[twitter-dev] Re: oAUTH - can it be done without interaction with a core browser?
I would just like to put in my two cents that I think this has to be addressed before basic auth is taken away. I am currently developing a mobile app that would not be possible with oauth. David Troyer On Apr 20, 1:29 am, Doug Williams d...@twitter.com wrote: Jeff, We are still thinking internally about how we want to get around the browser for OAuth token requests. Although, at this time we don't have a particular implementation to share. Doug Williams Twitter API Supporthttp://twitter.com/dougw On Sun, Apr 19, 2009 at 9:41 PM, Jeff Bishop jeff.bis...@gmail.com wrote: Doug, I think if the user could log in to Twitter from a link and then be redirected to a place where the code could be shown to paste into the desktop application then that would work fine. Heck, you could even put a copy to clipboard button on that page so that the user could paste it in. Is this something planned or does it already exist? Jeff - Original Message - *From:* Doug Williams d...@twitter.com *To:* twitter-development-talk@googlegroups.com *Sent:* Sunday, April 19, 2009 9:22 PM *Subject:* [twitter-dev] Re: oAUTH - can it be done without interaction with a core browser? The call tohttp://twitter.com/oauth/authorize(or the Sign in with Twitter equivalenthttp://twitter.com/oauth/authenticate) requires a browser to render the HTML necessary for the user prompt. This is a limitation we recognize with the current beta release of the OAuth implementation. Doug Williams Twitter API Support http://twitter.com/dougw On Sun, Apr 19, 2009 at 1:37 PM, Guan Yang g...@yang.dk wrote: On Sun, Apr 19, 2009 at 14:37, Jeff Bishop jeff.bis...@gmail.com wrote: 1. Get all of the required items from the user outside of Twitter's interface? 2. Authenticate (like with basic auth of some type using XML posts)? 3. Be able to post back to get the token information. I'm not completely sure what you want, but you could do something like this: - Obtain a request token and secret. - Start up a browser and send the user to http://twitter.com/oauth/authorize - Display a button that says something like click here when you're done - When the user clicks that button, assume that you're authorized with Twitter, and make a request to obtain the access token. - If that's not the case, repeat the process. The point is that you don't really need any information back through the callback other than the fact that the user has completed the authorization process. But that can be accomplished simply by having the user click a button. If you are able to register URI schemes in the operating system that will launch your app, there is a different way of doing this. Suppose you've registered mycoolapp:// with the operating system. Then you can supply an oauth_callback parameter to http://twitter.com/oauth/authorizethat looks something like this: mycoolapp://twitter-authorize-complete After successful authorization, Twitter will then redirect to something like mycoolapp://twitter-authorize-complete?oauth_token=xxxscreen_name=guanuser_id=1234other_params=values That way your app will automatically be launched after authorization and you can call access_token at that point. Guan
[twitter-dev] Re: oAUTH - can it be done without interaction with a core browser?
David, That is our intention, as mentioned in past discussion and documented on the FAQ: http://apiwiki.twitter.com/FAQ#WhenwillTwittersupportOAuthhttp://apiwiki.twitter.com/FAQ Thanks, Doug -- Doug Williams Twitter Platform Support http://twitter.com/dougw On Thu, May 14, 2009 at 10:21 AM, David Troyer dmtro...@gmail.com wrote: I would just like to put in my two cents that I think this has to be addressed before basic auth is taken away. I am currently developing a mobile app that would not be possible with oauth. David Troyer On Apr 20, 1:29 am, Doug Williams d...@twitter.com wrote: Jeff, We are still thinking internally about how we want to get around the browser for OAuth token requests. Although, at this time we don't have a particular implementation to share. Doug Williams Twitter API Supporthttp://twitter.com/dougw On Sun, Apr 19, 2009 at 9:41 PM, Jeff Bishop jeff.bis...@gmail.com wrote: Doug, I think if the user could log in to Twitter from a link and then be redirected to a place where the code could be shown to paste into the desktop application then that would work fine. Heck, you could even put a copy to clipboard button on that page so that the user could paste it in. Is this something planned or does it already exist? Jeff - Original Message - *From:* Doug Williams d...@twitter.com *To:* twitter-development-talk@googlegroups.com *Sent:* Sunday, April 19, 2009 9:22 PM *Subject:* [twitter-dev] Re: oAUTH - can it be done without interaction with a core browser? The call tohttp://twitter.com/oauth/authorize(orhttp://twitter.com/oauth/authorize%28orthe Sign in with Twitter equivalenthttp://twitter.com/oauth/authenticate) requires a browser to render the HTML necessary for the user prompt. This is a limitation we recognize with the current beta release of the OAuth implementation. Doug Williams Twitter API Support http://twitter.com/dougw On Sun, Apr 19, 2009 at 1:37 PM, Guan Yang g...@yang.dk wrote: On Sun, Apr 19, 2009 at 14:37, Jeff Bishop jeff.bis...@gmail.com wrote: 1. Get all of the required items from the user outside of Twitter's interface? 2. Authenticate (like with basic auth of some type using XML posts)? 3. Be able to post back to get the token information. I'm not completely sure what you want, but you could do something like this: - Obtain a request token and secret. - Start up a browser and send the user to http://twitter.com/oauth/authorize - Display a button that says something like click here when you're done - When the user clicks that button, assume that you're authorized with Twitter, and make a request to obtain the access token. - If that's not the case, repeat the process. The point is that you don't really need any information back through the callback other than the fact that the user has completed the authorization process. But that can be accomplished simply by having the user click a button. If you are able to register URI schemes in the operating system that will launch your app, there is a different way of doing this. Suppose you've registered mycoolapp:// with the operating system. Then you can supply an oauth_callback parameter to http://twitter.com/oauth/authorizethat looks something like this: mycoolapp://twitter-authorize-complete After successful authorization, Twitter will then redirect to something like mycoolapp://twitter-authorize-complete?oauth_token=xxxscreen_name=guanuser_id=1234other_params=values That way your app will automatically be launched after authorization and you can call access_token at that point. Guan
[twitter-dev] Re: oAUTH - can it be done without interaction with a core browser?
On Sun, Apr 19, 2009 at 14:37, Jeff Bishop jeff.bis...@gmail.com wrote: 1. Get all of the required items from the user outside of Twitter's interface? 2. Authenticate (like with basic auth of some type using XML posts)? 3. Be able to post back to get the token information. I'm not completely sure what you want, but you could do something like this: - Obtain a request token and secret. - Start up a browser and send the user to http://twitter.com/oauth/authorize - Display a button that says something like click here when you're done - When the user clicks that button, assume that you're authorized with Twitter, and make a request to obtain the access token. - If that's not the case, repeat the process. The point is that you don't really need any information back through the callback other than the fact that the user has completed the authorization process. But that can be accomplished simply by having the user click a button. If you are able to register URI schemes in the operating system that will launch your app, there is a different way of doing this. Suppose you've registered mycoolapp:// with the operating system. Then you can supply an oauth_callback parameter to http://twitter.com/oauth/authorize that looks something like this: mycoolapp://twitter-authorize-complete After successful authorization, Twitter will then redirect to something like mycoolapp://twitter-authorize-complete?oauth_token=xxxscreen_name=guanuser_id=1234other_params=values That way your app will automatically be launched after authorization and you can call access_token at that point. Guan
[twitter-dev] Re: oAUTH - can it be done without interaction with a core browser?
Jeff, We are still thinking internally about how we want to get around the browser for OAuth token requests. Although, at this time we don't have a particular implementation to share. Doug Williams Twitter API Support http://twitter.com/dougw On Sun, Apr 19, 2009 at 9:41 PM, Jeff Bishop jeff.bis...@gmail.com wrote: Doug, I think if the user could log in to Twitter from a link and then be redirected to a place where the code could be shown to paste into the desktop application then that would work fine. Heck, you could even put a copy to clipboard button on that page so that the user could paste it in. Is this something planned or does it already exist? Jeff - Original Message - *From:* Doug Williams d...@twitter.com *To:* twitter-development-talk@googlegroups.com *Sent:* Sunday, April 19, 2009 9:22 PM *Subject:* [twitter-dev] Re: oAUTH - can it be done without interaction with a core browser? The call to http://twitter.com/oauth/authorize (or the Sign in with Twitter equivalent http://twitter.com/oauth/authenticate) requires a browser to render the HTML necessary for the user prompt. This is a limitation we recognize with the current beta release of the OAuth implementation. Doug Williams Twitter API Support http://twitter.com/dougw On Sun, Apr 19, 2009 at 1:37 PM, Guan Yang g...@yang.dk wrote: On Sun, Apr 19, 2009 at 14:37, Jeff Bishop jeff.bis...@gmail.com wrote: 1. Get all of the required items from the user outside of Twitter's interface? 2. Authenticate (like with basic auth of some type using XML posts)? 3. Be able to post back to get the token information. I'm not completely sure what you want, but you could do something like this: - Obtain a request token and secret. - Start up a browser and send the user to http://twitter.com/oauth/authorize - Display a button that says something like click here when you're done - When the user clicks that button, assume that you're authorized with Twitter, and make a request to obtain the access token. - If that's not the case, repeat the process. The point is that you don't really need any information back through the callback other than the fact that the user has completed the authorization process. But that can be accomplished simply by having the user click a button. If you are able to register URI schemes in the operating system that will launch your app, there is a different way of doing this. Suppose you've registered mycoolapp:// with the operating system. Then you can supply an oauth_callback parameter to http://twitter.com/oauth/authorize that looks something like this: mycoolapp://twitter-authorize-complete After successful authorization, Twitter will then redirect to something like mycoolapp://twitter-authorize-complete?oauth_token=xxxscreen_name=guanuser_id=1234other_params=values That way your app will automatically be launched after authorization and you can call access_token at that point. Guan
