating the old parts of the old spec. As a result there needs to be some things changed/adjusted in this Library. Here are the notes Taylor gave me.
Armed with all of these tips I plan on updating my fork of this Library. However, I'm leaving tomorrow for a cod fishing trip and won't be able to begin coding this up until Friday at some point. If any of you need the updates to this Library before then feel free to take the above tips from Taylor and run with them. As far as the new app registration URLs... only use the dev.* URL. The old one is both invalid and going away soon enough. The "Use Twitter for Login" option does nothing. I will say that Twitter was incredibly responsive to this issue both through Twitter and email. Hats off to their team. @carolinecblaker @rayfranco @brennannovak |
|
Hi folks, I've prepared a commit that I believe will address the issue with oauth_verifiers -- I don't have the proper environment to test and I'm not a native CodeIgnite speaker, so forgive me if I cargo-culted your patterns wrong. https://github.com/episod/codeigniter-twitter/commit/b10474f9c42e04ee25379f7b897c0181ff5c12b0 Before invoking your OAuth flows, I recommend using the $this->tweet->set_callback(site_url('YOUR_PATH/TO/OAUTH')) function call to explicitly set the oauth_callback, right before the request token step. The only modifications my code here makes is to watch for the oauth_verifier when it comes to your callback step, and then to append the oauth_verifier as an OAuth parameter when it is present. If this patch works for you, let me know! |
|
@episod First, thanks for even taking the time to go after this. Second, for whatever reason your Library commit goes to https://api.twitter.com/oauth/authorize?oauth_token= and says Woah there! |
|
@episod This is my controller: https://gist.github.com/f5bc3f0b18b66bdf61ee/7501bcb38d9bd147ce5e1c4a08d9b0c6f7c8093e And I do call set_callback() |
|
OK, don't hate me for this, but I reformatted my fork's version of the libraries/tweet.php file so I could work with it better -- I had made an incorrect diff earlier trying to preserve the original formatting of the file and it's much easier for me to work with it this way. In this revision, I've re-remembered some of my rusty PHP and improved a little of this logic. Your controller looks fine from what I can tell -- if you weren't passing an oauth_token value to the authorize page, that means the request token step may have failed or the value fell out of session or my code clobbered it somehow (perhaps because of a silent error). Before you retest, I recommend clearing out your session so you're starting from a clean slate. If it still doesn't work for you, I'll add some logging in tomorrow and try to get it running on my machine -- it's likely something subtle that someone with a bit more familiarity may spot. https://github.com/episod/codeigniter-twitter/commit/e6fb9abdc085854aebe68d225ac21e5361eae5cf |
|
@episod I'll be taking a look at this this morning. But even after clearing everything out I'm still getting the same issue. Hopefully I can find out what is going wrong now. |
|
@episod Since my controller already uses CodeIgniter's built-in logging thingy this is what I got back after running it with your latest commit. ERROR - 2011-04-28 10:07:04 --> Severity: Notice --> Undefined variable: url /home/ownerswi/staging/application/libraries/tweet.php 544 |
|
Will try to look at this again today -- this is likely just my PHP being rusty. |
|
I want to let everyone know that after hours and hours of combing through this along with the current dev docs I got Twitter to authorize my app and save the user's access token and preferences in the session data. I'll be posting a less-buggy finalized version when it's ready. It looks nothing like the original.. :) |
|
@carolinecblaker Do share! |
|
@cdevroe - Will do, just as soon as I get it to post a status update and clear some of the refresh-the-method bugs. |
|
@carolinecblaker any luck? |
|
It looks like our contact at Twitter has also thrown in the towel on trying to fix this Library. The Facebook Library that Elliot has released has many issues as well, and so many have dropped them. I've been able to add Facebook Connect to my application very easily and will be focusing on Twitter Auth integration in my next build. When I do this, I'll likely build my very own Library and release it. I hope. :) |
|
@cdevroe I ended up using the twitter-async library, works great, just add those three files as includes in your controller or within a library: http://www.jaisenmathai.com/articles/twitter-async-documentation.html |
|
Hi guys - I've posted my changes. Check out the readme and give it a try: |
|
I've just gotten through this to the point of no bugs - other than inability to auto-tweet - What do you all think? Do you still need this library? |
|
Yah post your version up somewhere for sure. I'd be curious to see whatcha did! |
|
https://github.com/carolinecblaker/codeigniter-twitter Please please please pick this apart and let's make it tweet! It's fully operational with GET'g and Auth'g |
Hi Elliott,
The change is regarding the "authenticate" url vs. the "authorize" url which is the current method you have implemented. While using the later works, if a user has already "authed" in their account each time they are prompted to "Allow" twitter access... when using Twitter connect for signin this is an nuisance and detracts from the user experience. Hopefully you'll agree and this change is helpful
Cheers, BN