[twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-05-05 Thread Sheng Luo
Hi guys,

I'm a developer from China who wanted to get the xAuth access for a
web-based application the other day, but was rejected due to Twitter's
policy. Brain replied to my ticket and said that I could join the
discussion here. So let's get back to the topic a little bit and see
if there's a solution for the Chinese users to continue using Twitter,
if Twitter is not going to change its policy?

On Apr 26, 10:54 am, Ron B rbther...@gmail.com wrote:
 China'spolicy didn't just recently change, Twitter's did.  So it is
 Twitter telling us that we may not be able to supportChinaand other
 firewall blocked countries any longer.  It is, after all, within
 Twitter's power to continue to support Basic Auth.  It is their
 conscious decision not to, despite the significant negative
 ramifications being brought to their attention.

 In an earlier comment from Twitter:  twitter.com is trying to drive
 people to understand and discover what's going on in the world.  No
 one in the world needs to understand and discover what's going on
 more than the people of these communist-block countries that otherwise
 see only what their governments allow them to see.  It is unfortunate
 that Twitter plans to turn their back on them.  Then again, what's a
 billion people here or there?...

 On Apr 25, 9:04 pm, Abraham Williams 4bra...@gmail.com wrote:

  It is not twitter telling you it isChina.

  --
  Little androids dreaming of Nexus Ones compiled this text.

  On Apr 25, 2010 6:53 PM, Dewald Pretorius dpr...@gmail.com wrote:

  Raffi,

  We really need a resolution for this issue before Basic Auth is
  deprecated.

  It sounds as if Twitter is telling developers of web apps that they
  cannot provide service to Chinese users, and other users behind
  firewalls that block access to twitter.com. But that can't be right,
  can it?

  On Apr 25, 4:49 am, jaronbarends jaronbare...@gmail.com wrote: I moved 
  my web based app from ba...
   This issue has discussed in this group before here:

 https://groups.google.com/group/twitter-development-talk/browse_threa...

   Being a frontend developer, I may have misunderstood the outcome of
   that discussion (I certain...

  --
  Subscription 
  settings:http://groups.google.com/group/twitter-development-talk/subscribe?hl=en


Re: [twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-27 Thread Dave Sherohman
On Mon, Apr 26, 2010 at 11:09:38AM -0400, Dean Collins wrote:
 Yeh but John, who is going to install MySQL for a desktop client?

1) John was responding to someone who said a database wouldn't work for
[him] since I do not have a desktop app, end I do not store anything in
a database.  If he doesn't have a desktop app, then he's talking about
a web app and, as John said, pretty much every web host out there gives
you MySQL, no installation required.

2) MySQL isn't the only RDBMS out there...  If I were writing a desktop
app which needed to handle significant amounts of data, I'd use SQLite.
The SQLite libraries in every language I'm aware of aren't just
interfaces to the database, but rather contain the entire database
engine, so there's no external application to install.  This is a well-
proven approach, with Firefox probably being the biggest-name
application using an embedded SQLite database engine to handle its data.

http://en.wikipedia.org/wiki/SQLite


-- 
Dave Sherohman


-- 
Subscription settings: 
http://groups.google.com/group/twitter-development-talk/subscribe?hl=en


Re: [twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-27 Thread M. Edward (Ed) Borasky
On 04/27/2010 12:11 AM, Dave Sherohman wrote:
 On Mon, Apr 26, 2010 at 11:09:38AM -0400, Dean Collins wrote:
 Yeh but John, who is going to install MySQL for a desktop client?
 
 1) John was responding to someone who said a database wouldn't work for
 [him] since I do not have a desktop app, end I do not store anything in
 a database.  If he doesn't have a desktop app, then he's talking about
 a web app and, as John said, pretty much every web host out there gives
 you MySQL, no installation required.
 
 2) MySQL isn't the only RDBMS out there...  If I were writing a desktop
 app which needed to handle significant amounts of data, I'd use SQLite.
 The SQLite libraries in every language I'm aware of aren't just
 interfaces to the database, but rather contain the entire database
 engine, so there's no external application to install.  This is a well-
 proven approach, with Firefox probably being the biggest-name
 application using an embedded SQLite database engine to handle its data.
 
 http://en.wikipedia.org/wiki/SQLite
 
 

Fortunately, SQLite is small enough that having dozens of applications,
each with its own embedded binary of SQLite, doesn't run you out of RAM. ;-)

-- 
M. Edward (Ed) Borasky
borasky-research.net/m-edward-ed-borasky

A mathematician is a device for turning coffee into theorems. ~ Paul Erdős


-- 
Subscription settings: 
http://groups.google.com/group/twitter-development-talk/subscribe?hl=en


[twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-27 Thread jaronbarends
@Dave

Thanks for your suggestion. I do indeed have a mysql, but haven't seen
the need to implement it in my app (http://twimply.com) since it
basicly only offers an alternative web interface for using twitter.

The only mentioned using a database as a possible solution: creating a
desktop app that let's my users allow permission through xAuth, Then I
would have to access the the same database from the web app, and re-
use those tokens. Another problem with that is that the tokens will be
bound to the desktop app, and not to the web app. So to make that
work, Twitter would have to make it possible to link the tokens of a
desktop app and a web app.

For me this is purely hypothetical, since I do not have the skills nor
the resources to create a desktop app.

jarón

On Apr 27, 9:11 am, Dave Sherohman d...@fishtwits.com wrote:
 On Mon, Apr 26, 2010 at 11:09:38AM -0400, Dean Collins wrote:
  Yeh but John, who is going to install MySQL for a desktop client?

 1) John was responding to someone who said a database wouldn't work for
 [him] since I do not have a desktop app, end I do not store anything in
 a database.  If he doesn't have a desktop app, then he's talking about
 a web app and, as John said, pretty much every web host out there gives
 you MySQL, no installation required.

 2) MySQL isn't the only RDBMS out there...  If I were writing a desktop
 app which needed to handle significant amounts of data, I'd use SQLite.
 The SQLite libraries in every language I'm aware of aren't just
 interfaces to the database, but rather contain the entire database
 engine, so there's no external application to install.  This is a well-
 proven approach, with Firefox probably being the biggest-name
 application using an embedded SQLite database engine to handle its data.

 http://en.wikipedia.org/wiki/SQLite

 --
 Dave Sherohman

 --
 Subscription 
 settings:http://groups.google.com/group/twitter-development-talk/subscribe?hl=en


[twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-27 Thread Eoin
Hi,

This is probably a basic question - but what is the best option if you
have written an integration for a web-based application that is
installed on multiple sites?

The URL is going to change per installation (and won't be publicly
accessible), and I would really like to minimise the impact to the
application's administrators and users.

thanks,

Eoin

On Apr 24, 4:40 pm, Raffi Krikorian ra...@twitter.com wrote:
 hi all.

 you're going to be hearing a lot from me over the next 9 weeks.  our plan is
 to turn off basic authorization on the API by june 30, 2010 -- developers
 will have to switch over to OAuth by that time.  between now and then, there
 will be a *lot* of information coming along with tips on how to use OAuth
 Echo, xAuth, etc.  we really want to make this transition as easy as we can
 for everybody.

 as always, please feel free to reach out to this group, or to @twitterapi
 directly.  if you need help remembering the date -http://bit.ly/twcountdown
 .

 --
 Raffi Krikorian
 Twitter Platform Teamhttp://twitter.com/raffi

 --
 Subscription 
 settings:http://groups.google.com/group/twitter-development-talk/subscribe?hl=en


Re: [twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-27 Thread John Meyer

On 4/27/2010 5:52 AM, Eoin wrote:

Hi,

This is probably a basic question - but what is the best option if you
have written an integration for a web-based application that is
installed on multiple sites?

The URL is going to change per installation (and won't be publicly
accessible), and I would really like to minimise the impact to the
application's administrators and users.

thanks,

Eoin



If the app stores twitter usernames/passwords in combo, one solution may 
be to use xAuth and run a batch job to convert.  Once you've converted 
over to tokens, ditch the passwords and you're done.



--
Subscription settings: 
http://groups.google.com/group/twitter-development-talk/subscribe?hl=en


[twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-26 Thread Dewald Pretorius
Raffi,

One solution, which I know won't win the popularity prize, is for
Twitter to relax its XAuth restrictions and allow web apps to use full
OAuth and/or XAuth, depending on what works best for them.

In my case, I will still use full OAuth because it's so much better
than dealing with Twitter credential issues. But, I will add a small
link below the Twitter authorize button on my site that says something
like, Can't get to Twitter.com? which then leads to a username-
password entry form, and then triggers an XAuth authorization.

On Apr 26, 12:34 am, Raffi Krikorian ra...@twitter.com wrote:
 before this gets out of hand - i, personally, am very sensitive to these
 issues.  i've been spending some brain power trying to come up with a
 solution.  if people have suggestions, then please feel free to reach out to
 me personally and off list.





 On Sun, Apr 25, 2010 at 7:54 PM, Ron B rbther...@gmail.com wrote:
  China's policy didn't just recently change, Twitter's did.  So it is
  Twitter telling us that we may not be able to support China and other
  firewall blocked countries any longer.  It is, after all, within
  Twitter's power to continue to support Basic Auth.  It is their
  conscious decision not to, despite the significant negative
  ramifications being brought to their attention.

  In an earlier comment from Twitter:  twitter.com is trying to drive
  people to understand and discover what's going on in the world.  No
  one in the world needs to understand and discover what's going on
  more than the people of these communist-block countries that otherwise
  see only what their governments allow them to see.  It is unfortunate
  that Twitter plans to turn their back on them.  Then again, what's a
  billion people here or there?...

  On Apr 25, 9:04 pm, Abraham Williams 4bra...@gmail.com wrote:
   It is not twitter telling you it is China.

   --
   Little androids dreaming of Nexus Ones compiled this text.

   On Apr 25, 2010 6:53 PM, Dewald Pretorius dpr...@gmail.com wrote:

   Raffi,

   We really need a resolution for this issue before Basic Auth is
   deprecated.

   It sounds as if Twitter is telling developers of web apps that they
   cannot provide service to Chinese users, and other users behind
   firewalls that block access to twitter.com. But that can't be right,
   can it?

   On Apr 25, 4:49 am, jaronbarends jaronbare...@gmail.com wrote: I
  moved my web based app from ba...
This issue has discussed in this group before here:

  https://groups.google.com/group/twitter-development-talk/browse_threa...

Being a frontend developer, I may have misunderstood the outcome of
that discussion (I certain...

   --
   Subscription settings:
 http://groups.google.com/group/twitter-development-talk/subscribe?hl=en

 --
 Raffi Krikorian
 Twitter Platform Teamhttp://twitter.com/raffi


Re: [twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-26 Thread Raffi Krikorian

 One solution, which I know won't win the popularity prize, is for
 Twitter to relax its XAuth restrictions and allow web apps to use full
 OAuth and/or XAuth, depending on what works best for them.

 In my case, I will still use full OAuth because it's so much better
 than dealing with Twitter credential issues. But, I will add a small
 link below the Twitter authorize button on my site that says something
 like, Can't get to Twitter.com? which then leads to a username-
 password entry form, and then triggers an XAuth authorization.


unfortunately, this defeats the purpose of oauth :(

http://mehack.com/xauth-and-perhaps-the-need-for-socializing-ap

-- 
Raffi Krikorian
Twitter Platform Team
http://twitter.com/raffi


-- 
Subscription settings: 
http://groups.google.com/group/twitter-development-talk/subscribe?hl=en


[twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-26 Thread Dewald Pretorius
In fact, you could set a threshold per consumer key that you can vary.
In other words, you can then allow a higher percentage XAuth (even
100%) to an app that caters largely to a Chinese market. And 0% or 10%
to an app that caters largely to the USA market.

On Apr 26, 9:43 am, Dewald Pretorius dpr...@gmail.com wrote:
 I know it's a compromise. But, it does serve the needs of a very large
 number of users.

 Maybe you could monitor the authentication profile of a web app. If it
 uses more XAuth than OAuth, then you know you need to contact the
 owner. Or, you can set an automated percentage threshold, such as
 XAuth authentications from a particular consumer key cannot exceed
 25% of all authentications from that key.

 On Apr 26, 9:36 am, Raffi Krikorian ra...@twitter.com wrote:



   One solution, which I know won't win the popularity prize, is for
   Twitter to relax its XAuth restrictions and allow web apps to use full
   OAuth and/or XAuth, depending on what works best for them.

   In my case, I will still use full OAuth because it's so much better
   than dealing with Twitter credential issues. But, I will add a small
   link below the Twitter authorize button on my site that says something
   like, Can't get to Twitter.com? which then leads to a username-
   password entry form, and then triggers an XAuth authorization.

  unfortunately, this defeats the purpose of oauth :(

 http://mehack.com/xauth-and-perhaps-the-need-for-socializing-ap

  --
  Raffi Krikorian
  Twitter Platform Teamhttp://twitter.com/raffi

  --
  Subscription 
  settings:http://groups.google.com/group/twitter-development-talk/subscribe?hl=en


RE: [twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-26 Thread Dean Collins
One solution, which I know won't win the popularity prize, is
for
Twitter to relax its XAuth restrictions and allow web apps to
use full
OAuth and/or XAuth, depending on what works best for them.

In my case, I will still use full OAuth because it's so much
better
than dealing with Twitter credential issues. But, I will add a
small
link below the Twitter authorize button on my site that says
something
like, Can't get to Twitter.com? which then leads to a
username-
password entry form, and then triggers an XAuth authorization.

 

unfortunately, this defeats the purpose of oauth :(

 

http://mehack.com/xauth-and-perhaps-the-need-for-socializing-ap

 

-- 
Raffi Krikorian
Twitter Platform Team
http://twitter.com/raffi

 

 

 

 

But for a desktop client it doesn't really matter now does it?

 

I'm still not buying it that oauth is going add any value for desktop
clients with regards to password security. Basically you are now storing
token in the desktop client instead of password.

 

Same difference if you are worried about the end users pc getting
hacked.

 

 

 

 

Cheers,

Dean

 

 



-- 
Subscription settings: 
http://groups.google.com/group/twitter-development-talk/subscribe?hl=en


[twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-26 Thread jaronbarends
@raffi thanks for your replies. I didn't mean to start a discussion
about Twitter's policy here (although I can imagine some people would
like to discuss it elsewhere). I'm mostly interested in finding a
solution.

@dean: I'm not sure I understand your suggestion about using oAuth for
both the desktop and the web app. Did you mean letting the users allow
access through the desktop app, then storing the username/token
combination in a central database and using that database for the web
app too? That wouldn't work for me since I do not have a desktop app,
end I do not store anything in a database...

On Apr 26, 5:34 am, Raffi Krikorian ra...@twitter.com wrote:
 before this gets out of hand - i, personally, am very sensitive to these
 issues.  i've been spending some brain power trying to come up with a
 solution.  if people have suggestions, then please feel free to reach out to
 me personally and off list.



 On Sun, Apr 25, 2010 at 7:54 PM, Ron B rbther...@gmail.com wrote:
  China's policy didn't just recently change, Twitter's did.  So it is
  Twitter telling us that we may not be able to support China and other
  firewall blocked countries any longer.  It is, after all, within
  Twitter's power to continue to support Basic Auth.  It is their
  conscious decision not to, despite the significant negative
  ramifications being brought to their attention.

  In an earlier comment from Twitter:  twitter.com is trying to drive
  people to understand and discover what's going on in the world.  No
  one in the world needs to understand and discover what's going on
  more than the people of these communist-block countries that otherwise
  see only what their governments allow them to see.  It is unfortunate
  that Twitter plans to turn their back on them.  Then again, what's a
  billion people here or there?...

  On Apr 25, 9:04 pm, Abraham Williams 4bra...@gmail.com wrote:
   It is not twitter telling you it is China.

   --
   Little androids dreaming of Nexus Ones compiled this text.

   On Apr 25, 2010 6:53 PM, Dewald Pretorius dpr...@gmail.com wrote:

   Raffi,

   We really need a resolution for this issue before Basic Auth is
   deprecated.

   It sounds as if Twitter is telling developers of web apps that they
   cannot provide service to Chinese users, and other users behind
   firewalls that block access to twitter.com. But that can't be right,
   can it?

   On Apr 25, 4:49 am, jaronbarends jaronbare...@gmail.com wrote: I
  moved my web based app from ba...
This issue has discussed in this group before here:

  https://groups.google.com/group/twitter-development-talk/browse_threa...

Being a frontend developer, I may have misunderstood the outcome of
that discussion (I certain...

   --
   Subscription settings:
 http://groups.google.com/group/twitter-development-talk/subscribe?hl=en

 --
 Raffi Krikorian
 Twitter Platform Teamhttp://twitter.com/raffi


RE: [twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-26 Thread Dean Collins


 


 


-Original Message-
From: twitter-development-talk@googlegroups.com
[mailto:twitter-development-t...@googlegroups.com] On Behalf Of John
Meyer
Sent: Monday, April 26, 2010 10:48 AM
To: twitter-development-talk@googlegroups.com
Subject: Re: [twitter-dev] Re: countdown to OAuth / basic auth removal /
OAuthcalypse

On 4/26/2010 8:43 AM, jaronbarends wrote:
 @raffi thanks for your replies. I didn't mean to start a discussion
 about Twitter's policy here (although I can imagine some people would
 like to discuss it elsewhere). I'm mostly interested in finding a
 solution.

 @dean: I'm not sure I understand your suggestion about using oAuth for
 both the desktop and the web app. Did you mean letting the users allow
 access through the desktop app, then storing the username/token
 combination in a central database and using that database for the web
 app too? That wouldn't work for me since I do not have a desktop app,
 end I do not store anything in a database...


no I think he meant that you can use the oAuth for EITHER the desktop or

the web.  You wouldn't even need to store the username; just the token 
and the token_secret.  And the database can be anything from an actual 
RDBMS to a text file stored on the server (although with the fact that 
almost every web host that you pay for provides at least MySQL and the 
fact that text files are notoriously insecure you should be thinking 
about upgrading).


 

Yeh but John, who is going to install MySQL for a desktop client?

You're still thinking webapps instead of desktop (yes I realize I'm in
the minority here).



Cheers,

Dean



-- 
Subscription settings: 
http://groups.google.com/group/twitter-development-talk/subscribe?hl=en


Re: [twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-26 Thread John Meyer

On 4/26/2010 9:09 AM, Dean Collins wrote:









-Original Message-
From: twitter-development-talk@googlegroups.com
[mailto:twitter-development-t...@googlegroups.com] On Behalf Of John
Meyer
Sent: Monday, April 26, 2010 10:48 AM
To: twitter-development-talk@googlegroups.com
Subject: Re: [twitter-dev] Re: countdown to OAuth / basic auth removal /
OAuthcalypse

On 4/26/2010 8:43 AM, jaronbarends wrote:

@raffi thanks for your replies. I didn't mean to start a discussion
about Twitter's policy here (although I can imagine some people would
like to discuss it elsewhere). I'm mostly interested in finding a
solution.

@dean: I'm not sure I understand your suggestion about using oAuth for
both the desktop and the web app. Did you mean letting the users allow
access through the desktop app, then storing the username/token
combination in a central database and using that database for the web
app too? That wouldn't work for me since I do not have a desktop app,
end I do not store anything in a database...



no I think he meant that you can use the oAuth for EITHER the desktop or

the web.  You wouldn't even need to store the username; just the token
and the token_secret.  And the database can be anything from an actual
RDBMS to a text file stored on the server (although with the fact that
almost every web host that you pay for provides at least MySQL and the
fact that text files are notoriously insecure you should be thinking
about upgrading).




Yeh but John, who is going to install MySQL for a desktop client?

You're still thinking webapps instead of desktop (yes I realize I'm in
the minority here).




Um, not jaron since he said he didn't have a desktop app.



--
Subscription settings: 
http://groups.google.com/group/twitter-development-talk/subscribe?hl=en


[twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-26 Thread monkeyninja
Hi Raffi,

Not sure if I am following this correctly or not, but basically I have
been developing a plugin for Textpattern for a while that uses basic
authorisation to update a Twitter feed based on the username/password
set for the plugin. Does this change mean that the user would now be
temporarily passed back to Twitter before they would be authorised? I
am hoping this isn't the case as it would make the plugin somewhat
useless to the people using it.

On Apr 24, 4:40 pm, Raffi Krikorian ra...@twitter.com wrote:
 hi all.

 you're going to be hearing a lot from me over the next 9 weeks.  our plan is
 to turn off basic authorization on the API by june 30, 2010 -- developers
 will have to switch over to OAuth by that time.  between now and then, there
 will be a *lot* of information coming along with tips on how to use OAuth
 Echo, xAuth, etc.  we really want to make this transition as easy as we can
 for everybody.

 as always, please feel free to reach out to this group, or to @twitterapi
 directly.  if you need help remembering the date -http://bit.ly/twcountdown
 .

 --
 Raffi Krikorian
 Twitter Platform Teamhttp://twitter.com/raffi

 --
 Subscription 
 settings:http://groups.google.com/group/twitter-development-talk/subscribe?hl=en


Re: [twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-26 Thread Raffi Krikorian
i don't know very much about textpattern, however, might @anywhere be a
solution for this?

On Mon, Apr 26, 2010 at 11:08 AM, monkeyninja andy1...@gmail.com wrote:

 Hi Raffi,

 Not sure if I am following this correctly or not, but basically I have
 been developing a plugin for Textpattern for a while that uses basic
 authorisation to update a Twitter feed based on the username/password
 set for the plugin. Does this change mean that the user would now be
 temporarily passed back to Twitter before they would be authorised? I
 am hoping this isn't the case as it would make the plugin somewhat
 useless to the people using it.

 On Apr 24, 4:40 pm, Raffi Krikorian ra...@twitter.com wrote:
  hi all.
 
  you're going to be hearing a lot from me over the next 9 weeks.  our plan
 is
  to turn off basic authorization on the API by june 30, 2010 -- developers
  will have to switch over to OAuth by that time.  between now and then,
 there
  will be a *lot* of information coming along with tips on how to use OAuth
  Echo, xAuth, etc.  we really want to make this transition as easy as we
 can
  for everybody.
 
  as always, please feel free to reach out to this group, or to @twitterapi
  directly.  if you need help remembering the date -
 http://bit.ly/twcountdown
  .
 
  --
  Raffi Krikorian
  Twitter Platform Teamhttp://twitter.com/raffi
 
  --
  Subscription settings:
 http://groups.google.com/group/twitter-development-talk/subscribe?hl=en




-- 
Raffi Krikorian
Twitter Platform Team
http://twitter.com/raffi


[twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-26 Thread Craig Hockenberry
It's not in this documentation, which is the first thing I found:

http://dev.twitter.com/pages/auth

-ch

On Apr 25, 1:40 pm, Abraham Williams 4bra...@gmail.com wrote:
 It is specified on the XAuth documentation.

 On Sun, Apr 25, 2010 at 13:39, Craig Hockenberry 





 craig.hockenbe...@gmail.com wrote:
  No, I didn't ask for access. I guess that's the bug: there's no place
  during the signup process that tells you that you need to go through a
  manual process to get xAuth access...

  -ch

  On Apr 25, 1:29 pm, Raffi Krikorian ra...@twitter.com wrote:
   hi craig.

   have you gotten access to xAuth?  applications are not, by default, given
   access to xAuth - if you e-mail a...@twitter.com with

      - your client token; and
      - a description of your application

   then we can grant it access.

   On Sun, Apr 25, 2010 at 1:22 PM, Craig Hockenberry 

   craig.hockenbe...@gmail.com wrote:
Hi Raffi!

Is there a delay/verification after a new app is created? I just
created a new app and am seeing problems getting the OAuth token with
a xAuth HTTP request that looks like this:

xAuth consumer key = N3fq77IdBT4qfglbcb4njg, consumer secret =
REDACTED
xAuth URL =https://api.twitter.com/oauth/access_token
xAuth HTTP method = POST, shouldHandleCookies = NO, cachePolicy =
NSURLRequestReloadIgnoringCacheData
xAuth HTTP headers = {
   Content-Length = 78;
   Content-Type = application/x-www-form-urlencoded;
}
xAuth HTTP body =

  x_auth_mode=client_authx_auth_username=REDACTEDx_auth_password=REDACTED

I get back a status code of 0 and a response of Failed to validate
oauth signature and token.

For an older application with different consumer information (key =
5CAYV1DR5uwhVRJDBrepw) but the same username and password), I get back
a code of 200 and an empty response.

If there is indeed a delay for this information to propagate, you need
to let people know...

-ch

On Apr 24, 8:40 am, Raffi Krikorian ra...@twitter.com wrote:
 hi all.

 you're going to be hearing a lot from me over the next 9 weeks.  our
  plan
is
 to turn off basic authorization on the API by june 30, 2010 --
  developers
 will have to switch over to OAuth by that time.  between now and
  then,
there
 will be a *lot* of information coming along with tips on how to use
  OAuth
 Echo, xAuth, etc.  we really want to make this transition as easy as
  we
can
 for everybody.

 as always, please feel free to reach out to this group, or to
  @twitterapi
 directly.  if you need help remembering the date -
   http://bit.ly/twcountdown
 .

 --
 Raffi Krikorian
 Twitter Platform Teamhttp://twitter.com/raffi

 --
 Subscription settings:
   http://groups.google.com/group/twitter-development-talk/subscribe?hl=en

   --
   Raffi Krikorian
   Twitter Platform Teamhttp://twitter.com/raffi

 --
 Abraham Williams | Developer for hire |http://abrah.am
 @abraham |http://projects.abrah.am|http://blog.abrah.am
 This email is: [ ] shareable [x] ask first [ ] private.


[twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-26 Thread Jaanus
 I'm still not buying it that oauth is going add any value for desktop
 clients with regards to password security. Basically you are now storing
 token in the desktop client instead of password.

The added security is that either your malicious app, or, say some
trojan in the user's computer, cannot grab the token and get full user
privileges. If you store password, they can log on, change the
password and email on the account, and cause all other sorts of
trouble. with oAuth, the damage is limited to one user/app
combination, they cannot grab the token and change, say, the user's
email address on file. (Looks like the user's email address is not
exposed anywhere in the API, and that's a good thing.) The user can
clearly see what apps have permission to act on their behalf, and can
revoke access app-by-app, instead of having to change the password in
all apps.

A more practical example of improved security is that in the past, I
have myself had instances where I have changed my twitter password,
but forgot to change it in apps using basic auth. And apps are
implemented crappily (OTHER people's apps, but never yours, right? ;)
and do not check response when signing in and keep hammering the API
with wrong password. End result - my account is locked out due to what
looks like bruteforce hacking, and I need to go and reset it. Doable,
but annoying.

There are other benefits, but these two are very obvious and
practical. Deprecating Basic Auth in favor of OAuth will be painful
for both Twitter and lazy/bad developers (if you are a good developer,
OAuth won't really bother you at all), but I commend Twitter for doing
this.


J


-- 
Subscription settings: 
http://groups.google.com/group/twitter-development-talk/subscribe?hl=en


Re: [twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-25 Thread Raffi Krikorian
not at all.  twitter.com is already setup completely for oauth echo.  at
this point, its just 3rd party providers, and end clients.  the @twitterapi
team is ready to help out any of those that need help.

On Sat, Apr 24, 2010 at 9:28 PM, Jaanus jaa...@gmail.com wrote:

 Is there any kind of special involvement needed from you every time
 someone wants to do OAuth Echo? I thought I'll make my own server for
 my own app for some purpose. Judging by the spec you posted on your
 blog a while ago (http://mehack.com/oauth-echo-delegation-in-identity-
 verificatio), it does not look like some special Twitter involvement
 is needed, as long as I implement all that's needed in my app and
 server?


 J


 On Apr 24, 5:44 pm, Raffi Krikorian ra...@twitter.com wrote:
  hi tom!
 
  i will be sending more info about it - we've been working with yfrog,
  tweetphoto, and twitpic to get their services migrated - they are either
  finished or are nearly there.  if there are others that you would like
 the
  @twitterapi team involved with to help them get migrated over as well,
 then
  feel free to drop me an e-mail asking me.
 
  On Sat, Apr 24, 2010 at 10:48 AM, Thomas Woolway tswool...@gmail.com
 wrote:
 
 
 
 
 
   Hi Raffi,
 
   Great that we've got a date for basic auth deprecation, but is there
 any
   news/timescales on OAuth Echo? We've got nine weeks and counting to get
 the
   spec, get the service providers to implement it, build it into clients
 and
   get our user-bases to upgrade if they want to be able to upload photos
 post
   June 30th. That's easier if you're web based, but not a huge amount of
 time
   if you are desktop or mobile based.
 
   Thanks,
 
   Tom
 
   On Sat, Apr 24, 2010 at 4:49 PM, Raffi Krikorian ra...@twitter.com
 wrote:
 
   there is a really good chance - now that oauth 2.0 has been submitted
 as a
   drafthttp://tools.ietf.org/html/draft-hammer-oauth2-00, we are going
 to
   spend some time catching up our oauth 2.0 implementation.  at that
 point,
   we'll evaluate letting it loose.
 
   On Sat, Apr 24, 2010 at 8:44 AM, Dewald Pretorius dpr...@gmail.com
 wrote:
 
   Raffi, that is super awesome. Thank you.
 
   Any chance that you will have OAuth 2.0 in production before then?
 
   On Apr 24, 12:40 pm, Raffi Krikorian ra...@twitter.com wrote:
hi all.
 
you're going to be hearing a lot from me over the next 9 weeks.
  our
   plan is
to turn off basic authorization on the API by june 30, 2010 --
   developers
will have to switch over to OAuth by that time.  between now and
 then,
   there
will be a *lot* of information coming along with tips on how to use
   OAuth
Echo, xAuth, etc.  we really want to make this transition as easy
 as we
   can
for everybody.
 
as always, please feel free to reach out to this group, or to
   @twitterapi
directly.  if you need help remembering the date -
  http://bit.ly/twcountdown
.
 
--
Raffi Krikorian
Twitter Platform Teamhttp://twitter.com/raffi
 
--
Subscription settings:
  
 http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
 
   --
   Raffi Krikorian
   Twitter Platform Team
  http://twitter.com/raffi
 
  --
  Raffi Krikorian
  Twitter Platform Teamhttp://twitter.com/raffi




-- 
Raffi Krikorian
Twitter Platform Team
http://twitter.com/raffi


[twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-25 Thread jaronbarends
I moved my web based app from basic auth to oAuth just last week. I
subsequently got several pleas from Chinese users to put the old
version back up, as they could no longer use my app, since access to
Twitter.com is blocked in China.

This issue has discussed in this group before here:
https://groups.google.com/group/twitter-development-talk/browse_thread/thread/39b8b326d8b679c6

Being a frontend developer, I may have misunderstood the outcome of
that discussion (I certainly hope so). But from Raffi's last comment
there (understood, but, right now, not in the plan.  web apps will
have to use the standard oauth workflow.) I understand that web app
users in countries like China where twitter is blocked will simply no
longer be able to use Twitter via the web.

Have I understood this correctly? If not, how can I make sure users in
blocked countries can still use my web app? If my users can no longer
use my app, what do you suggest I recommend them?

Jaron

On Apr 24, 5:40 pm, Raffi Krikorian ra...@twitter.com wrote:
 hi all.

 you're going to be hearing a lot from me over the next 9 weeks.  our plan is
 to turn off basic authorization on the API by june 30, 2010 -- developers
 will have to switch over to OAuth by that time.  between now and then, there
 will be a *lot* of information coming along with tips on how to use OAuth
 Echo, xAuth, etc.  we really want to make this transition as easy as we can
 for everybody.

 as always, please feel free to reach out to this group, or to @twitterapi
 directly.  if you need help remembering the date -http://bit.ly/twcountdown
 .

 --
 Raffi Krikorian
 Twitter Platform Teamhttp://twitter.com/raffi

 --
 Subscription 
 settings:http://groups.google.com/group/twitter-development-talk/subscribe?hl=en


[twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-25 Thread Craig Hockenberry
Hi Raffi!

Is there a delay/verification after a new app is created? I just
created a new app and am seeing problems getting the OAuth token with
a xAuth HTTP request that looks like this:

xAuth consumer key = N3fq77IdBT4qfglbcb4njg, consumer secret =
REDACTED
xAuth URL = https://api.twitter.com/oauth/access_token
xAuth HTTP method = POST, shouldHandleCookies = NO, cachePolicy =
NSURLRequestReloadIgnoringCacheData
xAuth HTTP headers = {
Content-Length = 78;
Content-Type = application/x-www-form-urlencoded;
}
xAuth HTTP body =
x_auth_mode=client_authx_auth_username=REDACTEDx_auth_password=REDACTED

I get back a status code of 0 and a response of Failed to validate
oauth signature and token.

For an older application with different consumer information (key =
5CAYV1DR5uwhVRJDBrepw) but the same username and password), I get back
a code of 200 and an empty response.

If there is indeed a delay for this information to propagate, you need
to let people know...

-ch



On Apr 24, 8:40 am, Raffi Krikorian ra...@twitter.com wrote:
 hi all.

 you're going to be hearing a lot from me over the next 9 weeks.  our plan is
 to turn off basic authorization on the API by june 30, 2010 -- developers
 will have to switch over to OAuth by that time.  between now and then, there
 will be a *lot* of information coming along with tips on how to use OAuth
 Echo, xAuth, etc.  we really want to make this transition as easy as we can
 for everybody.

 as always, please feel free to reach out to this group, or to @twitterapi
 directly.  if you need help remembering the date -http://bit.ly/twcountdown
 .

 --
 Raffi Krikorian
 Twitter Platform Teamhttp://twitter.com/raffi

 --
 Subscription 
 settings:http://groups.google.com/group/twitter-development-talk/subscribe?hl=en


Re: [twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-25 Thread Marco Kaiser
Did you whitelist your app for xAuth?

On Apr 25, 2010 1:22 PM, Craig Hockenberry craig.hockenbe...@gmail.com
wrote:

Hi Raffi!

Is there a delay/verification after a new app is created? I just
created a new app and am seeing problems getting the OAuth token with
a xAuth HTTP request that looks like this:

xAuth consumer key = N3fq77IdBT4qfglbcb4njg, consumer secret =
REDACTED
xAuth URL = https://api.twitter.com/oauth/access_token
xAuth HTTP method = POST, shouldHandleCookies = NO, cachePolicy =
NSURLRequestReloadIgnoringCacheData
xAuth HTTP headers = {
   Content-Length = 78;
   Content-Type = application/x-www-form-urlencoded;
}
xAuth HTTP body =
x_auth_mode=client_authx_auth_username=REDACTEDx_auth_password=REDACTED

I get back a status code of 0 and a response of Failed to validate
oauth signature and token.

For an older application with different consumer information (key =
5CAYV1DR5uwhVRJDBrepw) but the same username and password), I get back
a code of 200 and an empty response.

If there is indeed a delay for this information to propagate, you need
to let people know...

-ch




On Apr 24, 8:40 am, Raffi Krikorian ra...@twitter.com wrote:

 hi all.

 you're going to be hearing a lot from me over the next 9 weeks.  our plan
is
 to turn...

 Twitter Platform Teamhttp://twitter.com/raffi

 --
 Subscription settings:http://groups.google


-- 
Subscription settings: 
http://groups.google.com/group/twitter-development-talk/subscribe?hl=en


Re: [twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-25 Thread Raffi Krikorian
hi craig.

have you gotten access to xAuth?  applications are not, by default, given
access to xAuth - if you e-mail a...@twitter.com with

   - your client token; and
   - a description of your application

then we can grant it access.

On Sun, Apr 25, 2010 at 1:22 PM, Craig Hockenberry 
craig.hockenbe...@gmail.com wrote:

 Hi Raffi!

 Is there a delay/verification after a new app is created? I just
 created a new app and am seeing problems getting the OAuth token with
 a xAuth HTTP request that looks like this:

 xAuth consumer key = N3fq77IdBT4qfglbcb4njg, consumer secret =
 REDACTED
 xAuth URL = https://api.twitter.com/oauth/access_token
 xAuth HTTP method = POST, shouldHandleCookies = NO, cachePolicy =
 NSURLRequestReloadIgnoringCacheData
 xAuth HTTP headers = {
Content-Length = 78;
Content-Type = application/x-www-form-urlencoded;
 }
 xAuth HTTP body =
 x_auth_mode=client_authx_auth_username=REDACTEDx_auth_password=REDACTED

 I get back a status code of 0 and a response of Failed to validate
 oauth signature and token.

 For an older application with different consumer information (key =
 5CAYV1DR5uwhVRJDBrepw) but the same username and password), I get back
 a code of 200 and an empty response.

 If there is indeed a delay for this information to propagate, you need
 to let people know...

 -ch



 On Apr 24, 8:40 am, Raffi Krikorian ra...@twitter.com wrote:
  hi all.
 
  you're going to be hearing a lot from me over the next 9 weeks.  our plan
 is
  to turn off basic authorization on the API by june 30, 2010 -- developers
  will have to switch over to OAuth by that time.  between now and then,
 there
  will be a *lot* of information coming along with tips on how to use OAuth
  Echo, xAuth, etc.  we really want to make this transition as easy as we
 can
  for everybody.
 
  as always, please feel free to reach out to this group, or to @twitterapi
  directly.  if you need help remembering the date -
 http://bit.ly/twcountdown
  .
 
  --
  Raffi Krikorian
  Twitter Platform Teamhttp://twitter.com/raffi
 
  --
  Subscription settings:
 http://groups.google.com/group/twitter-development-talk/subscribe?hl=en




-- 
Raffi Krikorian
Twitter Platform Team
http://twitter.com/raffi


RE: [twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-25 Thread Dean Collins
Jaron,

Why not use oAuth on a desktop client as well as the web client?

This way your Chinese users can still use the app? We are thinking of enabling 
oauth for MyPostButler in the same format but haven't decided if it's worth the 
effort until we get the all clear from twitter they wont kill the application 
once we move to oauth..



 

Cheers,

Dean

 


-Original Message-
From: twitter-development-talk@googlegroups.com 
[mailto:twitter-development-t...@googlegroups.com] On Behalf Of jaronbarends
Sent: Sunday, April 25, 2010 3:50 AM
To: Twitter Development Talk
Subject: [twitter-dev] Re: countdown to OAuth / basic auth removal / 
OAuthcalypse

I moved my web based app from basic auth to oAuth just last week. I
subsequently got several pleas from Chinese users to put the old
version back up, as they could no longer use my app, since access to
Twitter.com is blocked in China.

This issue has discussed in this group before here:
https://groups.google.com/group/twitter-development-talk/browse_thread/thread/39b8b326d8b679c6

Being a frontend developer, I may have misunderstood the outcome of
that discussion (I certainly hope so). But from Raffi's last comment
there (understood, but, right now, not in the plan.  web apps will
have to use the standard oauth workflow.) I understand that web app
users in countries like China where twitter is blocked will simply no
longer be able to use Twitter via the web.

Have I understood this correctly? If not, how can I make sure users in
blocked countries can still use my web app? If my users can no longer
use my app, what do you suggest I recommend them?

Jaron

On Apr 24, 5:40 pm, Raffi Krikorian ra...@twitter.com wrote:
 hi all.

 you're going to be hearing a lot from me over the next 9 weeks.  our plan is
 to turn off basic authorization on the API by june 30, 2010 -- developers
 will have to switch over to OAuth by that time.  between now and then, there
 will be a *lot* of information coming along with tips on how to use OAuth
 Echo, xAuth, etc.  we really want to make this transition as easy as we can
 for everybody.

 as always, please feel free to reach out to this group, or to @twitterapi
 directly.  if you need help remembering the date -http://bit.ly/twcountdown
 .

 --
 Raffi Krikorian
 Twitter Platform Teamhttp://twitter.com/raffi

 --
 Subscription 
 settings:http://groups.google.com/group/twitter-development-talk/subscribe?hl=en


[twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-25 Thread Craig Hockenberry
No, I didn't ask for access. I guess that's the bug: there's no place
during the signup process that tells you that you need to go through a
manual process to get xAuth access...

-ch

On Apr 25, 1:29 pm, Raffi Krikorian ra...@twitter.com wrote:
 hi craig.

 have you gotten access to xAuth?  applications are not, by default, given
 access to xAuth - if you e-mail a...@twitter.com with

    - your client token; and
    - a description of your application

 then we can grant it access.

 On Sun, Apr 25, 2010 at 1:22 PM, Craig Hockenberry 





 craig.hockenbe...@gmail.com wrote:
  Hi Raffi!

  Is there a delay/verification after a new app is created? I just
  created a new app and am seeing problems getting the OAuth token with
  a xAuth HTTP request that looks like this:

  xAuth consumer key = N3fq77IdBT4qfglbcb4njg, consumer secret =
  REDACTED
  xAuth URL =https://api.twitter.com/oauth/access_token
  xAuth HTTP method = POST, shouldHandleCookies = NO, cachePolicy =
  NSURLRequestReloadIgnoringCacheData
  xAuth HTTP headers = {
     Content-Length = 78;
     Content-Type = application/x-www-form-urlencoded;
  }
  xAuth HTTP body =
  x_auth_mode=client_authx_auth_username=REDACTEDx_auth_password=REDACTED

  I get back a status code of 0 and a response of Failed to validate
  oauth signature and token.

  For an older application with different consumer information (key =
  5CAYV1DR5uwhVRJDBrepw) but the same username and password), I get back
  a code of 200 and an empty response.

  If there is indeed a delay for this information to propagate, you need
  to let people know...

  -ch

  On Apr 24, 8:40 am, Raffi Krikorian ra...@twitter.com wrote:
   hi all.

   you're going to be hearing a lot from me over the next 9 weeks.  our plan
  is
   to turn off basic authorization on the API by june 30, 2010 -- developers
   will have to switch over to OAuth by that time.  between now and then,
  there
   will be a *lot* of information coming along with tips on how to use OAuth
   Echo, xAuth, etc.  we really want to make this transition as easy as we
  can
   for everybody.

   as always, please feel free to reach out to this group, or to @twitterapi
   directly.  if you need help remembering the date -
 http://bit.ly/twcountdown
   .

   --
   Raffi Krikorian
   Twitter Platform Teamhttp://twitter.com/raffi

   --
   Subscription settings:
 http://groups.google.com/group/twitter-development-talk/subscribe?hl=en

 --
 Raffi Krikorian
 Twitter Platform Teamhttp://twitter.com/raffi


Re: [twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-25 Thread Abraham Williams
It is specified on the XAuth documentation.

On Sun, Apr 25, 2010 at 13:39, Craig Hockenberry 
craig.hockenbe...@gmail.com wrote:

 No, I didn't ask for access. I guess that's the bug: there's no place
 during the signup process that tells you that you need to go through a
 manual process to get xAuth access...

 -ch

 On Apr 25, 1:29 pm, Raffi Krikorian ra...@twitter.com wrote:
  hi craig.
 
  have you gotten access to xAuth?  applications are not, by default, given
  access to xAuth - if you e-mail a...@twitter.com with
 
 - your client token; and
 - a description of your application
 
  then we can grant it access.
 
  On Sun, Apr 25, 2010 at 1:22 PM, Craig Hockenberry 
 
 
 
 
 
  craig.hockenbe...@gmail.com wrote:
   Hi Raffi!
 
   Is there a delay/verification after a new app is created? I just
   created a new app and am seeing problems getting the OAuth token with
   a xAuth HTTP request that looks like this:
 
   xAuth consumer key = N3fq77IdBT4qfglbcb4njg, consumer secret =
   REDACTED
   xAuth URL =https://api.twitter.com/oauth/access_token
   xAuth HTTP method = POST, shouldHandleCookies = NO, cachePolicy =
   NSURLRequestReloadIgnoringCacheData
   xAuth HTTP headers = {
  Content-Length = 78;
  Content-Type = application/x-www-form-urlencoded;
   }
   xAuth HTTP body =
  
 x_auth_mode=client_authx_auth_username=REDACTEDx_auth_password=REDACTED
 
   I get back a status code of 0 and a response of Failed to validate
   oauth signature and token.
 
   For an older application with different consumer information (key =
   5CAYV1DR5uwhVRJDBrepw) but the same username and password), I get back
   a code of 200 and an empty response.
 
   If there is indeed a delay for this information to propagate, you need
   to let people know...
 
   -ch
 
   On Apr 24, 8:40 am, Raffi Krikorian ra...@twitter.com wrote:
hi all.
 
you're going to be hearing a lot from me over the next 9 weeks.  our
 plan
   is
to turn off basic authorization on the API by june 30, 2010 --
 developers
will have to switch over to OAuth by that time.  between now and
 then,
   there
will be a *lot* of information coming along with tips on how to use
 OAuth
Echo, xAuth, etc.  we really want to make this transition as easy as
 we
   can
for everybody.
 
as always, please feel free to reach out to this group, or to
 @twitterapi
directly.  if you need help remembering the date -
  http://bit.ly/twcountdown
.
 
--
Raffi Krikorian
Twitter Platform Teamhttp://twitter.com/raffi
 
--
Subscription settings:
  http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
 
  --
  Raffi Krikorian
  Twitter Platform Teamhttp://twitter.com/raffi




-- 
Abraham Williams | Developer for hire | http://abrah.am
@abraham | http://projects.abrah.am | http://blog.abrah.am
This email is: [ ] shareable [x] ask first [ ] private.


[twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-25 Thread Dewald Pretorius
Raffi,

We really need a resolution for this issue before Basic Auth is
deprecated.

It sounds as if Twitter is telling developers of web apps that they
cannot provide service to Chinese users, and other users behind
firewalls that block access to twitter.com. But that can't be right,
can it?

On Apr 25, 4:49 am, jaronbarends jaronbare...@gmail.com wrote:
 I moved my web based app from basic auth to oAuth just last week. I
 subsequently got several pleas from Chinese users to put the old
 version back up, as they could no longer use my app, since access to
 Twitter.com is blocked in China.

 This issue has discussed in this group before 
 here:https://groups.google.com/group/twitter-development-talk/browse_threa...

 Being a frontend developer, I may have misunderstood the outcome of
 that discussion (I certainly hope so). But from Raffi's last comment
 there (understood, but, right now, not in the plan.  web apps will
 have to use the standard oauth workflow.) I understand that web app
 users in countries like China where twitter is blocked will simply no
 longer be able to use Twitter via the web.

 Have I understood this correctly? If not, how can I make sure users in
 blocked countries can still use my web app? If my users can no longer
 use my app, what do you suggest I recommend them?

 Jaron

 On Apr 24, 5:40 pm, Raffi Krikorian ra...@twitter.com wrote:



  hi all.

  you're going to be hearing a lot from me over the next 9 weeks.  our plan is
  to turn off basic authorization on the API by june 30, 2010 -- developers
  will have to switch over to OAuth by that time.  between now and then, there
  will be a *lot* of information coming along with tips on how to use OAuth
  Echo, xAuth, etc.  we really want to make this transition as easy as we can
  for everybody.

  as always, please feel free to reach out to this group, or to @twitterapi
  directly.  if you need help remembering the date -http://bit.ly/twcountdown
  .

  --
  Raffi Krikorian
  Twitter Platform Teamhttp://twitter.com/raffi

  --
  Subscription 
  settings:http://groups.google.com/group/twitter-development-talk/subscribe?hl=en


Re: [twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-25 Thread Abraham Williams
It is not twitter telling you it is China.

--
Little androids dreaming of Nexus Ones compiled this text.

On Apr 25, 2010 6:53 PM, Dewald Pretorius dpr...@gmail.com wrote:

Raffi,

We really need a resolution for this issue before Basic Auth is
deprecated.

It sounds as if Twitter is telling developers of web apps that they
cannot provide service to Chinese users, and other users behind
firewalls that block access to twitter.com. But that can't be right,
can it?


On Apr 25, 4:49 am, jaronbarends jaronbare...@gmail.com wrote:
 I moved my web based app from ba...
 This issue has discussed in this group before here:
https://groups.google.com/group/twitter-development-talk/browse_threa...


 Being a frontend developer, I may have misunderstood the outcome of
 that discussion (I certain...


-- 
Subscription settings: 
http://groups.google.com/group/twitter-development-talk/subscribe?hl=en


[twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-25 Thread Ron B
China's policy didn't just recently change, Twitter's did.  So it is
Twitter telling us that we may not be able to support China and other
firewall blocked countries any longer.  It is, after all, within
Twitter's power to continue to support Basic Auth.  It is their
conscious decision not to, despite the significant negative
ramifications being brought to their attention.

In an earlier comment from Twitter:  twitter.com is trying to drive
people to understand and discover what's going on in the world.  No
one in the world needs to understand and discover what's going on
more than the people of these communist-block countries that otherwise
see only what their governments allow them to see.  It is unfortunate
that Twitter plans to turn their back on them.  Then again, what's a
billion people here or there?...

On Apr 25, 9:04 pm, Abraham Williams 4bra...@gmail.com wrote:
 It is not twitter telling you it is China.

 --
 Little androids dreaming of Nexus Ones compiled this text.

 On Apr 25, 2010 6:53 PM, Dewald Pretorius dpr...@gmail.com wrote:

 Raffi,

 We really need a resolution for this issue before Basic Auth is
 deprecated.

 It sounds as if Twitter is telling developers of web apps that they
 cannot provide service to Chinese users, and other users behind
 firewalls that block access to twitter.com. But that can't be right,
 can it?

 On Apr 25, 4:49 am, jaronbarends jaronbare...@gmail.com wrote: I moved my 
 web based app from ba...
  This issue has discussed in this group before here:

 https://groups.google.com/group/twitter-development-talk/browse_threa...



  Being a frontend developer, I may have misunderstood the outcome of
  that discussion (I certain...

 --
 Subscription 
 settings:http://groups.google.com/group/twitter-development-talk/subscribe?hl=en


Re: [twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-25 Thread Raffi Krikorian
before this gets out of hand - i, personally, am very sensitive to these
issues.  i've been spending some brain power trying to come up with a
solution.  if people have suggestions, then please feel free to reach out to
me personally and off list.

On Sun, Apr 25, 2010 at 7:54 PM, Ron B rbther...@gmail.com wrote:

 China's policy didn't just recently change, Twitter's did.  So it is
 Twitter telling us that we may not be able to support China and other
 firewall blocked countries any longer.  It is, after all, within
 Twitter's power to continue to support Basic Auth.  It is their
 conscious decision not to, despite the significant negative
 ramifications being brought to their attention.

 In an earlier comment from Twitter:  twitter.com is trying to drive
 people to understand and discover what's going on in the world.  No
 one in the world needs to understand and discover what's going on
 more than the people of these communist-block countries that otherwise
 see only what their governments allow them to see.  It is unfortunate
 that Twitter plans to turn their back on them.  Then again, what's a
 billion people here or there?...

 On Apr 25, 9:04 pm, Abraham Williams 4bra...@gmail.com wrote:
  It is not twitter telling you it is China.
 
  --
  Little androids dreaming of Nexus Ones compiled this text.
 
  On Apr 25, 2010 6:53 PM, Dewald Pretorius dpr...@gmail.com wrote:
 
  Raffi,
 
  We really need a resolution for this issue before Basic Auth is
  deprecated.
 
  It sounds as if Twitter is telling developers of web apps that they
  cannot provide service to Chinese users, and other users behind
  firewalls that block access to twitter.com. But that can't be right,
  can it?
 
  On Apr 25, 4:49 am, jaronbarends jaronbare...@gmail.com wrote: I
 moved my web based app from ba...
   This issue has discussed in this group before here:
 
  https://groups.google.com/group/twitter-development-talk/browse_threa...
 
 
 
   Being a frontend developer, I may have misunderstood the outcome of
   that discussion (I certain...
 
  --
  Subscription settings:
 http://groups.google.com/group/twitter-development-talk/subscribe?hl=en




-- 
Raffi Krikorian
Twitter Platform Team
http://twitter.com/raffi


[twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-24 Thread Raffi Krikorian
sorry!  i was just reminded about a point of clarification - streaming API
will still support basic auth.  this note *only* pertains to the REST API.

hi all.

 you're going to be hearing a lot from me over the next 9 weeks.  our plan
 is to turn off basic authorization on the API by june 30, 2010 -- developers
 will have to switch over to OAuth by that time.  between now and then, there
 will be a *lot* of information coming along with tips on how to use OAuth
 Echo, xAuth, etc.  we really want to make this transition as easy as we can
 for everybody.

 as always, please feel free to reach out to this group, or to @twitterapi
 directly.  if you need help remembering the date -
 http://bit.ly/twcountdown.


-- 
Raffi Krikorian
Twitter Platform Team
http://twitter.com/raffi


-- 
Subscription settings: 
http://groups.google.com/group/twitter-development-talk/subscribe?hl=en


[twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-24 Thread Dewald Pretorius
Raffi, that is super awesome. Thank you.

Any chance that you will have OAuth 2.0 in production before then?

On Apr 24, 12:40 pm, Raffi Krikorian ra...@twitter.com wrote:
 hi all.

 you're going to be hearing a lot from me over the next 9 weeks.  our plan is
 to turn off basic authorization on the API by june 30, 2010 -- developers
 will have to switch over to OAuth by that time.  between now and then, there
 will be a *lot* of information coming along with tips on how to use OAuth
 Echo, xAuth, etc.  we really want to make this transition as easy as we can
 for everybody.

 as always, please feel free to reach out to this group, or to @twitterapi
 directly.  if you need help remembering the date -http://bit.ly/twcountdown
 .

 --
 Raffi Krikorian
 Twitter Platform Teamhttp://twitter.com/raffi

 --
 Subscription 
 settings:http://groups.google.com/group/twitter-development-talk/subscribe?hl=en


Re: [twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-24 Thread Raffi Krikorian
there is a really good chance - now that oauth 2.0 has been submitted as a
draft http://tools.ietf.org/html/draft-hammer-oauth2-00, we are going to
spend some time catching up our oauth 2.0 implementation.  at that point,
we'll evaluate letting it loose.

On Sat, Apr 24, 2010 at 8:44 AM, Dewald Pretorius dpr...@gmail.com wrote:

 Raffi, that is super awesome. Thank you.

 Any chance that you will have OAuth 2.0 in production before then?

 On Apr 24, 12:40 pm, Raffi Krikorian ra...@twitter.com wrote:
  hi all.
 
  you're going to be hearing a lot from me over the next 9 weeks.  our plan
 is
  to turn off basic authorization on the API by june 30, 2010 -- developers
  will have to switch over to OAuth by that time.  between now and then,
 there
  will be a *lot* of information coming along with tips on how to use OAuth
  Echo, xAuth, etc.  we really want to make this transition as easy as we
 can
  for everybody.
 
  as always, please feel free to reach out to this group, or to @twitterapi
  directly.  if you need help remembering the date -
 http://bit.ly/twcountdown
  .
 
  --
  Raffi Krikorian
  Twitter Platform Teamhttp://twitter.com/raffi
 
  --
  Subscription settings:
 http://groups.google.com/group/twitter-development-talk/subscribe?hl=en




-- 
Raffi Krikorian
Twitter Platform Team
http://twitter.com/raffi


Re: [twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-24 Thread Thomas Woolway
Hi Raffi,

Great that we've got a date for basic auth deprecation, but is there any
news/timescales on OAuth Echo? We've got nine weeks and counting to get the
spec, get the service providers to implement it, build it into clients and
get our user-bases to upgrade if they want to be able to upload photos post
June 30th. That's easier if you're web based, but not a huge amount of time
if you are desktop or mobile based.

Thanks,

Tom

On Sat, Apr 24, 2010 at 4:49 PM, Raffi Krikorian ra...@twitter.com wrote:

 there is a really good chance - now that oauth 2.0 has been submitted as a
 draft http://tools.ietf.org/html/draft-hammer-oauth2-00, we are going to
 spend some time catching up our oauth 2.0 implementation.  at that point,
 we'll evaluate letting it loose.


 On Sat, Apr 24, 2010 at 8:44 AM, Dewald Pretorius dpr...@gmail.comwrote:

 Raffi, that is super awesome. Thank you.

 Any chance that you will have OAuth 2.0 in production before then?

 On Apr 24, 12:40 pm, Raffi Krikorian ra...@twitter.com wrote:
  hi all.
 
  you're going to be hearing a lot from me over the next 9 weeks.  our
 plan is
  to turn off basic authorization on the API by june 30, 2010 --
 developers
  will have to switch over to OAuth by that time.  between now and then,
 there
  will be a *lot* of information coming along with tips on how to use
 OAuth
  Echo, xAuth, etc.  we really want to make this transition as easy as we
 can
  for everybody.
 
  as always, please feel free to reach out to this group, or to
 @twitterapi
  directly.  if you need help remembering the date -
 http://bit.ly/twcountdown
  .
 
  --
  Raffi Krikorian
  Twitter Platform Teamhttp://twitter.com/raffi
 
  --
  Subscription settings:
 http://groups.google.com/group/twitter-development-talk/subscribe?hl=en




 --
 Raffi Krikorian
 Twitter Platform Team
 http://twitter.com/raffi



Re: [twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-24 Thread Raffi Krikorian
hi tom!

i will be sending more info about it - we've been working with yfrog,
tweetphoto, and twitpic to get their services migrated - they are either
finished or are nearly there.  if there are others that you would like the
@twitterapi team involved with to help them get migrated over as well, then
feel free to drop me an e-mail asking me.

On Sat, Apr 24, 2010 at 10:48 AM, Thomas Woolway tswool...@gmail.comwrote:

 Hi Raffi,

 Great that we've got a date for basic auth deprecation, but is there any
 news/timescales on OAuth Echo? We've got nine weeks and counting to get the
 spec, get the service providers to implement it, build it into clients and
 get our user-bases to upgrade if they want to be able to upload photos post
 June 30th. That's easier if you're web based, but not a huge amount of time
 if you are desktop or mobile based.

 Thanks,

 Tom


 On Sat, Apr 24, 2010 at 4:49 PM, Raffi Krikorian ra...@twitter.comwrote:

 there is a really good chance - now that oauth 2.0 has been submitted as a
 draft http://tools.ietf.org/html/draft-hammer-oauth2-00, we are going to
 spend some time catching up our oauth 2.0 implementation.  at that point,
 we'll evaluate letting it loose.


 On Sat, Apr 24, 2010 at 8:44 AM, Dewald Pretorius dpr...@gmail.comwrote:

 Raffi, that is super awesome. Thank you.

 Any chance that you will have OAuth 2.0 in production before then?

 On Apr 24, 12:40 pm, Raffi Krikorian ra...@twitter.com wrote:
  hi all.
 
  you're going to be hearing a lot from me over the next 9 weeks.  our
 plan is
  to turn off basic authorization on the API by june 30, 2010 --
 developers
  will have to switch over to OAuth by that time.  between now and then,
 there
  will be a *lot* of information coming along with tips on how to use
 OAuth
  Echo, xAuth, etc.  we really want to make this transition as easy as we
 can
  for everybody.
 
  as always, please feel free to reach out to this group, or to
 @twitterapi
  directly.  if you need help remembering the date -
 http://bit.ly/twcountdown
  .
 
  --
  Raffi Krikorian
  Twitter Platform Teamhttp://twitter.com/raffi
 
  --
  Subscription settings:
 http://groups.google.com/group/twitter-development-talk/subscribe?hl=en




 --
 Raffi Krikorian
 Twitter Platform Team
 http://twitter.com/raffi





-- 
Raffi Krikorian
Twitter Platform Team
http://twitter.com/raffi


Re: [twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-24 Thread John Meyer

On 4/24/2010 3:44 PM, Raffi Krikorian wrote:

hi tom!

i will be sending more info about it - we've been working with yfrog,
tweetphoto, and twitpic to get their services migrated - they are either
finished or are nearly there.  if there are others that you would like
the @twitterapi team involved with to help them get migrated over as
well, then feel free to drop me an e-mail asking me.



Speaking on behalf of TwitterVB we use a lot of these services in our 
dll, so if any of the api's change dramatically we'd really love to hear 
about those changes.



--
Subscription settings: 
http://groups.google.com/group/twitter-development-talk/subscribe?hl=en


Re: [twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-24 Thread John Meyer

On 4/24/2010 5:05 PM, Raffi Krikorian wrote:

if there any applications / service providers that you would like the
@twitterapi team to talk to - let me know.  or, have the application /
service provider come to us.

i really want to make this transition as easy as possible.



I'll probably be contacting those services. Right now we have interfaces 
for:

*TweetPhoto
*TwitPic
*yFrog
*FileSocial
*Twic.li


After I get my butt in gear and get xAuth support I'll probably next 
work on encapsulating all of these services (currently TweetPhoto, 
TwitPic and FileSocial are part of the main class) so that changes can 
be more easily worked on.



--
Subscription settings: 
http://groups.google.com/group/twitter-development-talk/subscribe?hl=en


Re: [twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-24 Thread Raffi Krikorian
first three are taken care of, just let me know if you need help
coordinating with the others

On Sat, Apr 24, 2010 at 4:34 PM, John Meyer john.l.me...@gmail.com wrote:

 On 4/24/2010 5:05 PM, Raffi Krikorian wrote:

 if there any applications / service providers that you would like the
 @twitterapi team to talk to - let me know.  or, have the application /
 service provider come to us.

 i really want to make this transition as easy as possible.



 I'll probably be contacting those services. Right now we have interfaces
 for:
 *TweetPhoto
 *TwitPic
 *yFrog
 *FileSocial
 *Twic.li


 After I get my butt in gear and get xAuth support I'll probably next work
 on encapsulating all of these services (currently TweetPhoto, TwitPic and
 FileSocial are part of the main class) so that changes can be more easily
 worked on.



 --
 Subscription settings:
 http://groups.google.com/group/twitter-development-talk/subscribe?hl=en




-- 
Raffi Krikorian
Twitter Platform Team
http://twitter.com/raffi


[twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-24 Thread Adrian
At this point, all I'm looking for is a way to upgrade this piece of
PHP code to take into account the new authentication model:


$ch = curl_init('http://twitter.com/statuses/update.xml');
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,
'status='.urlencode(trim($message)));
curl_setopt($ch, CURLOPT_USERPWD, $settings['twitter-username'].':'.
$settings['twitter-password']);
$response = curl_exec($ch);
$resp = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);



On Apr 24, 6:40 pm, Raffi Krikorian ra...@twitter.com wrote:
 hi all.

 you're going to be hearing a lot from me over the next 9 weeks.  our plan is
 to turn off basic authorization on the API by june 30, 2010 -- developers
 will have to switch over to OAuth by that time.  between now and then, there
 will be a *lot* of information coming along with tips on how to use OAuth
 Echo, xAuth, etc.  we really want to make this transition as easy as we can
 for everybody.

 as always, please feel free to reach out to this group, or to @twitterapi
 directly.  if you need help remembering the date -http://bit.ly/twcountdown
 .

 --
 Raffi Krikorian
 Twitter Platform Teamhttp://twitter.com/raffi

 --
 Subscription 
 settings:http://groups.google.com/group/twitter-development-talk/subscribe?hl=en


[twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-24 Thread Jaanus
Is there any kind of special involvement needed from you every time
someone wants to do OAuth Echo? I thought I'll make my own server for
my own app for some purpose. Judging by the spec you posted on your
blog a while ago (http://mehack.com/oauth-echo-delegation-in-identity-
verificatio), it does not look like some special Twitter involvement
is needed, as long as I implement all that's needed in my app and
server?


J


On Apr 24, 5:44 pm, Raffi Krikorian ra...@twitter.com wrote:
 hi tom!

 i will be sending more info about it - we've been working with yfrog,
 tweetphoto, and twitpic to get their services migrated - they are either
 finished or are nearly there.  if there are others that you would like the
 @twitterapi team involved with to help them get migrated over as well, then
 feel free to drop me an e-mail asking me.

 On Sat, Apr 24, 2010 at 10:48 AM, Thomas Woolway tswool...@gmail.comwrote:





  Hi Raffi,

  Great that we've got a date for basic auth deprecation, but is there any
  news/timescales on OAuth Echo? We've got nine weeks and counting to get the
  spec, get the service providers to implement it, build it into clients and
  get our user-bases to upgrade if they want to be able to upload photos post
  June 30th. That's easier if you're web based, but not a huge amount of time
  if you are desktop or mobile based.

  Thanks,

  Tom

  On Sat, Apr 24, 2010 at 4:49 PM, Raffi Krikorian ra...@twitter.comwrote:

  there is a really good chance - now that oauth 2.0 has been submitted as a
  drafthttp://tools.ietf.org/html/draft-hammer-oauth2-00, we are going to
  spend some time catching up our oauth 2.0 implementation.  at that point,
  we'll evaluate letting it loose.

  On Sat, Apr 24, 2010 at 8:44 AM, Dewald Pretorius dpr...@gmail.comwrote:

  Raffi, that is super awesome. Thank you.

  Any chance that you will have OAuth 2.0 in production before then?

  On Apr 24, 12:40 pm, Raffi Krikorian ra...@twitter.com wrote:
   hi all.

   you're going to be hearing a lot from me over the next 9 weeks.  our
  plan is
   to turn off basic authorization on the API by june 30, 2010 --
  developers
   will have to switch over to OAuth by that time.  between now and then,
  there
   will be a *lot* of information coming along with tips on how to use
  OAuth
   Echo, xAuth, etc.  we really want to make this transition as easy as we
  can
   for everybody.

   as always, please feel free to reach out to this group, or to
  @twitterapi
   directly.  if you need help remembering the date -
 http://bit.ly/twcountdown
   .

   --
   Raffi Krikorian
   Twitter Platform Teamhttp://twitter.com/raffi

   --
   Subscription settings:
 http://groups.google.com/group/twitter-development-talk/subscribe?hl=en

  --
  Raffi Krikorian
  Twitter Platform Team
 http://twitter.com/raffi

 --
 Raffi Krikorian
 Twitter Platform Teamhttp://twitter.com/raffi