Search Results

Search found 799 results on 32 pages for 'authlogic oauth'.

Page 5/32 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • Twitter Oauth Strategy with Warden + Devise Authentication Gems for Ruby

    - by Michael Waxman
    Devise, the authentication gem for Ruby based on Warden (another auth gem) does not support Twitter Oauth as an authentication strategy, BUT Warden does. There is a way to use the Warden Twitter Oauth strategy within Devise, but I cannot figure it out. I'm using the following block in the devise config file: config.warden do |manager| manager.oauth(:twitter) do |twitter| twitter.consumer_secret = <SECRET> twitter.consumer_key = <KEY> twitter.options :site => 'http://twitter.com' end manager.default_strategies.unshift :twitter_oauth end But I keep on getting all sorts of error messages. Does anyone know how to make this work? I'm assuming there is more to do here (configuring a new link/route to talk to Warden, maybe adding attributes to the Devise User model, etc.), but I can't figure out what they are. Please help.

    Read the article

  • Getting the username in Twitter using OAuth 0.1.1 Grails plugin

    - by firnnauriel
    anyone had tried using http://www.grails.org/plugin/oauth? i'm trying it in twitter.com and i'm having an issue on getting the username or accessing this API: http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-account%C2%A0verify_credentials here's the code in my callback URL: def twitterCallback = { def response = oauthService.accessResource('http://api.twitter.com/1/account/verify_credentials.json','twitter', session.oauthToken) log.debug "response: ${response}" } i keep getting this error: 2010-04-22 14:32:56,842 [http-8081-1] WARN httpclient.HttpMethodBase - Cookie rejected: "$Version=0; _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCMQcOCQoAToHaWQiJThiYWY4MGI1YTY1M2U0%250AYTRhNjAzYTA2NTBmNjkzZTYwIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--31d191141bf32e0489967492692f1e77fc9e1845; $Path=/; $Domain=.twitter.com". Illegal domain attribute ".twitter.com". Domain of origin: "twitter.com" 2010-04-22 14:32:56,854 [http-8081-1] INFO auth.AuthChallengeProcessor - basic authentication scheme selected 2010-04-22 14:32:56,856 [http-8081-1] INFO httpclient.HttpMethodDirector - No credentials available for BASIC 'Twitter API'@twitter.com:80 2010-04-22 14:32:56,865 [http-8081-1] ERROR errors.GrailsExceptionResolver - null it seems that it uses BASIC authentication instead of OAuth. any ideas? or is there an issue in the OAuth Grails plugin? thanks.

    Read the article

  • Getting 401 on Twitter OAuth POST requests

    - by Baishampayan Ghose
    I am trying to use Twitter OAuth and my POST requests are failing with a 401 (Invalid OAuth Request) error. For example, if I want to post a new status update, I am sending a HTTP POST request to https://twitter.com/statuses/update.json with the following parameters - status=Testing&oauth_version=1.0&oauth_token=xxx& oauth_nonce=xxx&oauth_timestamp=xxx&oauth_signature=xxx& oauth_consumer_key=xxx&in_reply_to=xxx&oauth_signature_method=HMAC-SHA1` My GET requests are all working fine. I can see on the mailing lists that a lot of people have had identical problems but I could not find a solution anywhere. I am using the oauth.py Python library.

    Read the article

  • Passing parameters thru Ruby's OAuth

    - by JP
    I'm using Mirven's Twitter OAuth Sinatra example and trying to figure out how I can send a 'next page' parameter with the Oauth request: ie. The user attempts to visit /edit/profile which requires a login so I redirect to /request which deals with login via twitter - I now want to be able to redirect the user to the address they were originally looking for if they log in successfully. I thought I could do this in the .get_request_token line with this code: @request_token = @consumer.get_request_token({:oauth_callback => "http://#{request.host}/auth"},{:next => params['next'] || '/'}) But params has no additional items in the /auth handler. I'm new to OAuth, how would I go about doing this?

    Read the article

  • Working with OAuth on Google with Python

    - by Dan Loewenherz
    I'm having a very frustrating time creating a valid signature for Google's OAuth implementation. I have narrowed it all down to the fact that my signature-generation code has an error of some sort; what it is I have no idea. This is the signature base string in its entirety: GET&https%3A%2F%2Fwww.google.com%2Faccounts%2FOAuthGetAccessToken&oauth_consumer_key%3Ddlosplayground.appspot.com%26oauth_nonce%3D72815d55697cb24301fab03e1f7f1d66%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1274327867%26oauth_token%3D4%252FX2cZ54JuseQbgRwzTBzZ7lqIwqof%26oauth_verifier%3Dihf0F2Fx%252FpnCmwbVQnk2xMre%26oauth_version%3D1.0 The OAuth Playground returns an oauth_signature of gF8qAfWjpdKjKb4KR%2FvA2Gy0vhU%3D. My code gives me ikMpIKJQJ58jseg%2BKPBTecjmYPE%3D, so obviously I'm doing something wrong. Here's my signature generation code (equivalent to that of the standard oauth.py library): binascii.b2a_base64(hmac.new(CONSUMER_SECRET, BASE_STRING, hashlib.sha1).digest())[:-1] Any thoughts?

    Read the article

  • Twitter oauth/request_token failing sometimes

    - by Techpriester
    Hello there. I'm implementing Twitters OAuth for Adobe AIR in Javascript. My problem is, that out of 100 requests to api.twitter.com/oauth/request_token about 30 fail with the usual error message: Failed to validate oauth signature and token The other 70% of requests produce a correct response, so I believe that my algorithm for signing is correct. I've read about invalid timestamps in a lot of forums and mailing lists but that is not the problem. My timestamps are correct. I also checked, if the nonces are unique, so that's not the cause either. Any ideas why this is happening?

    Read the article

  • Implement OAuth in Java

    - by phineas
    I made an an attempt to implement OAuth for my programming idea in Java, but I failed miserably. I don't know why, but my code doesn't work. Every time I run my program, an IOException is thrown with the reason "java.io.IOException: Server returned HTTP response code: 401" (401 means Unauthorized). I had a close look at the docs, but I really don't understand why it doesn't work. My OAuth provider I wanted to use is twitter, where I've registered my app, too. Thanks in advance phineas OAuth docs Twitter API wiki Class Base64Coder import java.io.InputStreamReader; import java.io.BufferedReader; import java.io.OutputStream; import java.io.IOException; import java.io.UnsupportedEncodingException; import java.net.URL; import java.net.URLEncoder; import java.net.URLConnection; import java.net.MalformedURLException; import javax.crypto.Mac; import javax.crypto.spec.SecretKeySpec; import java.security.NoSuchAlgorithmException; import java.security.InvalidKeyException; public class Request { public static String read(String url) { StringBuffer buffer = new StringBuffer(); try { /** * get the time - note: value below zero * the millisecond value is used for oauth_nonce later on */ int millis = (int) System.currentTimeMillis() * -1; int time = (int) millis / 1000; /** * Listing of all parameters necessary to retrieve a token * (sorted lexicographically as demanded) */ String[][] data = { {"oauth_callback", "SOME_URL"}, {"oauth_consumer_key", "MY_CONSUMER_KEY"}, {"oauth_nonce", String.valueOf(millis)}, {"oauth_signature", ""}, {"oauth_signature_method", "HMAC-SHA1"}, {"oauth_timestamp", String.valueOf(time)}, {"oauth_version", "1.0"} }; /** * Generation of the signature base string */ String signature_base_string = "POST&"+URLEncoder.encode(url, "UTF-8")+"&"; for(int i = 0; i < data.length; i++) { // ignore the empty oauth_signature field if(i != 3) { signature_base_string += URLEncoder.encode(data[i][0], "UTF-8") + "%3D" + URLEncoder.encode(data[i][1], "UTF-8") + "%26"; } } // cut the last appended %26 signature_base_string = signature_base_string.substring(0, signature_base_string.length()-3); /** * Sign the request */ Mac m = Mac.getInstance("HmacSHA1"); m.init(new SecretKeySpec("CONSUMER_SECRET".getBytes(), "HmacSHA1")); m.update(signature_base_string.getBytes()); byte[] res = m.doFinal(); String sig = String.valueOf(Base64Coder.encode(res)); data[3][1] = sig; /** * Create the header for the request */ String header = "OAuth "; for(String[] item : data) { header += item[0]+"=\""+item[1]+"\", "; } // cut off last appended comma header = header.substring(0, header.length()-2); System.out.println("Signature Base String: "+signature_base_string); System.out.println("Authorization Header: "+header); System.out.println("Signature: "+sig); String charset = "UTF-8"; URLConnection connection = new URL(url).openConnection(); connection.setDoInput(true); connection.setDoOutput(true); connection.setRequestProperty("Accept-Charset", charset); connection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded;charset=" + charset); connection.setRequestProperty("Authorization", header); connection.setRequestProperty("User-Agent", "XXXX"); OutputStream output = connection.getOutputStream(); output.write(header.getBytes(charset)); BufferedReader reader = new BufferedReader(new InputStreamReader(connection.getInputStream())); String read; while((read = reader.readLine()) != null) { buffer.append(read); } } catch(Exception e) { e.printStackTrace(); } return buffer.toString(); } public static void main(String[] args) { System.out.println(Request.read("http://api.twitter.com/oauth/request_token")); } }

    Read the article

  • Standards Corner: OAuth WG Client Registration Problem

    - by Tanu Sood
    Phil Hunt is an active member of multiple industry standards groups and committees (see brief bio at the end of the post) and has spearheaded discussions, creation and ratifications of  Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-family:"Calibri","sans-serif"; mso-ascii- mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi- mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} industry standards including the Kantara Identity Governance Framework, among others. Being an active voice in the industry standards development world, we have invited him to share his discussions, thoughts, news & updates, and discuss use cases, implementation success stories (and even failures) around industry standards on this monthly column. Author: Phil Hunt This afternoon, the OAuth Working Group will meet at IETF88 in Vancouver to discuss some important topics important to the maturation of OAuth. One of them is the OAuth client registration problem.OAuth (RFC6749) was initially developed with a simple deployment model where there is only monopoly or singleton cloud instance of a web API (e.g. there is one Facebook, one Google, on LinkedIn, and so on). When the API publisher and API deployer are the same monolithic entity, it easy for developers to contact the provider and register their app to obtain a client_id and credential.But what happens when the API is for an open source project where there may be 1000s of deployed copies of the API (e.g. such as wordpress). In these cases, the authors of the API are not the people running the API. In these scenarios, how does the developer obtain a client_id? An example of an "open deployed" API is OpenID Connect. Connect defines an OAuth protected resource API that can provide personal information about an authenticated user -- in effect creating a potentially common API for potential identity providers like Facebook, Google, Microsoft, Salesforce, or Oracle. In Oracle's case, Fusion applications will soon have RESTful APIs that are deployed in many different ways in many different environments. How will developers write apps that can work against an openly deployed API with whom the developer can have no prior relationship?At present, the OAuth Working Group has two proposals two consider: Dynamic RegistrationDynamic Registration was originally developed for OpenID Connect and UMA. It defines a RESTful API in which a prospective client application with no client_id creates a new client registration record with a service provider and is issued a client_id and credential along with a registration token that can be used to update registration over time.As proof of success, the OIDC community has done substantial implementation of this spec and feels committed to its use. Why not approve?Well, the answer is that some of us had some concerns, namely: Recognizing instances of software - dynamic registration treats all clients as unique. It has no defined way to recognize that multiple copies of the same client are being registered other then assuming if the registration parameters are similar it might be the same client. Versioning and Policy Approval of open APIs and clients - many service providers have to worry about change management. They expect to have approval cycles that approve versions of server and client software for use in their environment. In some cases approval might be wide open, but in many cases, approval might be down to the specific class of software and version. Registration updates - when does a client actually need to update its registration? Shouldn't it be never? Is there some characteristic of deployed code that would cause it to change? Options lead to complexity - because each client is treated as unique, it becomes unclear how the clients and servers will agree on what credentials forms are acceptable and what OAuth features are allowed and disallowed. Yet the reality is, developers will write their application to work in a limited number of ways. They can't implement all the permutations and combinations that potential service providers might choose. Stateful registration - if the primary motivation for registration is to obtain a client_id and credential, why can't this be done in a stateless fashion using assertions? Denial of service - With so much stateful registration and the need for multiple tokens to be issued, will this not lead to a denial of service attack / risk of resource depletion? At the very least, because of the information gathered, it would difficult for service providers to clean up "failed" registrations and determine active from inactive or false clients. There has yet to be much wide-scale "production" use of dynamic registration other than in small closed communities. Client Association A second proposal, Client Association, has been put forward by Tony Nadalin of Microsoft and myself. We took at look at existing use patterns to come up with a new proposal. At the Berlin meeting, we considered how WS-STS systems work. More recently, I took a review of how mobile messaging clients work. I looked at how Apple, Google, and Microsoft each handle registration with APNS, GCM, and WNS, and a similar pattern emerges. This pattern is to use an existing credential (mutual TLS auth), or client bearer assertion and swap for a device specific bearer assertion.In the client association proposal, the developer's registration with the API publisher is handled by having the developer register with an API publisher (as opposed to the party deploying the API) and obtaining a software "statement". Or, if there is no "publisher" that can sign a statement, the developer may include their own self-asserted software statement.A software statement is a special type of assertion that serves to lock application registration profile information in a signed assertion. The statement is included with the client application and can then be used by the client to swap for an instance specific client assertion as defined by section 4.2 of the OAuth Assertion draft and profiled in the Client Association draft. The software statement provides a way for service provider to recognize and configure policy to approve classes of software clients, and simplifies the actual registration to a simple assertion swap. Because the registration is an assertion swap, registration is no longer "stateful" - meaning the service provider does not need to store any information to support the client (unless it wants to). Has this been implemented yet? Not directly. We've only delivered draft 00 as an alternate way of solving the problem using well-known patterns whose security characteristics and scale characteristics are well understood. Dynamic Take II At roughly the same time that Client Association and Software Statement were published, the authors of Dynamic Registration published a "split" version of the Dynamic Registration (draft-richer-oauth-dyn-reg-core and draft-richer-oauth-dyn-reg-management). While some of the concerns above are addressed, some differences remain. Registration is now a simple POST request. However it defines a new method for issuing client tokens where as Client Association uses RFC6749's existing extension point. The concern here is whether future client access token formats would be addressed properly. Finally, Dyn-reg-core does not yet support software statements. Conclusion The WG has some interesting discussion to bring this back to a single set of specifications. Dynamic Registration has significant implementation, but Client Association could be a much improved way to simplify implementation of the overall OpenID Connect specification and improve adoption. In fairness, the existing editors have already come a long way. Yet there are those with significant investment in the current draft. There are many that have expressed they don't care. They just want a standard. There is lots of pressure on the working group to reach consensus quickly.And that folks is how the sausage is made.Note: John Bradley and Justin Richer recently published draft-bradley-stateless-oauth-client-00 which on first look are getting closer. Some of the details seem less well defined, but the same could be said of client-assoc and software-statement. I hope we can merge these specs this week. Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-family:"Calibri","sans-serif"; mso-ascii- mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi- mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} About the Writer: Phil Hunt joined Oracle as part of the November 2005 acquisition of OctetString Inc. where he headed software development for what is now Oracle Virtual Directory. Since joining Oracle, Phil works as CMTS in the Identity Standards group at Oracle where he developed the Kantara Identity Governance Framework and provided significant input to JSR 351. Phil participates in several standards development organizations such as IETF and OASIS working on federation, authorization (OAuth), and provisioning (SCIM) standards.  Phil blogs at www.independentid.com and a Twitter handle of @independentid.

    Read the article

  • Using LINQ to Twitter OAuth with Windows 8

    - by Joe Mayo
    In previous posts, I explained how to use LINQ to Twitter with Windows 8, but the example was a Twitter Search, which didn’t require authentication. Much of the Twitter API requires authentication, so this post will explain how you can perform OAuth authentication with LINQ to Twitter in a Windows 8 Metro-style application. Getting Started I have earlier posts on how to create a Windows 8 app and add pages, so I’ll assume it isn’t necessary to repeat here. One difference is that I’m using Visual Studio 2012 RC and some of the terminology and/or library code might be slightly different.  Here are steps to get started: Create a new Windows metro style app, selecting the Blank App project template. Create a new Basic Page and name it OAuth.xaml.  Note: You’ll receive a prompt window for adding files and you should click Yes because those files are necessary for this demo. Add a new Basic Page named TweetPage.xaml. Open App.xaml.cs and change !rootFrame.Navigate(typeof(MainPage)) to !rootFrame.Navigate(typeof(TweetPage)). Now that the project is set up you’ll see the reason why authentication is required by setting up the TweetPage. Setting Up to Tweet a Status In this section, I’ll show you how to set up the XAML and code-behind for a tweet.  The tweet logic will check to see if the user is authenticated before performing the tweet. To tweet, I put a TextBox and Button on the XAML page. The following code omits most of the page, concentrating primarily on the elements of interest in this post: <StackPanel Grid.Row="1"> <TextBox Name="TweetTextBox" Margin="15" /> <Button Name="TweetButton" Content="Tweet" Click="TweetButton_Click" Margin="15,0" /> </StackPanel> Given the UI above, the user types the message they want to tweet, and taps Tweet. This invokes TweetButton_Click, which checks to see if the user is authenticated.  If the user is not authenticated, the app navigates to the OAuth page.  If they are authenticated, LINQ to Twitter does an UpdateStatus to post the user’s tweet.  Here’s the TweetButton_Click implementation: void TweetButton_Click(object sender, RoutedEventArgs e) { PinAuthorizer auth = null; if (SuspensionManager.SessionState.ContainsKey("Authorizer")) { auth = SuspensionManager.SessionState["Authorizer"] as PinAuthorizer; } if (auth == null || !auth.IsAuthorized) { Frame.Navigate(typeof(OAuthPage)); return; } var twitterCtx = new TwitterContext(auth); Status tweet = twitterCtx.UpdateStatus(TweetTextBox.Text); new MessageDialog(tweet.Text, "Successful Tweet").ShowAsync(); } For authentication, this app uses PinAuthorizer, one of several authorizers available in the LINQ to Twitter library. I’ll explain how PinAuthorizer works in the next section. What’s important here is that LINQ to Twitter needs an authorizer to post a Tweet. The code above checks to see if a valid authorizer is available. To do this, it uses the SuspensionManager class, which is part of the code generated earlier when creating OAuthPage.xaml. The SessionState property is a Dictionary<string, object> and I’m using the Authorizer key to store the PinAuthorizer.  If the user previously authorized during this session, the code reads the PinAuthorizer instance from SessionState and assigns it to the auth variable. If the user is authorized, auth would not be null and IsAuthorized would be true. Otherwise, the app navigates the user to OAuthPage.xaml, which I’ll discuss in more depth in the next section. When the user is authorized, the code passes the authorizer, auth, to the TwitterContext constructor. LINQ to Twitter uses the auth instance to build OAuth signatures for each interaction with Twitter.  You no longer need to write any more code to make this happen. The code above accepts the tweet just posted in the Status instance, tweet, and displays a message with the text to confirm success to the user. You can pull the PinAuthorizer instance from SessionState, instantiate your TwitterContext, and use it as you need. Just remember to make sure you have a valid authorizer, like the code above. As shown earlier, the code navigates to OAuthPage.xaml when a valid authorizer isn’t available. The next section shows how to perform the authorization upon arrival at OAuthPage.xaml. Doing the OAuth Dance This section shows how to authenticate with LINQ to Twitter’s built-in OAuth support. From the user perspective, they must be navigated to the Twitter authentication page, add credentials, be navigated to a Pin number page, and then enter that Pin in the Windows 8 application. The following XAML shows the relevant elements that the user will interact with during this process. <StackPanel Grid.Row="2"> <WebView x:Name="OAuthWebBrowser" HorizontalAlignment="Left" Height="400" Margin="15" VerticalAlignment="Top" Width="700" /> <TextBlock Text="Please perform OAuth process (above), enter Pin (below) when ready, and tap Authenticate:" Margin="15,15,15,5" /> <TextBox Name="PinTextBox" Margin="15,0,15,15" Width="432" HorizontalAlignment="Left" IsEnabled="False" /> <Button Name="AuthenticatePinButton" Content="Authenticate" Margin="15" IsEnabled="False" Click="AuthenticatePinButton_Click" /> </StackPanel> The WebView in the code above is what allows the user to see the Twitter authentication page. The TextBox is for entering the Pin, and the Button invokes code that will take the Pin and allow LINQ to Twitter to complete the authentication process. As you can see, there are several steps to OAuth authentication, but LINQ to Twitter tries to minimize the amount of code you have to write. The two important parts of the code to make this happen are the part that starts the authentication process and the part that completes the authentication process. The following code, from OAuthPage.xaml.cs, shows a couple events that are instrumental in making this process happen: public OAuthPage() { this.InitializeComponent(); this.Loaded += OAuthPage_Loaded; OAuthWebBrowser.LoadCompleted += OAuthWebBrowser_LoadCompleted; } The OAuthWebBrowser_LoadCompleted event handler enables UI controls when the browser is done loading – notice that the TextBox and Button in the previous XAML have their IsEnabled attributes set to False. When the Page.Loaded event is invoked, the OAuthPage_Loaded handler starts the OAuth process, shown here: void OAuthPage_Loaded(object sender, RoutedEventArgs e) { auth = new PinAuthorizer { Credentials = new InMemoryCredentials { ConsumerKey = "", ConsumerSecret = "" }, UseCompression = true, GoToTwitterAuthorization = pageLink => Dispatcher.RunAsync(CoreDispatcherPriority.Normal, () => OAuthWebBrowser.Navigate(new Uri(pageLink, UriKind.Absolute))) }; auth.BeginAuthorize(resp => Dispatcher.RunAsync(CoreDispatcherPriority.Normal, () => { switch (resp.Status) { case TwitterErrorStatus.Success: break; case TwitterErrorStatus.RequestProcessingException: case TwitterErrorStatus.TwitterApiError: new MessageDialog(resp.Error.ToString(), resp.Message).ShowAsync(); break; } })); } The PinAuthorizer, auth, a field of this class instantiated in the code above, assigns keys to the Credentials property. These are credentials that come from registering an application with Twitter, explained in the LINQ to Twitter documentation, Securing Your Applications. Notice how I use Dispatcher.RunAsync to marshal the web browser navigation back onto the UI thread. Internally, LINQ to Twitter invokes the lambda expression assigned to GoToTwitterAuthorization when starting the OAuth process.  In this case, we want the WebView control to navigate to the Twitter authentication page, which is defined with a default URL in LINQ to Twitter and passed to the GoToTwitterAuthorization lambda as pageLink. Then you need to start the authorization process by calling BeginAuthorize. This starts the OAuth dance, running asynchronously.  LINQ to Twitter invokes the callback assigned to the BeginAuthorize parameter, allowing you to take whatever action you need, based on the Status of the response, resp. As mentioned earlier, this is where the user performs the authentication process, enters the Pin, and clicks authenticate. The handler for authenticate completes the process and saves the authorizer for subsequent use by the application, as shown below: void AuthenticatePinButton_Click(object sender, RoutedEventArgs e) { auth.CompleteAuthorize( PinTextBox.Text, completeResp => Dispatcher.RunAsync(CoreDispatcherPriority.Normal, () => { switch (completeResp.Status) { case TwitterErrorStatus.Success: SuspensionManager.SessionState["Authorizer"] = auth; Frame.Navigate(typeof(TweetPage)); break; case TwitterErrorStatus.RequestProcessingException: case TwitterErrorStatus.TwitterApiError: new MessageDialog(completeResp.Error.ToString(), completeResp.Message).ShowAsync(); break; } })); } The PinAuthorizer CompleteAuthorize method takes two parameters: Pin and callback. The Pin is from what the user entered in the TextBox prior to clicking the Authenticate button that invoked this method. The callback handles the response from completing the OAuth process. The completeResp holds information about the results of the operation, indicated by a Status property of type TwitterErrorStatus. On success, the code assigns auth to SessionState. You might remember SessionState from the previous description of TweetPage – this is where the valid authorizer comes from. After saving the authorizer, the code navigates the user back to TweetPage, where they can type in a message, click the Tweet button, and observe that they have successfully tweeted. Summary You’ve seen how to get started with using LINQ to Twitter in a Metro-style application. The generated code contained a SuspensionManager class with way to manage information across multiple pages via its SessionState property. You also saw how LINQ to Twitter performs authorization in two steps of starting the process and completing the process when the user provides a Pin number. Remember to marshal callback thread back onto the UI – you saw earlier how to use Dispatcher.RunAsync to accomplish this. There were a few steps in the process, but LINQ to Twitter did minimize the amount of code you needed to write to make it happen. You can download the MetroOAuthDemo.zip sample on the LINQ to Twitter Samples Page.   @JoeMayo

    Read the article

  • OAuth-Wrap Beginners Tutorial

    - by ChrisMJ
    Ok im looking for beginners OAuth-Wrap tutorials. I want to know where to begin. I will be using Javascript / PHP for my coding. I want to play around with an API that uses OAuth-Wrap. If can help me that would be much appreciated :)

    Read the article

  • Twitter Oauth GMT / BST problem

    - by Andrei Serdeliuc
    I keep getting 401 when trying to login via Oauth with Twitter. I'm using twitter_oauth-0.3.3 with oauth-0.3.6 in rails It used to work perfectly some time ago, so after some digging, I realised it might have something to do with my timezone. In the headers of the Twitter response, one of them is: date: - Sun, 11 Apr 2010 16:53:34 GMT Even though the time is actually 17:53:34 BST I'm assuming the request is signed using BST time, and so it fails. Anyone had this problem / found a fix for it?

    Read the article

  • Yahoo OAuth question

    - by ben
    Hi, I'm keep getting oauth_problem=consumer_key_unknown error when trying oauth https://api.login.yahoo.com/oauth/v2/get_request_token I'm pretty sure my consumer key is correct because it works locally (Runs via 127.0.0.1). Just keep giving me oauth_problem=consumer_key_unknown when I try it on my server. Any ideas?

    Read the article

  • DotNetOpenAuth oAuth in ASP.NET MVC

    - by nikmd23
    I'm trying to understand how to apply the oAuth consumer library from DotNetOpenAuth in the context of ASP.NET MVC. oAuth is new to me, and the library doesn't seem very simple. Does anyone have a sample of leveraging this library, for this usage, in ASP.NET MVC?

    Read the article

  • JTwitter OAuth with callback authorisation

    - by RenegadeAndy
    Hey guys. I am writing an App using JTwitter however I need to authenticate in order to not have the 150 requests per minute on the public api. Jtwitter seems to support OAuth however I have some questions. My app will be running behind a company firewall - so the URL wont be accessible outside of the company's network - will callback authorisation work, and does anybody have an example of using callback authorisation using OAuth in JTwitter - because I cannot work it out in order to try it. Cheers, Andy

    Read the article

  • alternatives to accessing google reader with oauth?

    - by Dustin Getz
    I'm really new to this oauth stuff. I want to access a user's google reader liked items feed. This blog says that oauth doesn't work (yet) with google reader. The working way seems to be to get the user's google credentials (email, password) directly, and login directly to google. This also gives me access to the rest of their services. Is there a better way, or must the user trust me with their google credentials?

    Read the article

  • Twitter Oauth login in a cron agent executing PHP file evenry 2 minutes

    - by CHAUDY
    Hello, I'm using Twitter Basic authentification in a CRON agent to get et savelist of tweets in SQL db of 5 of my twitter account. Because we have to use Oauth after June 30th I'm searching to know how can I use oauth without connecting me manually. In fact I don't have user interface in my PHP file executed every 2 minutes. Thanks in advance for your help. Joel.

    Read the article

  • JavaScript OAuth sign in with Twitter

    - by user296601
    Hi, I have to integrate Sign-in-with Twitter in my app as below. http://apiwiki.twitter.com/Sign-in-with-Twitter It is browser based app developed in JavaScript I have been refering google code java script OAuth, but im confused how to use oauth/authenticate and how to get the oauth_token Can any one please help me out with some samples ?

    Read the article

  • OpenID register on login (authlogic_openid)

    - by Glex
    What is the proper way to register users automatically when they log in with openid? I am using authlogic with an authlogic-oid gem (and an older version of openid_authentication). The stuff I read online so far seems to be obsolete. Does anyone know the proper way to do it with the new gem? What I do now is: options = params[:user_session] || {} [:openid_identifier].each { |k| options[k] = params[k] if params[k] } @user_session = UserSession.new(options) @user_session.save do |result| if result flash[:notice] = "Login successful! (#{result.inspect})" redirect_back_or_default account_url else render :action => :new end end By the way, I don't see the Login Successful flash (but that is not that big of a deal).

    Read the article

  • Error getting twitter request token using OAuth and PEAR Services_Twitter

    - by Onema
    Hello, I am moving from the basic authentication method using username and password to the OAuth based authentication. I was using an old version of the pear package Services_Twitter, that did not support OAuth. The latest version of this package supports OAuth authentications, it has a few dependencies (HTTP_Request2, HTTP_OAuth). It was very simple to install them and upgrade the package. I did all this my local machine and had no trouble getting the authentication up and running. I committed this code to the test site, but every time the code request a "request token" I get the following error message "Unable to connect to ssl://api.twitter.com:443. Error #0" I have spend 6 hours making sure that all the pear packages where up to date, checking the customer token and token secret, making sure port 443 is not closed... in addition to various other test. I have exhausted my resources and I come to you in hope to find some answers. Thank you PD: One of the things I do not understand is why does the message says that the url is ssl://api.twitter.com:443 rather than https://api.twitter.com/request_token? the former one is the one I am using to get the request token.

    Read the article

  • Universal oAuth for objective-c class?

    - by phpnerd211
    I have an app that connects to 6+ social networks via APIs. What I want to do is transfer over my oAuth calls to call directly from the phone (not from the server). Here's what I have (for tumblr): // Set some variables NSString *consumerKey = CONSUMER_KEY_HERE; NSString *sharedSecret = SHARED_SECRET_HERE; NSString *callToURL = @"https://tumblr.com/oauth/access_token"; NSString *thePassword = PASSWORD_HERE; NSString *theUsername = USERNAME_HERE; // Calculate nonce & timestamp NSString *nonce = [[NSString stringWithFormat:@"%d", arc4random()] retain]; time_t t; time(&t); mktime(gmtime(&t)); NSString *timestamp = [[NSString stringWithFormat:@"%d", (int)(((float)([[NSDate date] timeIntervalSince1970])) + 0.5)] retain]; // Generate signature NSString *baseString = [NSString stringWithFormat:@"GET&%@&%@",[callToURL urlEncode],[[NSString stringWithFormat:@"oauth_consumer_key=%@&oauth_nonce=%@&oauth_signature_method=HMAC-SHA1&oauth_timestamp=%@&oauth_version=1.0&x_auth_mode=client_auth&x_auth_password=%@&x_auth_username=%@",consumerKey,nonce,timestamp,thePassword,theUsername] urlEncode]]; NSLog(@"baseString: %@",baseString); const char *cKey = [sharedSecret cStringUsingEncoding:NSASCIIStringEncoding]; const char *cData = [baseString cStringUsingEncoding:NSASCIIStringEncoding]; unsigned char cHMAC[CC_SHA256_DIGEST_LENGTH]; CCHmac(kCCHmacAlgSHA256, cKey, strlen(cKey), cData, strlen(cData), cHMAC); NSData *HMAC = [[NSData alloc] initWithBytes:cHMAC length:sizeof(cHMAC)]; NSString *signature = [HMAC base64EncodedString]; NSString *theUrl = [NSString stringWithFormat:@"%@?oauth_consumer_key=%@&oauth_nonce=%@&oauth_signature=%@&oauth_signature_method=HMAC-SHA1&oauth_timestamp=%@&oauth_version=1.0&x_auth_mode=client_auth&x_auth_password=%@&x_auth_username=%@",callToURL,consumerKey,nonce,signature,timestamp,thePassword,theUsername]; From tumblr, I get this error: oauth_signature does not match expected value I've done some forum scouring, and no oAuth for objective-c classes worked for what I want to do. I also don't want to have to download and implement 6+ social API classes into my project and do it that way.

    Read the article

  • Curl, twitter oauth problem

    - by Darxval
    Does anyone see a problem with the following Curl call / how the Oauth request is built? (i am trying to get a correctly setup request so i can finish my app) So i am calling the following CURL call: C:\>curl -v -k --data-urlencode "status=Testing2" -H "Authorization: OAuth realm='', oauth_nonce=1276107867blah, oauth_timestamp=1276107867, oauth_consumer_key=yJDLH7BDdVi1OKIINSV7Q, oauth_signature_method=HMAC-SHA1, oauth_version=1.0, oauth_signature=NWU4MDdlNjk0OGIxYWQ1YTkyNmU5YjU1NGYyOTczMmU5ZDg5 YWNkNA==, staus=Testing2 " http://twitter.com/statuses/update.xml?status=Testing2 and i recieve this: * About to connect() to twitter.com port 80 (#0) * Trying 168.143.162.68... connected * Connected to twitter.com (168.143.162.68) port 80 (#0) > POST /statuses/update.xml?status=Testing2 HTTP/1.1 > User-Agent: curl/7.20.1 (i386-pc-win32) libcurl/7.20.1 OpenSSL/0.9.8n zlib/1.2.5 libidn/1.18 libssh2/1.2.5 > Host: twitter.com > Accept: */* > Authorization: OAuth realm='', oauth_nonce=1276106370blah, oauth_timestamp=1276106370, oauth_consumer_key=yJDLH7BDdVi1OKIINSV7Q, oauth_signature_method=HMAC-SHA1, oauth_version=1.0, oauth_signature=MjQzNDA1MGU4NGRmMWVjMzUwZmQ4YzE5NzMzY2I1ZDJlOTRkNmQ2Zg==, staus=Testing2 > Content-Length: 15 > Content-Type: application/x-www-form-urlencoded > < HTTP/1.1 401 Unauthorized < Date: Wed, 09 Jun 2010 18:00:22 GMT < Server: hi < Status: 401 Unauthorized < WWW-Authenticate: Basic realm="Twitter API" < X-Runtime: 0.00548 < Content-Type: application/xml; charset=utf-8 < Content-Length: 164 < Cache-Control: no-cache, max-age=1800 < Set-Cookie: k=209.234.229.21.1276106420885412; path=/; expires=Wed, 16-Jun-10 18:00:20 GMT; domain=.twitter.com < Set-Cookie: guest_id=127610642214871948; path=/; expires=Fri, 09 Jul 2010 18:00:22 GMT < Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCIm33h0pAToHaWQiJTkyMjllODE0NTdiYWE1%250AMWU1MzBmNjgwMTFiMDhkYjdlIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--8ebb3c62d461d28f8fda7b8adab642af66969f7e; domain=.twitter.com; path=/ < Expires: Wed, 09 Jun 2010 18:30:20 GMT < Vary: Accept-Encoding < Connection: close < <?xml version="1.0" encoding="UTF-8"?> <hash> <request>/statuses/update.xml?status=Testing2</request> <error>Could not authenticate with OAuth.</error> </hash> * Closing connection #0 my Parameters are setup like so: var parameters = [encodeURIComponent("status="+status),encodeURIComponent("oauth_token="+ac_token),encodeURIComponent("oauth_consumer_key="+"yJDLH7BDdVi1OKIINSV7Q"),encodeURIComponent("oauth_nonce="+nonce,"oauth_signature_method=HMAC-SHA1"),encodeURIComponent("oauth_timestamp="+timestamp),encodeURIComponent("oauth_version=1.0")] var join = parameters.join("&"); var eparamjoin =encodeURIComponent(join); The key is like so: var key=con_secret+"&"+ac_secret; Signature base string is: var signaturebs = "POST&"+encodeURIComponent(url)+"&"+eparamjoin; giving this: POST&http%3A%2F%2Ftwitter.com%2Fstatuses%2Fupdate.xml&status%253DTesting2%26oauth_token%253D142715285-yi2ch324S3zfyKyJby6WDUZOhCsiQuKNUtc3nAGe%26oauth_consumer_key%253DyJDLH7BDdVi1OKIINSV7Q%26oauth_nonce%253D1276107867blah%26oauth_timestamp%253D1276107867%26oauth_version%253D1.0 and signature built like so: var hmac = Crypto.HMAC(Crypto.SHA1, signaturebs,key ); var signature=Base64.encode(hmac); making the signature: NWU4MDdlNjk0OGIxYWQ1YTkyNmU5YjU1NGYyOTczMmU5ZDg5YWNkNA== Any help would be appreciated thank you!

    Read the article

  • Update twitter profile image using OAuth

    - by sjobe
    I'm trying to get twitter update_profile_image to work using OAuth. I was using curl with regular authentication and everything was working fine, but I switched to OAuth using this library, and now everything except update_profile_image works. I read something about twitter OAuth having problems with multipart data, but that was a while ago and the plugin is supposed to have dealt with that issue. My working regular authentication with curl code $url = 'http://api.twitter.com/1/account/update_profile_image.xml'; $uname = $_POST['username']; $pword = $_POST['password']; $img_path = 'xxx'; $userpwd = $uname . ':' . $pword; $img_post = array('image' => '@' . $img_path . ';type=image/jpeg', 'tile' => 'true'); $format = 'xml'; //alternative: json $message = 'Test update with a random num'.rand(); $opts = array(CURLOPT_URL => $url, CURLOPT_FOLLOWLOCATION => true, CURLOPT_RETURNTRANSFER => true, CURLOPT_HEADER => true, CURLOPT_POST => true, CURLOPT_POSTFIELDS => $img_post, CURLOPT_HTTPAUTH => CURLAUTH_ANY, CURLOPT_USERPWD => $userpwd, CURLOPT_HTTPHEADER => array('Expect:'), CURLINFO_HEADER_OUT => true); $ch = curl_init(); curl_setopt_array($ch, $opts); $response = curl_exec($ch); $err = curl_error($ch); $info = curl_getinfo($ch); curl_close($ch); My current OAuth code [I had to cut it down, so do not minor look for syntax errors] include 'EpiCurl.php'; include 'EpiOAuth.php'; include 'EpiTwitter.php'; include 'secret.php'; $twitterObj = new EpiTwitter($consumer_key, $consumer_secret); $twitterObj->setToken($_GET['oauth_token']); $token = $twitterObj->getAccessToken(); $twitterObj->setToken($token->oauth_token, $token->oauth_token_secret); try{ $img_path = 'xxx'; //$twitterObj->post_accountUpdate_profile_image(array('@image' => "@".$img_path)); $twitterObj->post('/account/update_profile_image.json', array('@image' => "@".$img_path)); $twitterObj->post_statusesUpdate(array('status' => 'This is my new status:'.rand())); //This works $twitterInfo= $twitterObj->get_accountVerify_credentials(); echo $twitterInfo->responseText; }catch(Exception $e){ echo $e->getMessage(); } I've been trying to figure this out for a while, ANY help would be greatly appreciated. I'm not in any way tied to this library, so feel free to recommend others.

    Read the article

  • Crypted_password is null when using Authlogic to save a user

    - by kareem
    i'm getting a strange error on my production install when i try and create a new user using AL: ActiveRecord::StatementInvalid: Mysql::Error: Column 'crypted_password' cannot be null: INSERT INTO users especially strange b/c it works as expected on my local box. RUnning Rails 2.3.2 and ruby 1.8.7 on both boxes. user.rb: class User < ActiveRecord::Base before_create :set_username acts_as_authentic do |c| c.require_password_confirmation = false c.login_field = "email" c.validates_length_of_password_field_options = {:minimum => 4} c.validate_login_field = false #don't validate email field with additional validations end end Here's output from my production console: >> u = User.new => #<User id: nil, username: nil, email: nil, crypted_password: nil, password_salt: nil, persistence_token: nil, single_access_token: nil, perishable_token: nil, login_count: 0, failed_login_count: 0, last_request_at: nil, current_login_at: nil, last_login_at: nil, current_login_ip: nil, last_login_ip: nil, created_at: nil, updated_at: nil, is_admin: 0, first_name: nil, last_name: nil> >> u.full_name = 'john smith' => "john smith" >> u.password = 'test' => "test" >> u.email = '[email protected]' => "[email protected]" >> u.valid? => true >> u.save ActiveRecord::StatementInvalid: Mysql::Error: Column 'crypted_password' cannot be null: INSERT INTO `users` (`single_access_token`, `last_request_at`, `created_at`, `crypted_password`, `perishable_token`, `updated_at`, `username`, `failed_login_count`, `current_login_ip`, `password_salt`, `current_login_at`, `is_admin`, `persistence_token`, `login_count`, `last_name`, `last_login_ip`, `last_login_at`, `email`, `first_name`) VALUES('B-XSXwhO7hkbtISIOyEq', NULL, '2009-07-31 01:10:44', NULL, 'FK3mYS2Tp5Tzeq5IXE1z', '2009-07-31 01:10:44', 'john', 0, NULL, NULL, NULL, 0, '2c76b645f761eb3509353290e93874cecdb68a63caa165812ab1b126d63660757090ecf69995caef9e78f93d070b524e2542b3fec4ee050726088c2a9fdb0c9f', 0, 'smith', NULL, NULL, '[email protected]', 'john') from /usr/lib/ruby/gems/1.8/gems/activerecord-2.3.2/lib/ active_record/connection_adapters/abstract_adapter.rb:212:in `log' from /usr/lib/ruby/gems/1.8/gems/activerecord-2.3.2/lib/ active_record/connection_adapters/mysql_adapter.rb:320:in `execute' from /usr/lib/ruby/gems/1.8/gems/activerecord-2.3.2/lib/ active_record/connection_adapters/abstract/database_statements.rb: 259:in `insert_sql' from /usr/lib/ruby/gems/1.8/gems/activerecord-2.3.2/lib/ active_record/connection_adapters/mysql_adapter.rb:330:in `insert_sql' from /usr/lib/ruby/gems/1.8/gems/activerecord-2.3.2/lib/ active_record/connection_adapters/abstract/database_statements.rb: 44:in `insert_without_query_dirty' from /usr/lib/ruby/gems/1.8/gems/activerecord-2.3.2/lib/ active_record/connection_adapters/abstract/query_cache.rb:18:in `insert' from /usr/lib/ruby/gems/1.8/gems/activerecord-2.3.2/lib/ active_record/base.rb:2902:in `create_without_timestamps' from /usr/lib/ruby/gems/1.8/gems/activerecord-2.3.2/lib/ active_record/timestamp.rb:29:in `create_without_callbacks' from /usr/lib/ruby/gems/1.8/gems/activerecord-2.3.2/lib/ active_record/callbacks.rb:266:in `create' from /usr/lib/ruby/gems/1.8/gems/activerecord-2.3.2/lib/ active_record/base.rb:2868:in `create_or_update_without_callbacks' from /usr/lib/ruby/gems/1.8/gems/activerecord-2.3.2/lib/ active_record/callbacks.rb:250:in `create_or_update' from /usr/lib/ruby/gems/1.8/gems/activerecord-2.3.2/lib/ active_record/base.rb:2539:in `save_without_validation' from /usr/lib/ruby/gems/1.8/gems/activerecord-2.3.2/lib/ active_record/validations.rb:1009:in `save_without_dirty' from /usr/lib/ruby/gems/1.8/gems/activerecord-2.3.2/lib/ active_record/dirty.rb:79:in `save_without_transactions' from /usr/lib/ruby/gems/1.8/gems/activerecord-2.3.2/lib/ active_record/transactions.rb:229:in `send' from /usr/lib/ruby/gems/1.8/gems/activerecord-2.3.2/lib/ active_record/transactions.rb:229:in `with_transaction_returning_status' from /usr/lib/ruby/gems/1.8/gems/activerecord-2.3.2/lib/ active_record/connection_adapters/abstract/database_statements.rb: 136:in `transaction' from /usr/lib/ruby/gems/1.8/gems/activerecord-2.3.2/lib/ active_record/transactions.rb:182:in `transaction' from /usr/lib/ruby/gems/1.8/gems/activerecord-2.3.2/lib/ active_record/transactions.rb:228:in `with_transaction_returning_status' from /usr/lib/ruby/gems/1.8/gems/activerecord-2.3.2/lib/ active_record/transactions.rb:196:in `save' from /usr/lib/ruby/gems/1.8/gems/activerecord-2.3.2/lib/ active_record/transactions.rb:208:in `rollback_active_record_state!' from /usr/lib/ruby/gems/1.8/gems/activerecord-2.3.2/lib/ active_record/transactions.rb:196:in `save' No idea why this is happening, and especially why this saves a new user on dev but not on production. Any help is much appreciated, thanks! edit: using Apache & Passenger 2.2.4

    Read the article

  • How do I impersonate a user with AuthLogic

    - by Sam Saffron
    I need to be able to create a UserSession without having the decrypted password. How do I go about doing this? My current workaround is: In user.rb def valid_crypted_or_non_crypted_password?(password) valid_password?(password) || password == crypted_password end In user_session.rb verify_password_method :valid_crypted_or_non_crypted_password? To login UserSession.create(:login => u.login, :password => u.crypted_password) Is there a nicer way to do this?

    Read the article

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >