Ok, so I'm a bit out of the loop so I've been doing a lot of catching up on oAuth Echo starting with http://groups.google.com/group/twitter-development-talk/browse_thread/thread/c2c4963061422f28/d0b5ddeac81ecd84.
Scenario is large number of Twitter clients accessing media upload api for our site service along with end-users sharing via browser. I understand June 2010 is the cutoff for basic auth. Some sites may be provided with xAuth on a limited basis in regards to "moving everybody off basic authentication, we originally envisioned this as a mechanism for developers to exchange all the username and passwords they have in their databases for OAuth tokens en masse." Still trying to wrap my head around oAuth Echo. From what I understand, delegation from a Twitter app like TweetDeck (for example) would pass its oAuth access tokens to our site to pass to Twitter. A few questions: - xAuth seems straight-forward if granted temporary access. I assume these tokens are the same as if the end-user went through the normal oAuth process in a browser? New users to the 3rd party web site would be using oAuth. - Typically if a user is sharing a media file through our site and they are NOT registered (no account in our system) and have never logged in using oAuth on our site, we create an account for them. Can we store the access tokens from an external app when we create their account? If so, would there be a conflict if an event occurs in which we post a status update on their behalf without the delegation in the header? Or is it a one-time use thing? - Once the user visits our site and logs into Twitter using oAuth, we'll store those tokens. Is it best practice to use those whenever the same user shares a media file through an external app or should the delegated tokens always be used? - Finally, while Twitter may be depreciating basic auth and everyone (if they haven't already) will be using oAuth, is there a plan for users who use 3rd party Twitter apps for mobile devices that HAVE NOT upgraded to the latest version yet? Although xAuth is geared towards desktop and mobile apps, there may be quite a few users who have not upgraded their app trying to either use it or share media with it through sites like ours. - I did notice that on this page http://apiwiki.twitter.com/Authentication, its confusing as to whether or not basic auth will be completely depreciated. If it will be, someone should update it as its misleading. Thanks in advance! Best, Y. -- To unsubscribe, reply using "remove me" as the subject.
