OAuthConsumer and Twitter
So it’s been a while since I’ve posted anything here, and I apologize for that… I’ll have part II of my last post here very soon. If you’ve attempted to develop any apps that utilize Twitter’s API, you’re probably familiar with the whole OAuth stuff. If you’re developing your app for the Mac platform and have used the OAuthConsumer you might have noticed that your app broke (at least sending status updates) a couple days ago because of an unannounced security patch Twitter pushed out.
I spent many hours trying to figure out what was going on, and finally was able to fix the issue. Assuming you added a ‘verifier’ property to OAToken, a simple check for this property and excluding the oauth_verifier parameter from the oauthToken string in the prepare method in OAMutableURLRequest is all that is necessary. OAuthConsumer passed the oauth_verifier parameter when a token key existed (which is when status updates are sent among other requests). Even though this parameter was an empty string, accessing a user’s protected resources with it present caused Twitter to complain.
so here is what I did…
NSString *oauthToken;
if ([token.key isEqualToString:@""])
oauthToken = @""; // not used on Request Token transactions
else if(token.verifier == nil || [token.verifier isEqualToString:@""])
oauthToken = [NSString stringWithFormat:@"oauth_token=\"%@\", ", [token.key URLEncodedString]];
else
oauthToken = [NSString stringWithFormat:@"oauth_token=\"%@\", oauth_verifier=\"%@\", ", [token.key URLEncodedString], [token.verifier URLEncodedString]];
Basically I added an else-if that set the oauthToken string without adding the oauth_verifier parameter. Hope this helps others!
If you enjoyed this post, make sure you subscribe to my RSS feed!
