This statement was more 'vision' than 'practice'. I'll adjust it to correct this misconception. The idea is that OAuth *could* be used in such a way, but as far as I know, no one is applying it like that.
EHL > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of CA Meijer > Sent: Sunday, March 08, 2009 11:01 AM > To: OAuth > Subject: [oauth] Re: Twitter OAuth Direct Access > > > Thanks for the reply. I think that I understand your point but it > seems somewhat at odds with the following sentence in the basic guide: > "When OAuth is used as a direct replacement of HTTP 'Basic', the > Consumer Key and Consumer Secret should hold the username and > password, and the Token and Token Secret should remain empty." > > If I want to update my status at Twitter, using my username and > password in the "consumer parameter" seems (1) consistent with the > quote above and (2) an inherently sensible choice. > > Is it impossible to use "OAuth as a direct replacement of HTTP > 'Basic'" at twitter? Or am I missing something completely trivial? > > > > > On Mar 8, 6:20 pm, Eran Hammer-Lahav <[email protected]> wrote: > > It doesn't refer to the idea that you can put your basic-auth > credentials and just stick them into random parameters. The idea of > direct access is when the application want to call the service without > a user-context. That is, to perform some administrative work related to > the service but not on behalf of a user. In the case of Twitter, the > only thing you can put in the consumer parameter is something Twitter > gives you when you register a new application. > > > > EHL > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
