how can I make the callback url dynamic? With different hostnames for the same domain.
I use Abrahams twitteroauth https://github.com/abraham/twitteroauth.
On the getRequestToken($callbackUrl) function I can set a callback url but this doesn't matter.
Br
You can't make the 'callback' url dynamic. But 'izeed' came up with a pretty decent solution: https://stackoverflow.com/a/10573287/1580615
Related
So I really don't know what the problem is here, I've tried many things, but I can't get the Twilio request hashes to match up. Let me explain.
I decided to implement an instance of Twilio's RequestValidator to ensure the requests were coming from Twilio. But after following the tutorial here: https://www.twilio.com/docs/usage/security?code-sample=code-validate-signature-of-request-1&code-language=PHP&code-sdk-version=5.x
The validator is only returning false. Here is the code that I used:
$url = 'https://example.com/api/endpoint/to/endpoint/';
$request_params = $_REQUEST;
$twilio_validator = new RequestValidator('myauthtoken');
if (!$twilio_validator->validate($_SERVER['HTTP_X_TWILIO_SIGNATURE'], $url, $request_params)) {
throw new CallException('Not from Twilio');
}
Even though the URL is an example, that is exactly how I have the actual URL formatted...no port, basic auth, or fragment. Just the protocol, domain, and path with a trailing "/". In addition, the URL is the exact VoiceURL I set when I set up this Twilio App (this is calling the VoiceURL to one of my Twilio Apps).
My auth token is the auth token for my whole account
The request params is where I'm sure I'm messing something up. Twilio is making a GET request to this endpoint, and I tried using the $_GET superglobal as well, to no avail. I'm using $_REQUEST here because of this issue: https://github.com/twilio/twilio-php/issues/510 and because I thought it would be the best choice. I have also tried using file_get_contents('php://input') to the exact same problem (the hashes not matching, ultimately).
I even forked and opened a PR on the PHP SDK to update the class a little bit, just to see if I could learn any more...so I know the class and it's methods pretty well...I just don't see my issue.
What am I doing wrong here to make it so that the RequestValidator isn't validating that the requests from Twilio are coming from Twilio?
So after a lot of research and working with Twilio help, I figured out the answer to my question.
When Twilio is making a GET request to my server, you aren't supposed to pass the GET parameters as the third parameter to the validate method on the RequestValidator class. When Twilio is making a GET request to your server, validating actually needs to look like this:
// this is the interesting part...you don't even set the pathname on the domain...
// EVEN IF YOU THE PATHNAME IS SET IN YOUR VOICE URL.
// This is because of the different way the RequestValidator handles GET and POST params
$domain = 'https://example.com'; // make sure to add no trailing '/'
// setting up the RequestValidator
$twilio_validator = new RequestValidator('myauthtoken');
// figuring out if the request is from twilio
$is_from_twilio = $twilio_validator->validate(
// the signature header that Twilio sends
$_SERVER['HTTP_X_TWILIO_SIGNATURE'],
// The domain name CONCATENATED to the Request URI. $_SERVER['REQUEST_URI'] holds everything that comes after the domain name in a URL (pathname, query parameters, and fragment)
$domain.$_SERVER['REQUEST_URI']
// if the request is a get request, as mine are, there is no need for the third parameter
);
// resolving the response
if (!$is_from_twilio) {
echo 'Not from Twilio';
exit;
}
Refer to the comments in the code for a more in depth discussion on the code at work here..
Ok, let me rephrase my question.
I have a website set up with URL in "path" format, and the api function works well.
Now I need to change only the URL of the api part in "get" format.
For example,
http://localhost/api/query/data?data=100294832
http://localhost/api/data/100294832
works.
api is a controller, data is a model. I have this in my main.conf,
array('api/view', 'pattern'=>'api/<model:\w+>/<id:\d+>', 'verb'=>'GET'),
How could I do this? Should I create an action in api called query, and moved view function code there?
Thanks a lot!
The URL http://localhost/api/data/100294832 is the same as http://localhost/api/data/?id=100294832 by your route rule. It will work by default.
I want to pass a variable in my URL but not show it in the URL for SEO purposes
e.g www.mywebsite.com/Search?city=NYC should looks like www.mywebsite.com/Search and still be able to retrieve the value of "city" on the page.
Thanks
Simply use a POST request and you're done. However, is a common pratice to use GET request for search forms because the user can bookmark the url. Using POST, this isn't possible.
I just used Rewrite rules to accomplish this.
I have some Javascript that uses Twitter API to get tweets. I parse the data and use jQuery to generate HTML for the DOM.
An aspect of what I want to display is a "View this tweet" link -- yeah, sorta sounds silly, but it allows a user to get a URL for a specific tweet.
I am generating an a tag with an href. The URL is of the form:
http://twitter.com/{twitter-user-id}/status/{tweet-status-id}
where the content in curly braces is actual data extracted from the tweet (no, I am not including the curly braces). For example:
http://twitter.com/Atechtrader/status/57432099984130050
What happens in operation is that this works for some tweets, but not others. For the ones that fails, the Twitter server responds with content that says the requested page does not exist.
Am I doing something wrong?
https://twitter.com/statuses/ID should work.
it will redirect to the needed status.
Unfortunately, all of the answers provided so far rely on an HTTP redirect.
The direct link is of the form: https://twitter.com/i/web/status/{tweet-status-id}
FYI: id_str is the variable you need to call instead of id
id_str should be taken from the tweet object and replaced in
https://twitter.com/statuses/[id_str]
You can use like:
http://twitter.com/itdoesnotmatter/status/[YOURID]
Twitter redirect based on status ID not username.
It works for desktop and mobile.
You can use
'https://www.twitter.com/'+ user.screen_name+'/status/' + id_str
I've been tried it. It's work good:
- Web : https://twitter.com/statuses/ID
- Mobile && Web: https://twitter.com/User_ID/statuses/Tweet_ID
I hope it's helpful for you.
I'm trying to get Twitter authentication working on my ASP.NET site. When you create the app on the Twitter website, you have to specify a callback URL, which for sake of argument, I have set to http://mydomain.com
I've read the oAuth 1.0a spec, and to override this callback URL with your own custom one you have to send the oauth_callback parameter in the request_token phase (url-encoded of course).
So my request URL looks like this:
http://twitter.com/oauth/request_token?oauth_callback=http%3A%2F%2Fmydomain.com%2Ftwittercallback
Supposedly, if all goes to plan, in your response data, you are supposed to receive a new parameter of oauth_callback_confirmed=true in addition to your token and token secret parameters.
However, my response comes through as:
oauth_token=MYTOKEN&oauth_token_secret=MYTOKENSECRET
I know I haven't given you guys the greatest amount to go on, but I'm at my wits end as to why I am not receiving the oauth_callback_confirmed parameter. Without this, my application keeps defaulting back to the callback URL hard-coded on the Twitter website. Please if anyone could help me out, I will be eternally grateful!
Thanks,
A.
I've read the oAuth 1.0a spec, and to
override this callback URL with your
own custom one you have to send the
oauth_callback parameter in the
request_token phase (url-encoded of
course).
So my request URL looks like this:
http://twitter.com/oauth/request_token?oauth_callback=http%3A%2F%2Fmydomain.com%2Ftwittercallback
just because YOU read the spec doesn't mean that TWITTER read it. :P
kidding - this is essentially correct - but the way twitter likes to receive this data is a little different (and not well documented).
the way i've found to get the oauth_callback to confirm is as follows: specify the oauth_callback in the parameters of the request function, NOT within the URL.
python example (using oauth2):
''' Create our client.'''
client = oauth.Client(consumer)
''' do the request '''
resp, content = client.request(request_token_url,"POST",body=urllib.urlencode({'oauth_callback':callbackURL}))
''' note that it's called "body" in this particular OAuth function for Client but in OAuth Request object it's called "parameters." YMMV depending on programming language/ library of course. '''
this is ALSO the only way i've managed to get an oauth verifier back. supposedly one should not have to specify the callback URL every time, since we provide it in app settings...but experience seems to indicate otherwise.
finally, please be aware that at leg 3 you have to do the same thing AGAIN - this time including the oauth_verifier as well as the callback URL in the parameters.
hope this helps - can't begin to tell you how much effort i put into figuring this out.
good luck!
J
I've used this guide to set up my PC to be used as the callback location. Basically you set up your hosts file in a certain way, clear your cache and add a couple of Firefox registry values. At the end when you are debugging an oauth call the redirect comes back to your local PC.
As I said it worked for me.
<?php
// oauth-php example
$token = OAuthRequester::requestRequestToken(
$consumer_key,
$user_id,
array('oauth_callback'=> urlencode($callback_uri))
);
?>