Have you guys considered maybe tweaking the basic auth system to
something like what friendfeed has.
Each user could be given a third party system generated key to use
instead of a password and then basic auth could still be used and not
tired to the system password.
If the user felt their
I was just thinking this, and then I read your post. It would be good
to see a trusted apps section somewhere on your site, and those
application could use Basic Auth. If they don't want to go through
the process of being a trusted app, then they can use OAuth.
Just something to think about.
2009/2/5 jstrellner jstrell...@urltrends.com:
I was just thinking this, and then I read your post. It would be good
to see a trusted apps section somewhere on your site, and those
application could use Basic Auth. If they don't want to go through
the process of being a trusted app, then
Guys,
We all know that base-auth is a gold for our app and when we think about
another way like OAuth we get mad
BUT
If the Toke had infinit life time (probabily will do), so the big poblem
transform in a little problem with 3 steps:
1-Your Webapp redirect the user to Twitter Web Site
I was just thinking this, and then I read your post. It would be good
to see a trusted apps section somewhere on your site, and those
application could use Basic Auth. If they don't want to go through
the process of being a trusted app, then they can use OAuth.
Something like that would
We all know that base-auth is a gold for our app and when we think about
another way like OAuth we get mad
BUT
If the Toke had infinit life time (probabily will do), so the big poblem
transform in a little problem with 3 steps:
1-Your Webapp redirect the user to Twitter Web Site
I'll keep that in mind as an option, but it's not particularly
user-friendly. Basic Auth lets users use the password they know; OAuth
keeps users from having to worry about passwords at all. This setup
requires users to keep track of some other strange value. Developers
understand it, so it's
So, what happen if this third party expose to others app this generated key?
They will acess your account too?
If this key can be just used for one app (maybe lock for one IP) the user
will need generated always a new key for one app? (Go to twitter page, log
in, acess New Keys, generate a new
Hi Matt, Thx for answer...
OAuth isn't hard ;)
A couple of days i have learned some about it and put this on my TestApp to
see how works.
I'm glad to see that You guys worrie about the final user. Let's bring it
on...
We had just to generate our api_key and secret, and sort all parameters of
I am not suggesting that they endorse the application, but that they
have a process that is available to desktop apps that lets them keep
using Basic Auth. Once twitter has OK'd the app, then that app can
display a badge of some sort letting its users know that they have an
agreement directly
2009/2/5 jstrellner jstrell...@urltrends.com:
I am not suggesting that they endorse the application, but that they
have a process that is available to desktop apps that lets them keep
using Basic Auth. Once twitter has OK'd the app, then that app can
display a badge of some sort letting its
Stuart ,
In my first reply to this subject, I indicated that it could be a paid
model for them, and I still think it could.
Either way, I see them needing to use a key of some sort for desktop
applications. Twitter would still need to be involved though, if you
want to prevent sharing of said
Flickr doesn't seem to have a problem with the OAuth formula, so why are
people thinking twitter will?
In addition, part of the concern I would have with Basic Auth is the
plaintext password. Sure, it's Base64 encoded, but that's not encryption,
that's just saving bandwidth. If twitter wanted to
On Feb 5, 10:38 pm, James Deville james.devi...@gmail.com wrote:
Flickr doesn't seem to have a problem with the OAuth formula, so why are
people thinking twitter will?
I'm not sure people have said Twitter would have a problem. I've
personally expressed some problems specific to applications
On Thu, Feb 5, 2009 at 7:52 PM, funkatron funkat...@gmail.com wrote:
On Feb 5, 10:38 pm, James Deville james.devi...@gmail.com wrote:
Flickr doesn't seem to have a problem with the OAuth formula, so why are
people thinking twitter will?
I'm not sure people have said Twitter would have a
2009/2/4 Gustavo Melo pipoc...@gmail.com:
We need to understand how OAuth will affect ours app's...
Twitter authentication with username and password will totaly stop work?
How many days we will have to change our app's?
And for me the most important question is, OAuth before copmleted
Sorry for chiming in on this late by I have been working with
@mrtall on the OAuth code. Your first question about allowing OAuth
and Basic Auth to co-exist is one we've covered a few times in this
group but it's sort of buried in the documentation [1]. We plan to
keep Basic
Agreed. I do believe that the use of HTTP Basic Auth was key to the
quick growth of the 3rd-party app community of Twitter, as the auth
scheme is so well-understood and supported. This may or may not be as
important at this point business-wise, as I suspect the Twitter
userbase is large enough to
Thanks for the feedback, guys. We'll consider extending Basic Auth's
life, or maybe granting a stay of execution to known-good apps. At the
very least, we'll try not to pull the rug out from under anyone.
funkatron wrote:
Agreed. I do believe that the use of HTTP Basic Auth was key to the
Thanks for the feedback, guys. We'll consider extending Basic Auth's
life, or maybe granting a stay of execution to known-good apps. At the
very least, we'll try not to pull the rug out from under anyone.
I appreciate the consideration. :)
--
personal:
20 matches
Mail list logo