I'm not sure a solution that requires, in this example, TwitPic to be a OAuth provider is good.
The OAuth access to Twitter should probably remain independent for both TwitPic and TweetDeck. To post a picture, TwitPic would only need to verify the TweetDeck request, and posting to Twitter would require independent OAuth access tokens. If there were an automated way for TweetDeck to use the OAuth Provider (Twitter) to verify the user to TwitPic, there wouldn't need to be a step that involves going through the OAuth process for TwitPic. The dance sounds reasonable for this example, but keep in mind people use lots of clients and there are many 3rd party twitter apps. The user experience is far worse than giving a username / password pair. Ivan http://tipjoy.com On Mar 25, 1:42 pm, Martin Atkins <[email protected]> wrote: > Ethan Jewett wrote: > > 1. The user authorized TwitPic to access Twitter (OAuth dance #1). > > 2. The user authorizes TweetDeck to use the TwitPic API (OAuth dance #2). > > It seems like this could actually be made to look like a single "dance": > > * User of TweetDeck requests a connection to TwitPic. > * TwitPic asks the user to log in. > * TwitPic checks if it already has a Twitter OAuth access token for this > user. If it does, it skips the next step. > * TwitPic initiates an OAuth dance with Twitter to get a Twitter access > token. > * TwitPic issues an OAuth access token connected to the TwitPic account, > which is indirectly connected to the Twitter account. > > So the user sees TweetDeck -> TwitPic -> Twitter -> TweetDeck in the > initial bootstrap case. This is likely to make the user a little > confused, but perhaps the TwitPic UI can say something like "Before > <application name> can use TwitPic, we must connect to your Twitter > account." --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
