tag:blogger.com,1999:blog-5923972019140851567.post8184382192964873978..comments2022-11-22T21:29:28.161-06:00Comments on The blog of Abraham Williams: Using Twitter @Anywhere Bridge CodesAbraham Williamshttp://www.blogger.com/profile/01392328206399007226noreply@blogger.comBlogger17125tag:blogger.com,1999:blog-5923972019140851567.post-49529415010450448972011-07-18T14:07:20.081-05:002011-07-18T14:07:20.081-05:00I think they should rename @Anywhere to @Nowhere, ...I think they should rename @Anywhere to @Nowhere, how difficult could it be to work the same way FB.api does? <br /><br />Twitter Documentation :Poor<br />Twitter ObjectModel :Poor<br />Twitter OAuth Implementation:Poorest<br /><br />The only thing I'd hope from Twitter is an 'override', extra param or whatever to which I can pass an OAuthToken so I can sign in with a know token, without having to make my user travel around the web with his credentials, from IFrame to IFrame.José Angel Yánezhttps://www.blogger.com/profile/03878798178418524041noreply@blogger.comtag:blogger.com,1999:blog-5923972019140851567.post-57272587858391182011-06-16T18:44:34.966-05:002011-06-16T18:44:34.966-05:00It looks like Twitter stopped accepting bridge cod...It looks like Twitter stopped accepting bridge codes:<br />http://groups.google.com/group/twitter-development-talk/browse_thread/thread/50fcc4f28cd6b659/Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-5923972019140851567.post-83729161512697104672011-05-14T00:46:02.470-05:002011-05-14T00:46:02.470-05:00Anonymous: If you can go one way there really isn&...Anonymous: If you can go one way there really isn't any need to go the other way.abrahamhttp://www.blogger.com/profile/01392328206399007226noreply@blogger.comtag:blogger.com,1999:blog-5923972019140851567.post-86550656782097721542011-05-14T00:46:02.252-05:002011-05-14T00:46:02.252-05:00Thank you SO much for this, but question: I can...Thank you SO much for this, but question: I can't seem to capture the oauth_bridge_token when using the authComplete listener (for a .signIn() method used on a generic login button.)<br><br>Does this not work unless you use Twitter's .connectButton?EvilJordannoreply@blogger.comtag:blogger.com,1999:blog-5923972019140851567.post-40400612104319868632011-05-08T11:34:54.136-05:002011-05-08T11:34:54.136-05:00when a user who is logged into twitter and has aut...when a user who is logged into twitter and has authorized my app returns to my @anywhere page -<br />twitter should be checking twitter.com cookies on the back-end (iframe etc.), and executing a callback on my page to let me know the current user is logged in and auth-ed. there should be no interaction needed with any ui, it should be part of loading the anywhere script.<br /><br />that flow is unrelated to an anywhere token. it only requires the bridge - or better just a regular oauth token / verifier..<br /><br />with no secret and expiring the token so quickly, it just doesn't seem like real security. fine by me, i prefer rest apis over client apis anyway. <br /><br />i would hope that the anywhere token is only good for requests made with a particular request signature - 1. domain, 2. public key, 3. token, etc. <br /><br />but even then, twitter would need to take care when passing data (particularly domain name) between the anywhere js functions on the page and the iframes that do the actual back-end work. there are straightforward ways to trick this process without proper precautions.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-5923972019140851567.post-205506817414584562011-05-07T23:31:06.090-05:002011-05-07T23:31:06.090-05:00Anonymous: @anywhere is as close to Facebook Conne...Anonymous: @anywhere is as close to Facebook Connect as you will get from Twitter.<br /><br />@anywhere tokens only last a short period because if someone gains access to them they allow access to all of the users data. There is no secret hidden in a server somewhere to help protect the user longterm.Abraham Williamshttps://www.blogger.com/profile/01392328206399007226noreply@blogger.comtag:blogger.com,1999:blog-5923972019140851567.post-14761099172745523562011-05-07T13:02:15.546-05:002011-05-07T13:02:15.546-05:00@abraham Yes, I formulate my own auth link, I am n...@abraham Yes, I formulate my own auth link, I am not using the connect button.<br /><br />The problem comes when I use an ouath 1.0a link. there is no way to make @anywhere honor the returned token.<br /><br />however, even when getting the @anywhere token / bridge, the @anywhere portion is only good for a few hours, so its not worth the bother. <br /><br />is there anything closer to facebook connect in the twiiter api?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-5923972019140851567.post-13025889953993813972011-05-04T23:04:23.979-05:002011-05-04T23:04:23.979-05:00EvilJordan: Not sure. I've never tried it with...EvilJordan: Not sure. I've never tried it with the signIn() method. I would think that it should work though.Abraham Williamshttps://www.blogger.com/profile/01392328206399007226noreply@blogger.comtag:blogger.com,1999:blog-5923972019140851567.post-66803929704346949222011-05-04T02:45:49.508-05:002011-05-04T02:45:49.508-05:00Anonymous: If you already have the standard Sign i...Anonymous: If you already have the standard Sign in with Twitter flow implemented that switching would be more work. You don't have to use the @anywhere connect button. You could just use a link or even the existing Sign in with Twitter button.<br /><br />Yes @anywhere tokens are short lived. About 3 hours.Abraham Williamshttps://www.blogger.com/profile/01392328206399007226noreply@blogger.comtag:blogger.com,1999:blog-5923972019140851567.post-67184636324388504232011-05-02T08:59:06.483-05:002011-05-02T08:59:06.483-05:00not to mention my custom authComplete callback fun...not to mention my custom authComplete callback function is getting called multiple times (between 1-3) and obviously it fails after the first attempt, since it has already exchanged the token.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-5923972019140851567.post-86485998429402547672011-05-02T08:35:20.646-05:002011-05-02T08:35:20.646-05:00Correct me if I am wrong but - Even after converti...Correct me if I am wrong but - Even after converting the bridge token into a long-term oauth 1.0a token, then verifying and storing the auth token and secret - there are still only a few hours where the @anywhere script recognizes the logged in user. if the user comes back the next day, you have to go through the motions all over.. <br />much different and less useful than facebook connect - where the logged in user is connected to an app automatically after the first time they authorize it.. that is what makes it suitable for use as authentication. essentially T.isConnected() should return true if the user is logged in to twitter, and has previously authorized the app.<br />I noticed - there does not seem to be an "authenticate" endpoint for the oauth 2, only "authorize".. the 1.0a implementation has both endpoints, and I always used authenticate, not sure if that is my issue.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-5923972019140851567.post-50265218444966350602011-04-30T09:53:07.610-05:002011-04-30T09:53:07.610-05:00Not needed, but in my case it would be quite helpf...Not needed, but in my case it would be quite helpful: I do not intend to use the @anywhere connect button, and I already have OAuth 1.0a working. Now I want to use T.isConnected() feature from @anywhere, but I have to completely change the verification process in order to do so. <br /><br />I am to the point where I retrieve the access token using the oauth_bridge_token, but I keep getting 401s.. I will get eventually, but it would be easier if it I could go the other way.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-5923972019140851567.post-20921800431308886072011-04-29T22:21:23.325-05:002011-04-29T22:21:23.325-05:00Thank you SO much for this, but question: I can...Thank you SO much for this, but question: I can't seem to capture the oauth_bridge_token when using the authComplete listener (for a .signIn() method used on a generic login button.)<br /><br />Does this not work unless you use Twitter's .connectButton?EvilJordannoreply@blogger.comtag:blogger.com,1999:blog-5923972019140851567.post-41521902258234904182011-04-29T17:45:28.500-05:002011-04-29T17:45:28.500-05:00Anonymous: If you can go one way there really isn&...Anonymous: If you can go one way there really isn't any need to go the other way.Abraham Williamshttps://www.blogger.com/profile/01392328206399007226noreply@blogger.comtag:blogger.com,1999:blog-5923972019140851567.post-87700472616356756312011-04-29T17:37:37.781-05:002011-04-29T17:37:37.781-05:00lame.lame.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-5923972019140851567.post-69427758465384891432011-04-29T15:36:37.892-05:002011-04-29T15:36:37.892-05:00@Anonymous: No@Anonymous: NoAbraham Williamshttps://www.blogger.com/profile/01392328206399007226noreply@blogger.comtag:blogger.com,1999:blog-5923972019140851567.post-18954426035170215372011-04-29T09:23:54.362-05:002011-04-29T09:23:54.362-05:00Is it possible to go the other way?
e.g. Use the s...Is it possible to go the other way?<br />e.g. Use the standard OAuth flow to generate a 1.0a access token, and then somehow obtain a @Anywhere token also.Anonymousnoreply@blogger.com