This would be two three-legged OAuth scenarios, correct? 1. The user authorized TwitPic to access Twitter (OAuth dance #1). 2. The user authorizes TweetDeck to use the TwitPic API (OAuth dance #2). 3a. The user does something in the consumer (Tweetdeck) that invokes a provider (TwitPic) API method using the TwitPic/Tweetdeck token 3b. This requires a call to Twitter, at which point the new consumer (TwitPic) invokes a provider (Twitter) API method using the Twitter/TwitPic token. 3c. Once the TwitPic/Twitter roundtrip is complete, TwitPic passes back a result to TweetDeck, completing the original API call.
Whew, that was a mouthful. Of course, this requires that TwitPic be an OAuth provider and consumer and currently it looks like it may be neither, so this may not be the best example. Is that correct? Are there any examples of this, or better ways to do this? Ethan On Wed, Mar 25, 2009 at 11:13 AM, Ivan Kirigin <[email protected]>wrote: > > Hi, > > I recently integrated Twitter's OAuth into my site, http://tipjoy.com > > It's a great user experience and a lot like Facebook Connect. > > But I ran into a problem when developing our API for Twitter > applications to use Tipjoy for payments. OAuth tokens aren't > transferable like a username & password. For example, a Twitter user > on TweetDeck can input a username & password, which lets TweetDeck > post a picture to TwitPic. If TweetDeck were granted OAuth access to > the user's Twitter account, TwitPic couldn't verify the access tokens > easily, and couldn't communicate to Twitter with them. > > How can we power this 4-legged OAuth? Twitter could act as an > intermediary, to tell TwitPic that the request from TweetDeck is > authorized. > > I'm told Facebook is coming up with a solution for Facebook Connect. > As the environment for social apps becomes more connected, this > communication between 3rd parties about users on the OAuth provider > become more important. > > What do you all think? > > Thanks, > Ivan > http://tipjoy.com > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
