Updated OAuth support to work with Twitter

I did the work to implement OAuth in the OPML Editor in the first few months of 2009, but then later in the year they discovered a security hole and added a feature that I didn’t have support for. From that point our OAuth implemention was broken.

After writing a piece on Scripting News today about the unfortunate state of OAuth (it’s being radically redefined), I decided to take a look to see what would be needed to unbreak our OAuth support.

I went through Twitter’s instructions, even though I didn’t fully understand what they were doing or why, and it worked! So I released the three parts that changed and a test script. All are part of the opml.root update feed. (To get the new parts, choose Update opml.root from the File menu.)

oAuth.appDance now prompts for the PIN if an optional param is set true (it defaults false, so as not to change the behavior for any apps that depend on it, even though it seems unlikely there are any). The PIN Is then passed to OAuth.getAccessToken, the last call in the dance, per Twitter’s instructions.

The only Twitter call that I’ve converted to use OAuth is twitter.getDirectMessages, which as you might imagine, gets a table full of the user’s DMs. There’s a call in twitter.testing.oauthCall. It works!

So to whoever designed this workaround for whatever the problem was, it went in pretty easy. Happy. :-)

One response to this post.

  1. Thanks Dave 🙂

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: