It doesn't refer to the idea that you can put your basic-auth credentials and just stick them into random parameters. The idea of direct access is when the application want to call the service without a user-context. That is, to perform some administrative work related to the service but not on behalf of a user. In the case of Twitter, the only thing you can put in the consumer parameter is something Twitter gives you when you register a new application.
EHL > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of CA Meijer > Sent: Sunday, March 08, 2009 4:50 AM > To: OAuth > Subject: [oauth] Re: Twitter OAuth Direct Access > > > It's the term used on the hueniverse beginner's guide to OAuth. See > http://www.hueniverse.com/hueniverse/2008/10/beginners-guide.html > > In particular, see the section headed "Direct & Delegated access". > > According to the guide, "direct access" is also known as "the two- > legged scenario". > > Is the term "direct access" completely unknown? > > > > On Mar 8, 9:28 am, Eran Hammer-Lahav <[email protected]> wrote: > > Where did you get the idea of this "direct access" feature? > > > > EHL > > > > > -----Original Message----- > > > From: [email protected] [mailto:[email protected]] On > Behalf > > > Of CA Meijer > > > Sent: Saturday, March 07, 2009 11:23 PM > > > To: OAuth > > > Subject: [oauth] Twitter OAuth Direct Access > > > > > Hi > > > > > Out of curiosity I tried to log in to my twitter account using > OAuth > > > with direct access (i.e. an empty token and token secret and with > my > > > username and password as consumer key and secret). I got a 401 > HTTP > > > response and a message saying that my token was invalid or expired. > I > > > was wondering whether the problem arose because (1) I'm not a > > > registered user of their limited OAuth beta or (2) because they're > > > only going to support OAuth delegated access? > > > > > Does anyone know whether twitter is going to support direct access > or > > > whether we're going to have to continue to supply passwords in the > > > clear over HTTP? > > > > > My apologies if the answers to these questions are documented > > > elsewhere and I missed them. > > > > > Carl > > > . > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
