On Wed, Mar 25, 2009 at 4:13 PM, Ivan Kirigin <[email protected]> wrote: > > Hi, > > I recently integrated Twitter's OAuth into my site, http://tipjoy.com > > It's a great user experience and a lot like Facebook Connect. > > But I ran into a problem when developing our API for Twitter > applications to use Tipjoy for payments. OAuth tokens aren't > transferable like a username & password. For example, a Twitter user > on TweetDeck can input a username & password, which lets TweetDeck > post a picture to TwitPic. If TweetDeck were granted OAuth access to > the user's Twitter account, TwitPic couldn't verify the access tokens > easily, and couldn't communicate to Twitter with them. > > How can we power this 4-legged OAuth? Twitter could act as an > intermediary, to tell TwitPic that the request from TweetDeck is > authorized.
Aha. This is delegation, something I wanted to put into OAuth first time round but, well, there was resistance :-) I believe the IETF are also interested in delegation. > > I'm told Facebook is coming up with a solution for Facebook Connect. > As the environment for social apps becomes more connected, this > communication between 3rd parties about users on the OAuth provider > become more important. > > What do you all think? > > Thanks, > Ivan > http://tipjoy.com > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
