oauth_verifier


#1

It seems from my tests that oauth_verifier check that should be done by the service provider during in step E of http://oauth.net/core/diagram.png is not being done by api.twitter.com; this happens whether the oauth_callback is oob or a regular callback url.

The test is simple: just don’t send the oauth_verifier parameter as part of step F for acquiring an access token.

This issue should be easy to reproduce, but i§f necessary I can post my test code.

The oauth_verifier was part of the solution to the session fixation threat, and was only introduced in the oauth 1.0a specification. Because of this twitter may still not be forcing application developers to use it to avoid breaking backwards compatibility.

Is this correct? Or am I misinterpreting the oauth specification?
Is the twitter team aware of this?
When will twitter API start to force using the oauth_verifier?

Thanks in advance.


#2

Currently the API supports both the OAuth 1.0 and OAuth 1.0a authorization flows. We strongly encourage developers not using OAuth 1.0a to update their code as soon as possible.


#3

Thank you for the quick reply. :slight_smile:


#4

Are there any plans to deprecate 1.0 support?


#5

Como obter o PIN eu acesso essa pagina: https://api.twitter.com/oauth/authenticate da essa mensagem: “Pera lá!
Não há nenhum token de solicitação para esta página. Essa é a chave especial que precisamos receber dos aplicativos que solicitam usar a sua conta no Twitter. Por favor, volte para o site ou aplicativo que te mandou aqui e tente novamente; provavelmente foi apenas um erro.”


#6

Hi I’m new to developing app in twitter.
When user clicks on authorize app, twitter authorizes app and redirecting the user to the specified callback url,
My problem is after redirecting the user, how will i get his/her’s access_token and access_token_secret to make api calls to twitter.

Thanks


#7

Hi i’m first time implementing the twitter api in my website.

I want to get user information. i have downloaded the code from net. when i am running that simply on my website then it is running but when i am implementing the code in my codeinigter so then the code is giving problem. actually i am not returning from the twitter site twitter ask me for login i have logged in after that it ask me for

“You can use your Twitter account to sign in to other sites and services.
By signing in here, you can use UTC Testing App without sharing your Twitter password.”

when i am clicking on sign in button i am not returning back to my site instead i am still on the twitter site. i am not understating why it is happening can anyone let me know…


#8

I am using Share kit for accessing twitter but getting the same above error. I found from above replies that we have to add oauth verfier. But unable to found the way to add the oauth verfier. Please help me out of this problem.


#9

when i press the button authoriser l’application(to sign in my crm from twitter) , i get this error
Erreur du serveur dans l’application ‘/’.

La valeur était trop grande ou trop petite pour un Int32.

Description : Une exception non gérée s’est produite au moment de l’exécution de la requête Web actuelle. Contrôlez la trace de la pile pour plus d’informations sur l’erreur et son origine dans le code.

Détails de l’exception: System.OverflowException: La valeur était trop grande ou trop petite pour un Int32.

Erreur source:

Ligne 49 : // Step 3 - Exchange the Request Token for an Access Token
Ligne 50 : TwitterService service = new TwitterService(_consumerKey, _consumerSecret);
Ligne 51 : OAuthAccessToken accessToken = service.GetAccessToken(requestToken, oauth_verifier);
Ligne 52 : // Step 4 - User authenticates using the Access Token
Ligne 53 : service.AuthenticateWith(accessToken.Token, accessToken.TokenSecret);
PS : line 51 is colored