Thanks for the reply. I think that I understand your point but it seems somewhat at odds with the following sentence in the basic guide: "When OAuth is used as a direct replacement of HTTP 'Basic', the Consumer Key and Consumer Secret should hold the username and password, and the Token and Token Secret should remain empty."
If I want to update my status at Twitter, using my username and password in the "consumer parameter" seems (1) consistent with the quote above and (2) an inherently sensible choice. Is it impossible to use "OAuth as a direct replacement of HTTP 'Basic'" at twitter? Or am I missing something completely trivial? On Mar 8, 6:20 pm, Eran Hammer-Lahav <[email protected]> wrote: > It doesn't refer to the idea that you can put your basic-auth credentials and > just stick them into random parameters. The idea of direct access is when the > application want to call the service without a user-context. That is, to > perform some administrative work related to the service but not on behalf of > a user. In the case of Twitter, the only thing you can put in the consumer > parameter is something Twitter gives you when you register a new application. > > EHL --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
