1

i am trying to send a application only authentication request to twitter to get the access_token .i write a javascript code

function getTwitterAuthorizeTokens() { return {oauth_token: "abcdefg", oauth_token_secret: "asdfasdfasfdasdf"}; }

// Get the consumer key and secret
function getTwitterConsumerTokens() {
    return {key: "xxxxxxxxxxxxxxxxx", secret: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"};
}
var s = encodeURIComponent(getTwitterConsumerTokens().key,'RFC 1738');
s += ':'+encodeURIComponent(getTwitterConsumerTokens().secret,'RFC 1738');
$( document ).ready(function(){
$.ajax({
        type:"POST",
        beforeSend: function (request)
        {
            request.setRequestHeader("Authorization", "Basic "+s);
            request.setRequestHeader("Content-Type","application/x-www-form-urlencoded;charset=UTF-8");
        },
        url: "https://api.twitter.com/oauth2/token",
        data: "grant_type=client_credentials",
        processData: false,
        success: function(msg) {
            alert("successfull");
        }
});

when this script is loaded .it is giving me error in console

OPTIONS https://api.twitter.com/oauth2/token 405 (Method Not Allowed) sinon-server-1.7.1.js:573
apply sinon-server-1.7.1.js:573
fakeXhr.(anonymous function) sinon-server-1.7.1.js:592
send jquery.min.js:4
f.extend.ajax jquery.min.js:4
(anonymous function) index.html:143
e.resolveWith jquery.min.js:2
e.extend.ready jquery.min.js:2
c.addEventListener.C jquery.min.js:2
XMLHttpRequest cannot load https://api.twitter.com/oauth2/token. Origin null is not allowed by Access-Control-Allow-Origin. index.html:1

how to resolve this error please guideline. i am following this link https://dev.twitter.com/docs/auth/application-only-auth

when i host it using node.js .it is giving me error

Failed to load resource: the server responded with a status of 405 (Method Not Allowed) https://api.twitter.com/oauth2/token?jsonp=success
XMLHttpRequest cannot load https://api.twitter.com/oauth2/token?jsonp=success. Origin http://localhost:8888 is not allowed by Access-Control-Allow-Origin. index.html:1
mathlearner
  • 7,509
  • 31
  • 126
  • 189
  • what is the point of having second parameter to [`encodeURIComponent`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURIComponent) function ? – c69 Jul 20 '13 at 12:15
  • Are you running it from a file system or a server? – vsr Jul 20 '13 at 12:18
  • in the link (https://dev.twitter.com/docs/auth/application-only-auth) that u should encode the parameters with RFC 1738 it is right now giving same result as provided but in future it will get changed. – mathlearner Jul 20 '13 at 12:19
  • @vsr from file system. – mathlearner Jul 20 '13 at 12:20
  • @RiteshMehandiratta that must be the problem. Host it on a server(like apache or nginx) and try. http://stackoverflow.com/questions/8456538/origin-null-is-not-allowed-by-access-control-allow-origin – vsr Jul 20 '13 at 12:21
  • its giving the same error except Origin is not now null – mathlearner Jul 20 '13 at 12:30
  • @RiteshMehandiratta You're using **client side code** for the API 1.1. This doesn't work! Put some bloody effort in and work with server side code, you don't use JavaScript to access the API any more. – Jimbo Jul 22 '13 at 09:38

1 Answers1

4

You are sending a cross domain ajax request from your browser, which is mostly not allowed for security reasons. You must send the request from your server instead of client's browser.

erdimeola
  • 844
  • 8
  • 17