Wednesday, July 29, 2009

OAuthConsumer and Twitter

So it's been a while since I've posted anything here, and I apologize for that... I'll have part II of my last post here very soon. If you've attempted to develop any apps that utilize Twitter's API, you're probably familiar with the whole OAuth stuff. If you're developing your app for the Mac platform and have used the OAuthConsumer you might have noticed that your app broke (at least sending status updates) a couple days ago because of an unannounced security patch Twitter pushed out.

I spent many hours trying to figure out what was going on, and finally was able to fix the issue. Assuming you added a 'verifier' property to OAToken, a simple check for this property and excluding the oauth_verifier parameter from the oauthToken string in the prepare method in OAMutableURLRequest is all that is necessary. OAuthConsumer passed the oauth_verifier parameter when a token key existed (which is when status updates are sent among other requests). Even though this parameter was an empty string, accessing a user's protected resources with it present caused Twitter to complain.

so here is what I did...




NSString *oauthToken;

if ([token.key isEqualToString:@""])

oauthToken = @""; // not used on Request Token transactions

else if(token.verifier == nil || [token.verifier isEqualToString:@""])

oauthToken = [NSString stringWithFormat:@"oauth_token=\"%@\", ", [token.key URLEncodedString]];

else

oauthToken = [NSString stringWithFormat:@"oauth_token=\"%@\", oauth_verifier=\"%@\", ", [token.key URLEncodedString], [token.verifier URLEncodedString]];

NSString *oauthToken;

if ([token.key isEqualToString:@""])

oauthToken = @""; // not used on Request Token transactions

else if(token.verifier == nil || [token.verifier isEqualToString:@""])

oauthToken = [NSString stringWithFormat:@"oauth_token=\"%@\", ", [token.key URLEncodedString]];

else



oauthToken = [NSString stringWithFormat:@"oauth_token=\"%@\", oauth_verifier=\"%@\", ", [token.key URLEncodedString], [token.verifier URLEncodedString]];

Basically I added an else-if that set the oauthToken string without adding the oauth_verifier parameter. Hope this helps others!
Orignal From: OAuthConsumer and Twitter

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)