Credential issue on the twitter plugin

[tas@…]

Every time I try to insert my credentials to enable the twitter feature I get the error: "Your twitter credentials are invalid."

[matthijs]

This was confirmed by Hans Hommes as well. Perhaps the twitter login pages changed?

[Josemi <josemi@…>]

matthijs: No. The problem is that fon-ng uses basic auth, witch has been disable today, after advising some months ago.

Twitter no doesn´t allow basic auth, only OAuth.

Hope this helps.

[matthijs]

Steven, could you have a look at fixing this?

[giangui@…]

Hi there, any updates on when 2.3.7.0 will be released to fix the issue with Twitter autorisation?

Tks GG

[anonymous]

Any update on this?

[johan@…]

Oh, my e-mail disappeared...

Any update on this? =)

[matthijs]

I've looked at implementing this a few months ago, but I ran into a segfault in OpenSSL that I couldn't figure out. I've not done any further work on this since then, since debugging that segfault might become very time-consuming and I wanted to focus on more important issues first. This is still true, I intend to look at this again after releasing the first beta.

[koetjeboeh@…]

Anyway we(or I) can help with this problem? It may be just something flashy & not essential, I sure would like it to work.

[matthijs]

Steven Leeman pointed me to  this blog post which provides a fairly independent (no big dependencies)  Oath implementation (which is  MIT licensed).

This implementation uses the openssl binary through a shell execution instead of linking directly against the openssl library. This would probably work around the segfaulting problems I had before.

If anyone wants to have a stab at implementing this, feel free. The bbl-twitter.lua file looks like it's usable as is, so I'd like to include it with minimal modifications if possible. It should probably be included and used from fon-ng/trunk/luci/applications/luci-twitter/controller/twitter.lua. I think the twitter_auth function now handles authentication, but that probably needs to be split up in two (or three, I don't remember the OAuth details right now) stages.

A useful first step would probably be to make a small lua test script to be called from the commandline, which performs a full OAuth sequence using the bbl-twitter.lua library.

If you give this a try, please let me know in a comment before you start, so we prevent doing double work :-)

[matthijs]

I've started working on this today. Turned out the bbl-twitter.lua file wasn't up-to-par yet (it only supported out-of-band OAuth), but I've been working on making it more flexible today. It should now support full OAuth using callbacks as well.

I've contacted the autor of the bbl-twitter.lua file, who has forked off the bbl-twitter.lua file  into its own git repository. Once I get commit access, I'll push my changes there.

I've also created a small wrapper around luci.httpclient to mimic socket.http.request, since bbl-twitter.lua uses socket.http.request for doing http requests, but it's not available on the Fonera.

With the code I have now, I can do out-of-band authentication and tweeting on the Fonera (using a test script on the commandline). Next up is integrating full OAuth and tweeting from luci.

[rcknr <ck@…>]

Replying to matthijs:

I've started working on this today.

Hi Matt! I'm willing to help out with this issue because I need this functionality in my own fonera project. Let me know if you need any help with this.

[matthijs]

Hey rcknr,

awesome! Not sure how much you know about lua, luci or OAuth yet, but that's where the bulk of the work needs to be done. I've been working on polishing the bbl-twitter file to be a bit more modular so it should now support what we need. I've just pushed these changes to the  git repository for bbl-twitter, you should get the file from there.

I also needed a small bugfix in luci.httpclient, which I also just committed (r1915).

I'll attach my testfile in a minute, that is how far I've come so far. It should run on a 2.0n, with the bbl-twitter.lua file in the same directory, and perform an out-of-band authentication and post a twitter message. As mentioned before, this file also contains a dummy luasocket implementation, which should probably end up in the final twitter.lua file in luci (not in bbl-twitter.lua, I'd like to keep the file unmodified if possible).

For the full authentication implementation, we should use a callback instead of out-of-band (meaning the user does not need to copy a pincode, but just gets redirected back to luci with the pincode in the url). To make this work, the following should happen:

1. Get a request token from twitter directly 2. Redirect the user to Twitter to authorize the request token 3. After getting redirected back from Twitter, request an access token (using the PIN/verifier from the url). 4. Store the returned access token and secret in uci. Probably also store the authenticated username, which is available after calling get_access_token.

Afterwards, the access token and secret can be used to post new Tweets and/or make other API calls.

One thing that might pose a challenge, is building the callback url. I'm not sure how to find out the current hostname and protocol from within luci (haven't tried looking for it at all, though, so it might be easy as well).

I hope this is enough to get you started. If you have further questions, or just want to tell me about your progress, it might be useful if you drop by on IRC?. I'm "blathijs" there (though I won't be at my keyboard 24/7, of course).

[matthijs]

Hmm, I screwed up the link to the IRC page. Here is the right one.

[matthijs]

Test file that uses bbl-twitter.lua and runs on Fonera.

[matthijs]

rcknr, since I haven't heard anything from you, I'll pick up this issue myself again. Just so you know and we won't be doing double work, no hard feelings :-)

I also just realized I hadn't added you to the CC of this ticket, so perhaps you hadn't even seen my reply. Fixed now, anyway.

[matthijs]

(In [1940]) luci-twitter: Fix Twitter authentication using OAuth.

This commit adds support for authenticating to Twitter using OAuth, completely replacing the old "Basic" authentication support (which stopped working some time ago). This makes the luci-twitter app functional again (though it does require users to re-authenticate themselves).

Closes: #900

[giangui@…]

Great news. Is the new firmware available already? How does it work? Thank you GG

[matthijs]

(In [1944]) luci-twitter: Add the FON consumer token.

This actually makes the new Twitter OAuth code work.

Closes: #1056

References: #900

[matthijs]

(In [1949]) luci: Remove the twitter icon from the dashboard.

Twitter changed its authentication to use oAuth, but the Twitter application was not yet updated (so does not work currently).

References: #900

[javierlerech@…]

Is it fixed? Right now I'm not able to tweet from my fonera (using firmware 2.3.6.1). Thanks in advanced.

[boschie@…]

Could somebody tell the world what to do to get this twitter-thing working on the fonera?

TIA.

[giangui@…]

I nstalled Firmware 2.3.7.0 Beta 1 and twitter is working.

[giangui@…]

Read the article and find the download link here  http://blog.fonosfera.org/2370-beta-1-available-for-testing/