i am currently working on a project where i have to collect and analyze public tweets. For the collection of tweets i prefer to store them in mongodb and also, after research, i came to know that i have to build a twitter application inorder to get OAuth tokens ( http://www.sitepoint.com/twitter-1-1-oauth-php/). My question is, what does a twitter application mean here? Does it mean that only through that application i can store tweets in my mongodb?? Or does it mean that once i get these authentication tokens i can use any program(preferably ruby) to extract tweets??
Short answer: Login to https://dev.twitter.com/, create an app. In the dialog that appears, Just add an URL to any of your github repositories.
To my understanding, to use the Twitter API at all, you needed (at least in 2011) to register an app with a valid URL, however trivial the app might be. Don't know if the app itself was really validated by a Twitter employee/bot at app-registration-time, or if you just needed to provide an URL to a github repository. I don't know which other types of repository are possible.
I think, the explicit oauth mechanism requires all this. (Explation for stackexchange)
In order to present an authentication "conversation", twitter has to show your apps (that consume twitter services) an url to another app (to be found on the internet) which is linked in some way to your twitter account. So twitter can start counting the free API requests made, number of calls per hour remaining, etc.
Related
after a lot of back and forth with the Twitter documentation I am now able to authenticate with OAuth 1.0 and make request behalf on the user who sign-ined and accepted my app to preform changes / retrieve data.
Now, I'm trying to make requests to the Twitter Ads API.
This is the error I get:
{"errors":[{"code":"UNAUTHORIZED_CLIENT_APPLICATION","message":"The client application making this request does not have access to this API"}],"request":{"params":{}}}
As it seems, there is a need of another app registration. I registered it with my app id, assuming the 'developer' stage is the fit for me. I'm trying to retrieve analytics, e.g., retrieve campaigns for the user who accepted it.
After registration the Ads App Form, the error stays the same. The docs don't specify if there is a need for a special implementation for the ads-api. Also, the Ads App I opened isn't mentioned anywhere, nor in my twitter apps.
Am I missing something?
Thanks before.
Looking at Twitter ads API documentation, getting access is a pretty involved process. From their site, you'll need:
One positive referral from a client, advertiser or Twitter team
(outside of Ads API)
Clear value proposition on how how your solution
will supplement the Twitter ads offering and improve advertiser
performance
History of compliance with Twitter developer policies
Experience running Twitter Ads
Twitter App ID associated with a corporate #username, with no more than 5 active tokens
It seems a little overkill, but I haven't seen any other way around it. If you find a better way to get ads API access, please post another answer here because I have a potential project that would use these APIs, but the application process has been too daunting to really justify starting the effort.
As of Sept 2016, the application process appears to be much easier.
It appears you no longer need positive referrals, value props, history, or experience running Twitter ads.
This is a first time I am trying to make a facebook application/game, and I have couple of questions.
Let's say canvas url is http://mysite/first_app/ and facebook app url is https://apps.facebook.com/first_app
I wonder if visited both url-s should a functionality be the same? I mean does facebook give you more tools and freedom if navigated from https://apps.facebook.com/first_app? Or should both url-s look and do the same thing? Is it possible?
I wonder if visited both urls should a functionality be the same
Of course yes. The difference is just that one is deployed at the facebook's app center and the other at your domain.
Yes, you have more tools available in the canvas ("apps.facebook.com.."), as it will send you the user-id without any user consent. Has the user previously used your app, you will also be able to get their accesstoken and fetch more info about them.
It requires some backend code to decode the signed request parameter, which provides you this stuff.
This example is how php handles signed request:
https://developers.facebook.com/docs/facebook-login/using-login-with-games/
If you're using C#, download the Facebook C# (available through NuGet, the package from Outercurve Foundation) and use this example:
How do I parse a signed request in Facebook C# SDK?
I try to handle the user in Facebook context whenever possible. It adds trust and more tools. Although since the Facebook phone/tablet app (App Store/Google Play) doesn't support Facebook apps at all, I often optimize the app for mobile web use also. I read somewhere that over 50% of daily Facebook visists are done using the phone app, so it might be something to think into your app while developing.
UPDATE:
I can see I have misunderstood part of signed request, as commented by Shadowfax and CBroe. In my app, I use the user id from signed request but of course only when the user has already logged on to the app beforehand. My apologies.
Documentation on the net seems to be VERY scarce. The only option I can think of at the moment
is to have my SPA app break convention and to have the (initial) logged out page be different to the logged in one (eg my app).
My app is built using Durandal 2.0.0.
In one of my OAuth tests app's I've managed to implement this link successfully. But as Durandal does not work in the same way (Server-side controller, & razor views), I'm thoroughly confused in how to achieve what I want to.
I'd like to have my app remain a single page app. But I've got little to no experience with the OAuth SDK
My only requirement is that the user log into my app using his FB account.
I've had an initial stab at this using the FB java script API, and got it working, but after discussions with another developer this side, it doesn't seem like the purpose of the java script API is to facilitate secure application login's? As the way we had it, would allow any user to pass a valid fb userId, then he would be logged into our app. :/
How would I go about achieving this process flow in a Durandal/Web API Single Page App?
User logs in using fb ->
then on the server we get his fb userId ->
retrieve our internal appID
I'm not asking for a complete answer/for someone to do my work....
But any documentation to get me started/less confused would be greatly appreciated.
Here is a sample project which demonstrates how to use OAuth with Durandal and Web API:
DurandalAuth.
However there are some modifications in viewmodels needed, since router changed in Durandal 2.0.0.
I'm building a site for a non-profit festival where we'd like to have a 'media' page which brings in photos from instagram (hashtag search), updates and photos from Facebook (via festival's albums) twitter posts (by user and hashtag).
I've tried the JS widgets for Facebook and Twitter but wondered about using PHP/Codeigniter to pull the feeds and caching them somehow for better performance and more control over the look.
Would it be best to then store the feed data in a json file on the server or in a MySQL record?
I'm leaning toward a table with a record for each feed that would basically just store the feed URL, JSON, last updated time and an identifier of some sort.
Then I could write a class with the following type of methods:
get_feed($id='facebook_updates', $expiry_time=3600);
Does this seem like a reasonable way to go? or is there a better solution already existing?
I'm not quite sure how I'd work that in with the feeds that need Auth (twitter & Instagram)
bro!
First, it does seem a reasonable way to do it and I don't know any better.
But, if I had to accomplish that, I would break my problem in two:
A server side code to grab the info from the services (that I would
probably store as json so that I could use the info returned
directly) running with cronjobs from time to time.
A client side (server would work too) one to show that info with
customized style.
To work with the feeds that need auth, you'll have to create an app in each of them, authorize it to access your personal account and use it in the code. Never worked with Instagram but the others have good documentation on how to do that.
Finally, with some modification, you may be able to use this wonderful too to help you accomplish your task: http://plugins.in1.com/socialist
I'm working on an iPhone app that ideally uses OAuth to communicate with Twitter. I know a lot of people are doing the OAuth workflow inside of their apps using a UIWebView, but I don't agree with that and am going with the Pownce approach.
The problem is, Twitter has this whole scheme for working with desktop apps, using a pin number. When I register my app with Twitter, they have a web form asking me if I'm a desktop or web client. If I choose desktop client, when I try to have the user authorize, I can set the oauth_callback parameter but Twitter will ignore it after authorization and show a pin number. If, on twitter's form, I specify that I'm a web client, it requires me to enter a URL to redirect to after authorization. And, since I'm using an iPhone app-specific url scheme, their web form fails on validation as it only seems to accepts URLs conforming to the HTTP protocol.
So, it seems like I'm stuck - I can't say "desktop" because I don't want to bother with a pin, and I can't say "web" or I can't use an iPhone app URL. Any solution to this?
From your question:
I know a lot of people are doing the OAuth workflow inside of their apps using a UIWebView, but I don't agree with that and am going with the Pownce approach.
The Pownce article suggests that quitting your application and opening Mobile Safari to perform the authentication step is problematic, and that they started receiving bad reviews from users for doing it that way. They also experienced a failure rate of around 40%.
Pownce's solution is to use a UIWebView within your application instead, so I have a feeling you may have misinterpreted their recommendations. That being said, they do label this as a "naive" solution and go on to suggest a bunch of theoretical "ideal" solutions.
Another point you might not realise is that desktop applications (using the "out of band" / pin number method) and web applications need to open the Twitter site in either an embedded or external browser.
So you've got two choices on the iPhone:
Open up twitter.com in a UIWebView, specifying no oauth_callback parameter or oauth_callback=oob to start the pin-based out-of-band flow. The user then needs to copy the pin using the iPhone's copy-paste functionality, manually close the UIWebView, and paste the pin into your application. The pin can then be used converted to an access token.
Do it how everyone else is doing it (UIWebView + custom-uri://foo.bar in the callback parameter).
For obvious reasons, the first option is pretty crap and really only useful on platforms where Twitter is unable to redirect to a custom URI.
A simple solution may be to create an HTTP page that always sends a 301 redirect to your custom URL scheme and then provide that HTTP URL to the twitter web API.
Aside from that, Nathan's answer is very complete.
Here's how I do it: tell Twitter you're a web app, and make up any old HTTP:// URL to satisfy Twitter during registration of your oauth client.
Then in your app, pass the URL you want to in the callback parameter. Twitter (in my experience) uses the one you give it.
You could use an intermediate website for the authentication. Your app creates a unique id (hardware based?) and stores it. It then records it has sent the user for authentication and sends the unique id to your website. It then redirects the user to your website. Your website then sends the user to Twitter using oAuth. The user returns to your website and you mark the unique id as authenticated and store the authentication information. The user restarts the app on the iPhone, it reads it has sent the user for authentication and contacts your website with the unique id - and reads in the authentication information.
Long winded and needs another website, but it should work.