PockeTwit Blog on Posterous

 

The OAuth Saga and Version 0.82

Firstly, welcome to PockeTwit's blog on Posterous. Our Google code site is still the place to get downloads, but the PockeTwit developers will be updating Posterous with more information about current developments and the roadmap. We haven't been giving you all the information you might need/want, so here it is.

Dscf7563
There's an explanation of the "OAuth" saga below, or you can jump straight to some information about v0.82.

Unless you're a very new user of PockeTwit, you will have noticed that it stopped working on 1st September, and didn't start working again until we released an upgrade on 5th September. If you are a new user, that may be because your previous Twitter client on Windows Mobile - be it HTC Peep, TouchTwit, ceTwit, TinyTwitter - stopped working.

All of this is because of the "OAuthcalypse", where Twitter changed the way third-party applications, such as PockeTwit, were able to log people in to the service. The previous method was easy - you gave us your username and password, we stored it and sent it to Twitter. It all works fine and is easy to set up, but it does mean that lots of applications have your password. Not only is this a risk for you, it also means you have to update your password everywhere when you change it.

OAuth is a safer method, but is more complicated. It involves exchanging "tokens" - you are directed to the Twitter website with a token representing PockeTwit, login there and are given a Pin number to enter. PockeTwit then contacts Twitter and turns this Pin into another token. This final token lets PockeTwit access your Twitter account, but we never need to see or store your password - you can also update your Twitter password and PockeTwit will continue to work.

The change by Twitter broke a number of Windows Mobile Twitter clients, both free and paid for, because they hadn't been updated in time. The old method stopped working, and they were all locked out. PockeTwit was among those, partly due to a lack of manpower on the project and partly due to obscure errors being generated due to ActiveSync. Work was started in advance, but time ran out. Luckily, a month before I'd started working on the project so was able to lend a hand when I got back - between 3rd and 5th September two of us spent around 40 hours coding and debugging to get PockeTwit up and running again. It would have been sooner, but I was on holiday, sorry!

Version 0.82

On the 5th September we released version 0.82, which supported OAuth. Bits of PockeTwit had been working for a couple of days at this point, but not all of it, and it crashed more frequently than we would have liked. We released a "DevBuild" - a pre-release version which is deemed unstable - on the 3rd and would like to thank everybody who tested and gave feedback so quickly.

We didn't get it quite right - PockeTwit does work, but there have been some issues.

Verifying with Twitter

Unfortunately the process of exchanging tokens can be tricky on mobile devices, as some of you have been seeing. It requires lots of small bits of information to be exchanged in a short time period. When this doesn't work correctly, either because Twitter is having problems or the mobile data connection is unreliable, it can take several attempts to get the final "token" we need. This is why it has been taking several attempts for some of you to successfully verify your account - sometimes up to 10 times!

Clearly this process needs to be better, and we're looking at the best way to do it.

Compact Framework Upgrade

The new version of PockeTwit requires version 3.5 of the .NET Compact Framework, as we will be making more use of its features in the future. Those receiving an auto-upgrade didn't know this which caused some confusion - we've left an instruction in the auto-upgrade process to go and visit the Google code home page for details.

Non-phone devices and RIL

Some people were receiving errors to do with "RIL.dll" after posting. Unfortunately this was my fault - when I started working on PockeTwit I added basic support for the geolocation API and had been using it for a couple of weeks to geotag tweets. Part of this was an experiment with location via cell towers, rather than just GPS, with required RIL.dll. Some devices do not have this available, but the error was not handled gracefully. Version 0.82a fixes this for those who have been having problems.

Things to watch out for

There are a couple of things to look out for over the coming weeks:

  • There will be some more releases to re-add missing media services, such as YFrog, MobyPicture etc.
  • Twitter has the ability to revoke access tokens for applications (see Ars Technica for some background reading). Should they do this, we will issue an update with new tokens, but you will have to download the update and then re-activate your account. We'll try to make this as painless as possible.
  • If you want the very-latest-cutting-edge-might-not-work version, there's always the DevBuild. These don't auto-update, so you'll have to do it manually via Other | About.

We've been trying hard to get this all working and hope you enjoy the new version. Once we've overcome all of the OAuth issues, we'll go back to adding new features. Some might slip in along the way!

Dscf7561

(For those who are interested, the last picture is pretty much what my PC has looked like for the past few days!)

Filed under: allnighter geotag oauth ril twitter v0.82 v0.82a
To Posterous, Love Metalab