Ryan Paul, writing for Ars Technia:
Aside from handling the consumer secret issue poorly, Twitter’s OAuth implementation has a number of bugs, defects, and inconsistencies that pose challenges for users and developers.
Third-party developers are finding that it is maddeningly difficult to debug client-side support for Twitter’s OAuth implementation because Twitter tends to spit out very generic 401 errors for practically every kind of authentication failure. It doesn’t provide enough specific feedback to make it possible for the developer to easily troubleshoot or isolate the cause when authentication is unsuccessful.
This is especially frustrating in situations where authentication is failing because of a bug or defect in Twitter’s implementation. For example, authentication will sometimes fail if the system clock on the end user’s computer is running slightly fast. This issue has to do with the timestamp that is embedded in the requests, but it’s not entirely obvious what causes it to occur.
The OAuth specification isn’t particularly complicated, but I found writing code to authÂenticate against Twitter beyond me. In the end, the OAuth PECL extension descended from heaven to save my arse, but I’ve still got no idea why it works where my own code didn’t.
It’s nice to know it wasn’t just me.
Twitter's OAuth Implementation
Published: Monday, 6th September 2010 at 12:10 PM
By day, he works for ABC TV as a web developer. By night, he plays bass guitar in Look Who's Toxic. He also runs a little Unix Timestamp conversion site. There are plenty of other things he should be doing, but most of the time he's dreaming of what he'll do when he grows up while watching bad Star Trek spin-offs.
