[twitter-dev] Re: Is there support for the OAuth 2-legged model?
So let me see if I get this right. If I mock up some code to get an access token after I have done the manual login thingy, I should then be able to use that access token from my server indefinitely - without fear of it expiring or going away for one reason or another. Is my understanding correct? I had given this some thought last night, but if seemed that it would be fragile. On Mar 23, 9:31 am, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi all, We don't yet support two-legged OAuth but see value in its use for actions requiring client application authorization but not necessarily user-based authentication. As Raffi notes, we're implementing it now. However, two-legged OAuth does not necessarily solve the issue you're looking to solve, actions requiring an actor like tweeting, favoriting, etc. would still require an OAuth access token. In the case of a single purpose application with a single user, you would leverage OAuth to exchange your own credentials for an access token which you could then re-use indefinitely for the single-user use case of your application. Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Tue, Mar 23, 2010 at 9:19 AM, Lil Peck lilp...@gmail.com wrote: On Tue, Mar 23, 2010 at 10:50 AM, Grantcv1 grant.vergott...@gmail.com wrote: Hi, I am building an app that will programmatically update my twitter status every hour or so. It will update my status from a server running without any interaction from me. From what I have learned, I should use OAuth rather than basic authentication. It seems that basic authentication is to shut down June 2010 (which seems rather soon). I share your concern! I use Classic ASP (Yes, there are many of us still using it it because we like it!) and I have a classified ads on my site that automatically sends a tweet out to announce whenever a new ad has been posted. For my needs, Oauth seems to be convoluted and bloated. I've spotted lots of Classic ASP users searching for an Oauth solution for their code. I'm trying to understand it to figure out how to adapt my app to it, but I may have to give up the automatic tweets. :( To unsubscribe from this group, send email to twitter-development-talk+ unsubscribegooglegroups.com or reply to this email with the words REMOVE ME as the subject.- Hide quoted text - - Show quoted text - To unsubscribe from this group, send email to twitter-development-talk+unsubscribegooglegroups.com or reply to this email with the words REMOVE ME as the subject.
Re: [twitter-dev] Re: Is there support for the OAuth 2-legged model?
Grant, You are correct. An access token's lifespan is until it is explicitly revoked by a user -- in this case, you. Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Tue, Mar 23, 2010 at 9:41 AM, Grantcv1 grant.vergott...@gmail.comwrote: So let me see if I get this right. If I mock up some code to get an access token after I have done the manual login thingy, I should then be able to use that access token from my server indefinitely - without fear of it expiring or going away for one reason or another. Is my understanding correct? I had given this some thought last night, but if seemed that it would be fragile. On Mar 23, 9:31 am, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi all, We don't yet support two-legged OAuth but see value in its use for actions requiring client application authorization but not necessarily user-based authentication. As Raffi notes, we're implementing it now. However, two-legged OAuth does not necessarily solve the issue you're looking to solve, actions requiring an actor like tweeting, favoriting, etc. would still require an OAuth access token. In the case of a single purpose application with a single user, you would leverage OAuth to exchange your own credentials for an access token which you could then re-use indefinitely for the single-user use case of your application. Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Tue, Mar 23, 2010 at 9:19 AM, Lil Peck lilp...@gmail.com wrote: On Tue, Mar 23, 2010 at 10:50 AM, Grantcv1 grant.vergott...@gmail.com wrote: Hi, I am building an app that will programmatically update my twitter status every hour or so. It will update my status from a server running without any interaction from me. From what I have learned, I should use OAuth rather than basic authentication. It seems that basic authentication is to shut down June 2010 (which seems rather soon). I share your concern! I use Classic ASP (Yes, there are many of us still using it it because we like it!) and I have a classified ads on my site that automatically sends a tweet out to announce whenever a new ad has been posted. For my needs, Oauth seems to be convoluted and bloated. I've spotted lots of Classic ASP users searching for an Oauth solution for their code. I'm trying to understand it to figure out how to adapt my app to it, but I may have to give up the automatic tweets. :( To unsubscribe from this group, send email to twitter-development-talk+ unsubscribegooglegroups.com or reply to this email with the words REMOVE ME as the subject.- Hide quoted text - - Show quoted text - To unsubscribe from this group, send email to twitter-development-talk+ unsubscribegooglegroups.com or reply to this email with the words REMOVE ME as the subject. To unsubscribe from this group, send email to twitter-development-talk+unsubscribegooglegroups.com or reply to this email with the words REMOVE ME as the subject.
Re: [twitter-dev] Re: Is there support for the OAuth 2-legged model?
I have some really stupid questions, regarding xauth. (Sorry.) Looking at this article: http://www.reynoldsftw.com/2010/03/using-xauth-an-alternate-oauth-from-twitter/ Can xauth be used as the 2 legged model? The article says First off though, you need to send an email to a...@twitter.com and ask them to register your OAuth application to use xAuth. Once approved (you’ll get an email at time of writing) you make a call to the API method “https://api.twitter.com/oauth/access_token” After one has gotten that token, can one use it for all of one's web based apps regardless of URL of the app? To unsubscribe from this group, send email to twitter-development-talk+unsubscribegooglegroups.com or reply to this email with the words REMOVE ME as the subject.
Re: [twitter-dev] Re: Is there support for the OAuth 2-legged model?
You would use two-legged OAuth in conjunction with xAuth. For the requests your app makes that don't require a user, you'd use two-legged OAuth. The process for acquiring an accessToken in xAuth is itself almost a two-legged OAuth operation (just like the request token step). The way you formulate a two-legged request is essentially identical. The point of xAuth is to give you a path to exchange login and password for an access token. The intent is that you'll dispose of the logins and passwords and store only the access token to make requests on the users behalf. If the access token is manually expired by the user, you would ask them for their login information again and exchange for an access token again. The ultimate goal here is for there to be no justifiable reason for developers to retain logins and passwords. The URL of an application is not related to your use of an access token. However, if you have two websites, one about dogs and the other about cats for example, and I grant access to my twitter account for the dog website -- it would not be acceptable that the cat website also had access to my twitter account. Being above the board at all times about how far granted access goes is a best practice all should keep in mind. In this (admittedly silly) example, it would be the best practice to have two client applications/API keys registered with Twitter: one for the dogs site and one for the cats site. Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Tue, Mar 23, 2010 at 1:31 PM, Lil Peck lilp...@gmail.com wrote: I have some really stupid questions, regarding xauth. (Sorry.) Looking at this article: http://www.reynoldsftw.com/2010/03/using-xauth-an-alternate-oauth-from-twitter/ Can xauth be used as the 2 legged model? The article says First off though, you need to send an email to a...@twitter.com and ask them to register your OAuth application to use xAuth. Once approved (you’ll get an email at time of writing) you make a call to the API method “https://api.twitter.com/oauth/access_token” After one has gotten that token, can one use it for all of one's web based apps regardless of URL of the app? To unsubscribe from this group, send email to twitter-development-talk+ unsubscribegooglegroups.com or reply to this email with the words REMOVE ME as the subject. To unsubscribe from this group, send email to twitter-development-talk+unsubscribegooglegroups.com or reply to this email with the words REMOVE ME as the subject.
