[twitter-dev] Re: User Streaming API and use of OAuth from web browser
Have you looked at xAuth? It was designed for desktop clients but it may work well with Javascript clients. Jonathon Hill On Oct 6, 4:54 pm, Tim Bull tim.b...@binaryplex.com wrote: Hi, We are building an application client that is browser based. We're very comfortable with using OAuth from our server side code and are using it fine with the REST API (users sign in, authenticate with Twitter, we store their access tokens and reuse as requested - at the moment we mimic the required Twitter API on our server and when a user does something like a POST, we call our stub, use their token to then make the call via OAuth to Twitter). So far so good, but we'd like to implement User Streaming directly into the client side application. I've been browsing the Twitter Development documentation and there's a couple of points I'd like clarification on: *http://dev.twitter.com/pages/auth_overviewsays Streaming supports Basic and OAuth. *http://dev.twitter.com/pages/user_streamssays that the user streams supports OAuth only HTTPS, OAuth and JSON only. No problems here, I just raise it to point out the auth_overview doco is slightly out of date. *http://dev.twitter.com/pages/oauth_librariestalks about a JS library but says Javascript really shouldn't be used for OAuth 1.0A with respect to websites in web browsers. Ideally, you'll only use Javascript to perform OAuth operations when using server-side. The points I'd like some clarification on: 1. Given user_streams API is the intended way for clients to access Twitter going forwards, I presume it's intended not just for desktop, but also web clients too? 2. If 1 is correct, then is it OK to use JavaScript for the OAuth? If it's not, what is the recommended approach for a client side web application to connect and authenticate to the user_stream? Thanks, Tim -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
Re: [twitter-dev] Re: User Streaming API and use of OAuth from web browser
What? Absolutely not. Desktop applications are already an unsafe way of using OAuth, and JavaScript is even worse. You'd be exposing your Client Secret which is against the rules. Tom On 10/7/10 7:47 PM, Jonathon Hill wrote: Have you looked at xAuth? It was designed for desktop clients but it may work well with Javascript clients. Jonathon Hill On Oct 6, 4:54 pm, Tim Bull tim.b...@binaryplex.com wrote: Hi, We are building an application client that is browser based. We're very comfortable with using OAuth from our server side code and are using it fine with the REST API (users sign in, authenticate with Twitter, we store their access tokens and reuse as requested - at the moment we mimic the required Twitter API on our server and when a user does something like a POST, we call our stub, use their token to then make the call via OAuth to Twitter). So far so good, but we'd like to implement User Streaming directly into the client side application. I've been browsing the Twitter Development documentation and there's a couple of points I'd like clarification on: *http://dev.twitter.com/pages/auth_overviewsays Streaming supports Basic and OAuth. *http://dev.twitter.com/pages/user_streamssays that the user streams supports OAuth only HTTPS, OAuth and JSON only. No problems here, I just raise it to point out the auth_overview doco is slightly out of date. *http://dev.twitter.com/pages/oauth_librariestalks about a JS library but says Javascript really shouldn't be used for OAuth 1.0A with respect to websites in web browsers. Ideally, you'll only use Javascript to perform OAuth operations when using server-side. The points I'd like some clarification on: 1. Given user_streams API is the intended way for clients to access Twitter going forwards, I presume it's intended not just for desktop, but also web clients too? 2. If 1 is correct, then is it OK to use JavaScript for the OAuth? If it's not, what is the recommended approach for a client side web application to connect and authenticate to the user_stream? Thanks, Tim -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
Re: [twitter-dev] Re: User Streaming API and use of OAuth from web browser
xAuth is actually for exchanging usernames and passwords for OAuth keys. In the end, all of your requests are still using OAuth. More about xAuth: http://dev.twitter.com/pages/xauth Jonathon Hill wrote: Have you looked at xAuth? It was designed for desktop clients but it may work well with Javascript clients. Jonathon Hill On Oct 6, 4:54 pm, Tim Bulltim.b...@binaryplex.com wrote: Hi, We are building an application client that is browser based. We're very comfortable with using OAuth from our server side code and are using it fine with the REST API (users sign in, authenticate with Twitter, we store their access tokens and reuse as requested - at the moment we mimic the required Twitter API on our server and when a user does something like a POST, we call our stub, use their token to then make the call via OAuth to Twitter). So far so good, but we'd like to implement User Streaming directly into the client side application. I've been browsing the Twitter Development documentation and there's a couple of points I'd like clarification on: *http://dev.twitter.com/pages/auth_overviewsays Streaming supports Basic and OAuth. *http://dev.twitter.com/pages/user_streamssays that the user streams supports OAuth only HTTPS, OAuth and JSON only. No problems here, I just raise it to point out the auth_overview doco is slightly out of date. *http://dev.twitter.com/pages/oauth_librariestalks about a JS library but says Javascript really shouldn't be used for OAuth 1.0A with respect to websites in web browsers. Ideally, you'll only use Javascript to perform OAuth operations when using server-side. The points I'd like some clarification on: 1. Given user_streams API is the intended way for clients to access Twitter going forwards, I presume it's intended not just for desktop, but also web clients too? 2. If 1 is correct, then is it OK to use JavaScript for the OAuth? If it's not, what is the recommended approach for a client side web application to connect and authenticate to the user_stream? Thanks, Tim -- Thomas Mango tsma...@gmail.com -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk