Hi all, I'm currently writing a web app that interfaces with Twitter - I won't bore you with the details, but suffice to say that this app is designed to be installed on individual users' web servers, and uses read-only access to the Twitter API to perform a few useful functions.
Up until this week I was using Basic Auth, and the time has now come for me to move the app over to OAuth. However, I'm a bit confused as to which OAuth method would be most suitable for my app. Here are a couple of constraints: 1) The app may end up being installed on a non-public-facing server, so the use of callback URLs might be a bit difficult. 2) The most straightforward flow in my mind would be if users could enter their username/password (or some other kind of auth token) in the app's config file (which suggests using xAuth to me, from a reading of the docs). The desktop Twitter clients I use seem to have no problem taking/ storing a username and password and converting that into an OAuth transaction. Would they be using xAuth? Basically I'm open to advice as to which OAuth method I should be considering for this app. I want to make things as secure/ straightforward as possible for the user while ensuring that the app will work in a variety of environments (including private servers that can't receive callbacks). Any thoughts or tips as to how I could achieve this would be hugely appreciated. Thanks for reading, Biggs