[twitter-dev] xAuth Approval

[Iman Zarrabian]

Hi all, I'm new to the whole OAuth/xAuth thing 
I'd like t know how long it's gonna take to twitter api team to
authorize a xAuth use request ? any feedback on that ? I guess you got
this question 100 times a day, no ? sorry ;)

thx in advance

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Re: [twitter-dev] xAuth approval times

[Taylor Singletary]

Hi Alex,

We do our best to keep the wait under 72 hours, but there are times it will
take longer.

Taylor

On Fri, Sep 10, 2010 at 4:33 AM, supersonicduck wrote:

> Hi,
>
> I've totally missed the announcement that basic authentication will be
> disabled end of August, so now my iPhone app's twitter functionality
> is broken. I've submitted a request to get access to xAuth
> authentication two days ago and still didn't get a response. What kind
> of timeframe are we looking at for the approval?
>
> Thanks!
>
> --
> Twitter developer documentation and resources: http://dev.twitter.com/doc
> API updates via Twitter: http://twitter.com/twitterapi
> Issues/Enhancements Tracker:
> http://code.google.com/p/twitter-api/issues/list
> Change your membership to this group:
> http://groups.google.com/group/twitter-development-talk?hl=en
>

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en

[twitter-dev] xAuth approval times

[supersonicduck]

Hi,

I've totally missed the announcement that basic authentication will be
disabled end of August, so now my iPhone app's twitter functionality
is broken. I've submitted a request to get access to xAuth
authentication two days ago and still didn't get a response. What kind
of timeframe are we looking at for the approval?

Thanks!

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en

Re: [twitter-dev] xAuth Approval?

[M. Edward (Ed) Borasky]

On 04/27/2010 08:00 PM, John Meyer wrote:
> On 4/27/2010 8:29 PM, M. Edward (Ed) Borasky wrote:
>> On 04/27/2010 05:00 PM, John Meyer wrote:
>>> On 4/27/2010 5:53 PM, Julio Biason wrote:
 se it's open source it doesn't mean you can't charge for it.
 So I'm guessing that's what John Meyer asked what open source have to
 with money.

>>>
>>>
>>> Actually what I was asking is what did money have to do with the way
>>> that our applications authenticate themselves to Twitter (either through
>>> Basic, oAuth or xAuth) and the method that we preferred based upon our
>>> application.  I never intended an open source vs money arguement; what I
>>> was trying to say is that while he had one way of doing a CLI client I
>>> may have another that does require authentication. So why should mine
>>> have to potentially break the application by using a browser?
>>>
>>>
>> It shouldn't. But mine will use the browser. And I will charge money for
>> it. It may or may not be open source - as people have pointed out, there
>> are precedents for charging money for open source software.
>>
> 
> 
> Okay do you mean that it shouldn't as in you don't think that I should
> have to use a browser to access it, or do you mean that it shouldn't in
> taht you don't think that me having to use a browser will break the
> interface?
> 
> 
You shouldn't have to use a "browser" to access the Twitter "allow/deny"
dialogue. But IIRC that's considered a "best practice." I've never tried
it with Lynx, either. ;-)

-- 
M. Edward (Ed) Borasky
borasky-research.net/m-edward-ed-borasky

"A mathematician is a device for turning coffee into theorems." ~ Paul Erdős

Re: [twitter-dev] xAuth Approval?

[John Meyer]

On 4/27/2010 8:29 PM, M. Edward (Ed) Borasky wrote:

On 04/27/2010 05:00 PM, John Meyer wrote:

On 4/27/2010 5:53 PM, Julio Biason wrote:

se it's open source it doesn't mean you can't charge for it.
So I'm guessing that's what John Meyer asked what open source have to
with money.




Actually what I was asking is what did money have to do with the way
that our applications authenticate themselves to Twitter (either through
Basic, oAuth or xAuth) and the method that we preferred based upon our
application.  I never intended an open source vs money arguement; what I
was trying to say is that while he had one way of doing a CLI client I
may have another that does require authentication. So why should mine
have to potentially break the application by using a browser?



It shouldn't. But mine will use the browser. And I will charge money for
it. It may or may not be open source - as people have pointed out, there
are precedents for charging money for open source software.




Okay do you mean that it shouldn't as in you don't think that I should 
have to use a browser to access it, or do you mean that it shouldn't in 
taht you don't think that me having to use a browser will break the 
interface?

Re: [twitter-dev] xAuth Approval?

[M. Edward (Ed) Borasky]

On 04/27/2010 05:00 PM, John Meyer wrote:
> On 4/27/2010 5:53 PM, Julio Biason wrote:
>> se it's open source it doesn't mean you can't charge for it.
>> So I'm guessing that's what John Meyer asked what open source have to
>> with money.
>>
> 
> 
> Actually what I was asking is what did money have to do with the way
> that our applications authenticate themselves to Twitter (either through
> Basic, oAuth or xAuth) and the method that we preferred based upon our
> application.  I never intended an open source vs money arguement; what I
> was trying to say is that while he had one way of doing a CLI client I
> may have another that does require authentication. So why should mine
> have to potentially break the application by using a browser?
> 
> 
It shouldn't. But mine will use the browser. And I will charge money for
it. It may or may not be open source - as people have pointed out, there
are precedents for charging money for open source software.

-- 
M. Edward (Ed) Borasky
borasky-research.net/m-edward-ed-borasky

"A mathematician is a device for turning coffee into theorems." ~ Paul Erdős

Re: [twitter-dev] xAuth Approval?

[M. Edward (Ed) Borasky]

On 04/27/2010 04:53 PM, Julio Biason wrote:
> On Tue, Apr 27, 2010 at 2:35 PM, M. Edward (Ed) Borasky
>  wrote:
>> Charging money is how we pay our expenses and earn enough profit to
>> invest in research and development for the next generation applications. ;-)
> 
> Just because it's open source it doesn't mean you can't charge for it.
> So I'm guessing that's what John Meyer asked what open source have to
> with money.
> 
> As a matter of fact, Richard Stallman, to fund the development of the
> GNU system, was selling copies of Emacs. Of course, it was not
> licenses (like every big company do these days), but his work and the
> media.
> 

I wasn't saying you couldn't charge for open source software. I was
saying you'd have a tough time getting people to pay for *command line*
tools. Sorry if I wasn't clear about that.

-- 
M. Edward (Ed) Borasky
borasky-research.net/m-edward-ed-borasky

"A mathematician is a device for turning coffee into theorems." ~ Paul Erdős

Re: [twitter-dev] xAuth Approval?

[John Meyer]

On 4/27/2010 5:53 PM, Julio Biason wrote:

se it's open source it doesn't mean you can't charge for it.
So I'm guessing that's what John Meyer asked what open source have to
with money.




Actually what I was asking is what did money have to do with the way 
that our applications authenticate themselves to Twitter (either through 
Basic, oAuth or xAuth) and the method that we preferred based upon our 
application.  I never intended an open source vs money arguement; what I 
was trying to say is that while he had one way of doing a CLI client I 
may have another that does require authentication. So why should mine 
have to potentially break the application by using a browser?

Re: [twitter-dev] xAuth Approval?

[Julio Biason]

On Tue, Apr 27, 2010 at 2:35 PM, M. Edward (Ed) Borasky
 wrote:
> Charging money is how we pay our expenses and earn enough profit to
> invest in research and development for the next generation applications. ;-)

Just because it's open source it doesn't mean you can't charge for it.
So I'm guessing that's what John Meyer asked what open source have to
with money.

As a matter of fact, Richard Stallman, to fund the development of the
GNU system, was selling copies of Emacs. Of course, it was not
licenses (like every big company do these days), but his work and the
media.

-- 
Julio Biason 
Twitter: http://twitter.com/juliobiason

Re: [twitter-dev] xAuth Approval?

[John Meyer]

On 4/27/2010 11:35 AM, M. Edward (Ed) Borasky wrote:

ours might, but as you know about Open Source, the whole point is that

 people can choose and some may choose to use certain calls that require
 authentication. And what does charging money have to do with anything?



I presume that we are talking about the difference and relative 
advantages of being able to log in browserlessly vs logging in with a 
system that requires opening a browser, at least on the initial use. 
Again, what dose money have to do with that one way or another?



--
Subscription settings: 
http://groups.google.com/group/twitter-development-talk/subscribe?hl=en

Re: [twitter-dev] xAuth Approval?

[M. Edward (Ed) Borasky]

On 04/27/2010 10:18 AM, John Meyer wrote:
> On 4/27/2010 10:59 AM, M. Edward (Ed) Borasky wrote:
>> On 04/27/2010 04:53 AM, John Meyer wrote:
>>> On 4/26/2010 8:59 PM, M. Edward (Ed) Borasky wrote:
 Yeah ... but I *like* having the browser involved.
>>> Which is fine.  However, there are other people who don't like getting
>>> the browser involved (people making command line Linux programs, for
>>> instance, or people exposing their own APIs that interact with Twitter).
>>
>> Well ... there's Lynx. ;-) But seriously, I make command-line Linux
>> Twitter programs for my own use all the time, and I released four of
>> them as open source projects. *But*:
>>
>> 1. Those only use API calls that don't require authentication.
>>
>> 2. They are free as in beer as well as in freedom. There are exactly
>> *zero* potential *paying* customers for a command-line Linux program.
> 
> 
> Yours might, but as you know about Open Source, the whole point is that
> people can choose and some may choose to use certain calls that require
> authentication. And what does charging money have to do with anything?

Charging money is how we pay our expenses and earn enough profit to
invest in research and development for the next generation applications. ;-)

-- 
M. Edward (Ed) Borasky
borasky-research.net/m-edward-ed-borasky

"A mathematician is a device for turning coffee into theorems." ~ Paul Erdős


-- 
Subscription settings: 
http://groups.google.com/group/twitter-development-talk/subscribe?hl=en

Re: [twitter-dev] xAuth Approval?

[John Meyer]

On 4/27/2010 10:59 AM, M. Edward (Ed) Borasky wrote:

On 04/27/2010 04:53 AM, John Meyer wrote:

On 4/26/2010 8:59 PM, M. Edward (Ed) Borasky wrote:

Yeah ... but I *like* having the browser involved.

Which is fine.  However, there are other people who don't like getting
the browser involved (people making command line Linux programs, for
instance, or people exposing their own APIs that interact with Twitter).


Well ... there's Lynx. ;-) But seriously, I make command-line Linux
Twitter programs for my own use all the time, and I released four of
them as open source projects. *But*:

1. Those only use API calls that don't require authentication.

2. They are free as in beer as well as in freedom. There are exactly
*zero* potential *paying* customers for a command-line Linux program.



Yours might, but as you know about Open Source, the whole point is that 
people can choose and some may choose to use certain calls that require 
authentication. And what does charging money have to do with anything?






--
Subscription settings: 
http://groups.google.com/group/twitter-development-talk/subscribe?hl=en

Re: [twitter-dev] xAuth Approval?

[Isaiah Carew]

On Apr 26, 2010, at 8:54 PM, Raffi Krikorian wrote:

> >> xAuth is a method for which to exchange usernames and passwords for those
> >> tokens, without send the user through the workflow.  this is for two
> >> reasons: 1. mobile/desktop application authors have complained that it 
> >> makes
> >> their UX fugly when they bring up a web browser (i'll hold my opinions on
> >> this); and 2. web applications that have been storing usernames and
> >> passwords need a method to "bulk convert" all their users over to oauth
> >> tokens.
> >
> > and 3. Browserless environments. I'm pretty sure that was one of the initial
> > motivators way back when the crud was flying.
> >
> 
> Yeah ... but I *like* having the browser involved.
> 
> +1 ! 
> 

It's so tempting to respond in kind to that sort of professionalism.

Isaiah


-- 
Subscription settings: 
http://groups.google.com/group/twitter-development-talk/subscribe?hl=en

Re: [twitter-dev] xAuth Approval?

[M. Edward (Ed) Borasky]

On 04/27/2010 04:53 AM, John Meyer wrote:
> On 4/26/2010 8:59 PM, M. Edward (Ed) Borasky wrote:
>> Yeah ... but I *like* having the browser involved.
> Which is fine.  However, there are other people who don't like getting
> the browser involved (people making command line Linux programs, for
> instance, or people exposing their own APIs that interact with Twitter).

Well ... there's Lynx. ;-) But seriously, I make command-line Linux
Twitter programs for my own use all the time, and I released four of
them as open source projects. *But*:

1. Those only use API calls that don't require authentication.

2. They are free as in beer as well as in freedom. There are exactly
*zero* potential *paying* customers for a command-line Linux program.

Let me quote two paragraphs from the Twitter Security Best Practices web
page:

"Be sure that you're not exposing sensitive information through
debugging screens/logs. Some web frameworks make it easy to access
debugging information if your application is not properly configured.
For desktop and mobile developers, it's easy to accidentally ship a
build with debugging flags or symbols enabled. Build checks for these
configurations into your deployment/build process."

"As aforementioned, for optimal security you should be using OAuth. But
once you have a token with which to make requests on behalf of a user,
where do you put it? Ideally, in an encrypted store managed by your
operating system. On Mac OS X, this would be the Keychain. In the GNOME
desktop environment, there's the Keyring. In the KDE desktop
environment, there's KWallet."

If you're building desktop applications that you are going to ask people
to pay for, you

1. *Must* have a better user interface than a command line,

2. *Must* adhere to the Twitter security best practices, including the
two I've highlighted, and

3. In all probability *shouldn't* waste your time building a Linux
version. Windows is 89-90 percent of the desktop market, Macintosh is 9
- 10 percent, and Linux is 1 percent.

-- 
M. Edward (Ed) Borasky
borasky-research.net/m-edward-ed-borasky

"A mathematician is a device for turning coffee into theorems." ~ Paul Erdős


-- 
Subscription settings: 
http://groups.google.com/group/twitter-development-talk/subscribe?hl=en

Re: [twitter-dev] xAuth Approval?

[John Meyer]

On 4/26/2010 8:59 PM, M. Edward (Ed) Borasky wrote:

On 04/26/2010 05:16 PM, Cameron Kaiser wrote:

xAuth is a method for which to exchange usernames and passwords for those
tokens, without send the user through the workflow.  this is for two
reasons: 1. mobile/desktop application authors have complained that it makes
their UX fugly when they bring up a web browser (i'll hold my opinions on
this); and 2. web applications that have been storing usernames and
passwords need a method to "bulk convert" all their users over to oauth
tokens.


and 3. Browserless environments. I'm pretty sure that was one of the initial
motivators way back when the crud was flying.



Yeah ... but I *like* having the browser involved.



Which is fine.  However, there are other people who don't like getting 
the browser involved (people making command line Linux programs, for 
instance, or people exposing their own APIs that interact with Twitter).



--
Subscription settings: 
http://groups.google.com/group/twitter-development-talk/subscribe?hl=en

Re: [twitter-dev] xAuth Approval?

[Cameron Kaiser]

> > and 3. Browserless environments. I'm pretty sure that was one of the initial
> > motivators way back when the crud was flying.
> 
> Yeah ... but I *like* having the browser involved.

I'm so happy your world is so limited.

-- 
 personal: http://www.cameronkaiser.com/ --
  Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com
-- When people get acupuncture, do voodoo dolls die? --


-- 
Subscription settings: 
http://groups.google.com/group/twitter-development-talk/subscribe?hl=en

Re: [twitter-dev] xAuth Approval?

[Raffi Krikorian]

>
> >> xAuth is a method for which to exchange usernames and passwords for
> those
> >> tokens, without send the user through the workflow.  this is for two
> >> reasons: 1. mobile/desktop application authors have complained that it
> makes
> >> their UX fugly when they bring up a web browser (i'll hold my opinions
> on
> >> this); and 2. web applications that have been storing usernames and
> >> passwords need a method to "bulk convert" all their users over to oauth
> >> tokens.
> >
> > and 3. Browserless environments. I'm pretty sure that was one of the
> initial
> > motivators way back when the crud was flying.
> >
>
> Yeah ... but I *like* having the browser involved.


+1 !


-- 
Raffi Krikorian
Twitter Platform Team
http://twitter.com/raffi


-- 
Subscription settings: 
http://groups.google.com/group/twitter-development-talk/subscribe?hl=en

Re: [twitter-dev] xAuth Approval?

[M. Edward (Ed) Borasky]

On 04/26/2010 05:16 PM, Cameron Kaiser wrote:
>> xAuth is a method for which to exchange usernames and passwords for those
>> tokens, without send the user through the workflow.  this is for two
>> reasons: 1. mobile/desktop application authors have complained that it makes
>> their UX fugly when they bring up a web browser (i'll hold my opinions on
>> this); and 2. web applications that have been storing usernames and
>> passwords need a method to "bulk convert" all their users over to oauth
>> tokens.
> 
> and 3. Browserless environments. I'm pretty sure that was one of the initial
> motivators way back when the crud was flying.
> 

Yeah ... but I *like* having the browser involved.

-- 
M. Edward (Ed) Borasky
borasky-research.net/m-edward-ed-borasky

"A mathematician is a device for turning coffee into theorems." ~ Paul Erdős


-- 
Subscription settings: 
http://groups.google.com/group/twitter-development-talk/subscribe?hl=en

Re: [twitter-dev] xAuth Approval?

[Cameron Kaiser]

> xAuth is a method for which to exchange usernames and passwords for those
> tokens, without send the user through the workflow.  this is for two
> reasons: 1. mobile/desktop application authors have complained that it makes
> their UX fugly when they bring up a web browser (i'll hold my opinions on
> this); and 2. web applications that have been storing usernames and
> passwords need a method to "bulk convert" all their users over to oauth
> tokens.

and 3. Browserless environments. I'm pretty sure that was one of the initial
motivators way back when the crud was flying.

-- 
 personal: http://www.cameronkaiser.com/ --
  Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com
-- If ignorance is bliss, shouldn't I be happier? -


-- 
Subscription settings: 
http://groups.google.com/group/twitter-development-talk/subscribe?hl=en

Re: [twitter-dev] xAuth Approval?

[John Meyer]

On 4/26/2010 4:55 PM, Raffi Krikorian wrote:

let's step back.

oAuth is the general framework that we want everybody to use.
  applications no longer have to store usernames and passwords, which is
"a good thing".

normally, to get access tokens, applications send users through the
oAuth workflow -- this means they bring up a webpage on twitter.com
, enter username/password there, and then the oAuth
tokens are handed back to the application.

xAuth is a method for which to exchange usernames and passwords for
those tokens, without send the user through the workflow.  this is for
two reasons: 1. mobile/desktop application authors have complained that
it makes their UX fugly when they bring up a web browser (i'll hold my
opinions on this); and 2. web applications that have been storing
usernames and passwords need a method to "bulk convert" all their users
over to oauth tokens.  after that bulk conversion, web applications can
send new users through the oAuth web workflow.

does that clear things up?

Ah, I get it. It's sort of like a batch converter.  Still, requiring an 
oAuth signature _before_ you cocnvert seems a bit like putting the cart 
ahead of the horse.  And first you mention mobile/desktop applications, 
then you say that "after the bulk conversion, web applications can send 
new users. . .,"  What happened to the desktop/mobile apps?



--
Subscription settings: 
http://groups.google.com/group/twitter-development-talk/subscribe?hl=en

Re: [twitter-dev] xAuth Approval?

[Raffi Krikorian]

let's step back.

oAuth is the general framework that we want everybody to use.  applications
no longer have to store usernames and passwords, which is "a good thing".

normally, to get access tokens, applications send users through the oAuth
workflow -- this means they bring up a webpage on twitter.com, enter
username/password there, and then the oAuth tokens are handed back to the
application.

xAuth is a method for which to exchange usernames and passwords for those
tokens, without send the user through the workflow.  this is for two
reasons: 1. mobile/desktop application authors have complained that it makes
their UX fugly when they bring up a web browser (i'll hold my opinions on
this); and 2. web applications that have been storing usernames and
passwords need a method to "bulk convert" all their users over to oauth
tokens.  after that bulk conversion, web applications can send new users
through the oAuth web workflow.

does that clear things up?



On Mon, Apr 26, 2010 at 3:46 PM, John Meyer  wrote:

> On 4/26/2010 4:23 PM, Raffi Krikorian wrote:
>
>> honestly, i wouldn't plan on it.  the "spirit" of oAuth is that the
>> user's credentials never even pass through a web application.
>>
>
> Now I'm confused.  Is xAuth going to be a method unto itself of
> authenticating for the long-term, or is this the way that you are trying to
> transition Basic users to oAuth through xAuth before Basic is shut down?  If
> it's the latter, I don't know why you would even bother if oAuth is simpler
> than xAuth in the first place.
>
>
>
>
> --
> Subscription settings:
> http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
>



-- 
Raffi Krikorian
Twitter Platform Team
http://twitter.com/raffi

Re: [twitter-dev] xAuth Approval?

[John Meyer]

On 4/26/2010 4:23 PM, Raffi Krikorian wrote:

honestly, i wouldn't plan on it.  the "spirit" of oAuth is that the
user's credentials never even pass through a web application.


Now I'm confused.  Is xAuth going to be a method unto itself of 
authenticating for the long-term, or is this the way that you are trying 
to transition Basic users to oAuth through xAuth before Basic is shut 
down?  If it's the latter, I don't know why you would even bother if 
oAuth is simpler than xAuth in the first place.




--
Subscription settings: 
http://groups.google.com/group/twitter-development-talk/subscribe?hl=en

Re: [twitter-dev] xAuth Approval?

[Raffi Krikorian]

honestly, i wouldn't plan on it.  the "spirit" of oAuth is that the user's
credentials never even pass through a web application.

On Mon, Apr 26, 2010 at 3:02 PM, John Meyer  wrote:

> On 4/26/2010 3:46 PM, Raffi Krikorian wrote:
>
>> precisely.
>>
>>
> So is it a possibility that general xAuth will be available before Basic
> goes the way of the dodo? I'm not saying it's easier than oAuth but it would
> at least let developers use their interface and swap in the xAuth rather
> than having to plan for a web browser.
>
>
>
> --
> Subscription settings:
> http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
>



-- 
Raffi Krikorian
Twitter Platform Team
http://twitter.com/raffi

Re: [twitter-dev] xAuth Approval?

[John Meyer]

On 4/26/2010 3:46 PM, Raffi Krikorian wrote:

precisely.



So is it a possibility that general xAuth will be available before Basic 
goes the way of the dodo? I'm not saying it's easier than oAuth but it 
would at least let developers use their interface and swap in the xAuth 
rather than having to plan for a web browser.



--
Subscription settings: 
http://groups.google.com/group/twitter-development-talk/subscribe?hl=en

Re: [twitter-dev] xAuth Approval?

[Raffi Krikorian]

precisely.

On Mon, Apr 26, 2010 at 2:41 PM, John Meyer  wrote:

> On 4/26/2010 2:15 PM, Raffi Krikorian wrote:
>
>> just to be clear - what xAuth is used for is to do a username/password
>> exchange for an oauth access token / secret (for a given application).
>>  from then on out, that access token and secret is used to sign all
>> requests in an oauth manner.
>>
>>  So in other words if I'm reading this right, it allows the user program
> to exchange a username/password combo for the access token and secret rather
> than a pin or a redirect from a website in the case of desktop/mobile and
> website apps.  Nothing else; you can't delete the account, change the
> password, etc without the username/pass.
>
>
>
> --
> Subscription settings:
> http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
>



-- 
Raffi Krikorian
Twitter Platform Team
http://twitter.com/raffi

Re: [twitter-dev] xAuth Approval?

[John Meyer]

On 4/26/2010 2:15 PM, Raffi Krikorian wrote:

just to be clear - what xAuth is used for is to do a username/password
exchange for an oauth access token / secret (for a given application).
  from then on out, that access token and secret is used to sign all
requests in an oauth manner.

So in other words if I'm reading this right, it allows the user program 
to exchange a username/password combo for the access token and secret 
rather than a pin or a redirect from a website in the case of 
desktop/mobile and website apps.  Nothing else; you can't delete the 
account, change the password, etc without the username/pass.



--
Subscription settings: 
http://groups.google.com/group/twitter-development-talk/subscribe?hl=en

Re: [twitter-dev] xAuth Approval?

[Raffi Krikorian]

just to be clear - what xAuth is used for is to do a username/password
exchange for an oauth access token / secret (for a given application).  from
then on out, that access token and secret is used to sign all requests in an
oauth manner.

On Mon, Apr 26, 2010 at 12:48 PM, John Meyer  wrote:

> On 4/26/2010 1:30 PM, Raffi Krikorian wrote:
>
>> a bit unsure - we're still working out what the appropriate terms for
>> xauth should be.  we just wanted it out there ASAP because of basic auth
>> removal.
>>
>
>
> Is there anything that you can do with xAuth that you can't do with oAuth?
>  If not I would think the only possible additions would be "don't store the
> password".
>
>
>
> --
> Subscription settings:
> http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
>



-- 
Raffi Krikorian
Twitter Platform Team
http://twitter.com/raffi

Re: [twitter-dev] xAuth Approval?

[John Meyer]

On 4/26/2010 1:30 PM, Raffi Krikorian wrote:

a bit unsure - we're still working out what the appropriate terms for
xauth should be.  we just wanted it out there ASAP because of basic auth
removal.



Is there anything that you can do with xAuth that you can't do with 
oAuth?  If not I would think the only possible additions would be "don't 
store the password".



--
Subscription settings: 
http://groups.google.com/group/twitter-development-talk/subscribe?hl=en

Re: [twitter-dev] xAuth Approval?

[Raffi Krikorian]

a bit unsure - we're still working out what the appropriate terms for xauth
should be.  we just wanted it out there ASAP because of basic auth removal.

I recently submitted a request for xAuth approval for a mobile app. I
>> was wondering if anyone knows roughly how long it takes for approval.
>> Thanks!
>>
>> On a larger note, is xAuth always going to be something that requires
> pre-approval?
>
> --
Raffi Krikorian
Twitter Platform Team
http://twitter.com/raffi


-- 
Subscription settings: 
http://groups.google.com/group/twitter-development-talk/subscribe?hl=en

Re: [twitter-dev] xAuth Approval?

[Raffi Krikorian]

it should be on the order of days (hopefully less - depends on our backlog
and our queue).

On Mon, Apr 26, 2010 at 11:52 AM, Tony  wrote:

> I recently submitted a request for xAuth approval for a mobile app. I
> was wondering if anyone knows roughly how long it takes for approval.
> Thanks!
>
>
> --
> Subscription settings:
> http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
>



-- 
Raffi Krikorian
Twitter Platform Team
http://twitter.com/raffi

Re: [twitter-dev] xAuth Approval?

[John Meyer]

On 4/26/2010 12:52 PM, Tony wrote:

I recently submitted a request for xAuth approval for a mobile app. I
was wondering if anyone knows roughly how long it takes for approval.
Thanks!




On a larger note, is xAuth always going to be something that requires 
pre-approval?



--
Subscription settings: 
http://groups.google.com/group/twitter-development-talk/subscribe?hl=en

[twitter-dev] xAuth Approval?

[Tony]

I recently submitted a request for xAuth approval for a mobile app. I
was wondering if anyone knows roughly how long it takes for approval.
Thanks!


-- 
Subscription settings: 
http://groups.google.com/group/twitter-development-talk/subscribe?hl=en