Hi Bess,
I'm not sure how long the queue is right now, but we're coming back from a
vacation weekend here in San Francisco and it'll probably take a bit for us
to work through the queue this week. That said, we'll work through it as
quickly as we (securely) can. Each request must be researched be
The oAuth page was changed some months back for the iPhone and it
looks quite nice to be honest, it is most definitely the right height
and width for Webkit on the iPhone now, so I'm not sure what the
library you are using is doing.
I still disagree with the above. oAuth in UIWebView can be spoof
Exactly how long does it take to apply and get approved on xAuth?
If I apply xAuth today, am I standing on a queue that is 1,000 long?
I am preparing a Twitter Developer Book. If it takes a few weeks and
few months, I would have to change plan not to count on xAuth. Would
anyone give any feedback
On May 31, 2010, at 9:25 AM, Bernd Stramm wrote:
>
> In any case Jann, you have convinced me of something I strongly
> suspected - I really should get xauth for my application as well.
>
If I have convinced one person today, I have done my job. I am used to that --
what with being a Mac user
On Mon, 31 May 2010 08:58:35 -0700
Jann Gobble wrote:
Some very good points,
> Okay, I think we really need to expand on something...
>
> oAuth was never designed to promote any app developer to bypass the
> built-in web browser (from an App) -- (ie: using UIWebView). There
> are many reasons
Okay, I think we really need to expand on something...
oAuth was never designed to promote any app developer to bypass the built-in
web browser (from an App) -- (ie: using UIWebView). There are many reasons for
this. If one wanted to steal usernames and passwords, it is VERY easy to
simulate
I consider it completely the opposite and that the oauth workflow is
more secure than the xauth one. To me seeing the Twitter website login
page shows me that only Twitter will see my login information and not
the client app itself
An xauth workflow the app should only pass it on in exchange for
Twitter has been great responding to XAuth application requests, and
helping developers implement their API. I suspect with all the OAuth
integration work coming to a head, and the annotations hack fest going
on this weekend, your request may have just fallen through a crack.
On May 30, 7:57 pm,
Thanks!
For now I have implemented xAuth (even though it does not work) by using
examples and what I expect. BUT I have hidden the Twitter button on my app
until xAuth is approved and I can fully test.
The one thing Twitter does NOT need right now is app developers leaving them in
the dust
XAuth is is the right choice for an end-user client app and
satisfactorily resolves the UX issues in client applications that
OAuth creates. Unfortunately, many web-app developers simply don't
know enough about end-user client app development to understand these
UX issues, or why end-user client a
On Sun, 30 May 2010 11:14:54 -0700
Abraham Williams <4bra...@gmail.com> wrote:
> On Sun, May 30, 2010 at 11:01, Bernd Stramm
> wrote:
>
> > The user does trust the app, otherwise they would not be using it.
> > The problem with the scheme of using the app *and* a browser is
> > that the user has
On Sun, May 30, 2010 at 11:01, Bernd Stramm wrote:
> The user does trust the app, otherwise they would not be using it. The
> problem with the scheme of using the app *and* a browser is that the
> user has to trust *both* of them.
>
> And if they don't trust the app, why are they using it to post
On Sun, 30 May 2010 10:15:48 -0700
Jann Gobble wrote:
> Okay, please tell me you know that I can create an app with a
> UIWebView that will take that password you type in faster than
> anything.
>
> It is NOT secure. This is my problem with oAuth. The work-arounds
> cause a false sense of secu
Okay, please tell me you know that I can create an app with a UIWebView that
will take that password you type in faster than anything.
It is NOT secure. This is my problem with oAuth. The work-arounds cause a
false sense of security. oAuth was NEVER supposed to be used this way. If the
user
On Sun, 30 May 2010 03:50:21 -0700 (PDT)
Rich wrote:
> You don't have to go from app to browser, embed a UIWebView and then
> in
>
> - (BOOL)webView:(UIWebView *)webView shouldStartLoadWithRequest:
> (NSURLRequest *)request navigationType:
> (UIWebViewNavigationType)navigationType {
I do the eq
You don't have to go from app to browser, embed a UIWebView and then
in
- (BOOL)webView:(UIWebView *)webView shouldStartLoadWithRequest:
(NSURLRequest *)request navigationType:
(UIWebViewNavigationType)navigationType {
Look for your callback URL and read the query string and you'll be
authorised,
The requirement for users to go from app to browser to app is untenable for
many of my users. It is a major change to go from app to Safari and back to
app. Many users actually think that it the app is less secure (rightly or
wrongly) because they have to exit it -- and go to the web -- in ord
You don't need xAuth to develop an iPhone app, oAuth workflow works
just fine.
Indeed I though xAuth was designed for clients without a decent mobile
browser which isn't the case on the iPhone
On May 29, 2:08 am, Jann wrote:
> I sent an email in to api@ this week. Got back a case # which, when
18 matches
Mail list logo