Re: [twitter-dev] Streaming API OAuth explanation?
In the current incarnation, you don't need a registered application to use the streaming API -- just a valid username and password to access the endpoints. While we don't know what the OAuth-based authentication is going to look like in the future of authenticating with the streaming API, we do know that using a username and password won't be tenable for long. Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Tue, Apr 20, 2010 at 3:44 PM, Dima Brodsky wrote: > Hi, > > Question about oauth registration ... do I register the user ID I currently > use at the same place as all other apps, i.e. > http://dev.twitter.com/apps/new, or is there another endpoint for the > streaming api? > > Thanks! > ttyl > Dima > > > On Tue, Apr 20, 2010 at 10:17 AM, Taylor Singletary < > taylorsinglet...@twitter.com> wrote: > >> Hi Jonathon, >> >> For Streaming API access that isn't from the perspective of a user's >> account, you would use two-legged OAuth to establish authentication instead >> of basic auth. >> >> A two-legged OAuth request is very similar to other OAuth requests: you >> have a specific resource you are trying to access, you have some parameters >> you want to pass to that resource, and you have an OAuth consumer key and >> OAuth consumer secret. Which is unlike three-legged OAuth where you also >> have oauth_tokens representing either a user/access_token or a request token >> in addition to the rest. >> >> But the rules remain the same. You take all the OAuth parameters and the >> parameters you are sending to the resource, organize them, build a signature >> base string, then sign that with your consumer secret and send the request >> on to Twitter properly signed. The only difference is that there is no >> oauth_token and oauth_token_secret getting involved in the mix. >> >> This is essentially what a two-legged request to the streaming API would >> look like: >> >> Signature Base String >> GET&http%3A%2F%2Fstream.twitter.com >> %2F1%2Fstatuses%2Fsample.json&oauth_consumer_key%3Dri8JxYK2zzwSV5xIUfNNvQ%26oauth_nonce%3DSJJqJPdaZrYuIogToapS6ueJRyWB4Rs2ox4HEbu4nW8%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1271783743%26oauth_version%3D1.0 >> >> Signature >> Xi5jfuw2XqtU5KpNX9ZCtTptJS0= >> >> Authorization Header >> OAuth oauth_nonce="SJJqJPdaZrYuIogToapS6ueJRyWB4Rs2ox4HEbu4nW8", >> oauth_signature_method="HMAC-SHA1", oauth_timestamp="1271783743", >> oauth_consumer_key="ri8JxYK2zzwSV5xIUfNNvQ", >> oauth_signature="Xi5jfuw2XqtU5KpNX9ZCtTptJS0%3D", oauth_version="1.0" >> >> Taylor Singletary >> Developer Advocate, Twitter >> http://twitter.com/episod >> >> >> On Tue, Apr 20, 2010 at 10:05 AM, Jonathon Hill wrote: >> >>> One thing I meant to find out @chirp last week--what will oauth look >>> like for the Streaming API? I'm having a hard time visualizing how >>> that will work. >>> >>> Thanks, >>> >>> Jonathon Hill >>> @compwright >>> Company52 >>> http://company52.com >>> >>> >>> -- >>> Subscription settings: >>> http://groups.google.com/group/twitter-development-talk/subscribe?hl=en >>> >> >> >
Re: [twitter-dev] Streaming API OAuth explanation?
Hi, Question about oauth registration ... do I register the user ID I currently use at the same place as all other apps, i.e.http://dev.twitter.com/apps/new, or is there another endpoint for the streaming api? Thanks! ttyl Dima On Tue, Apr 20, 2010 at 10:17 AM, Taylor Singletary < taylorsinglet...@twitter.com> wrote: > Hi Jonathon, > > For Streaming API access that isn't from the perspective of a user's > account, you would use two-legged OAuth to establish authentication instead > of basic auth. > > A two-legged OAuth request is very similar to other OAuth requests: you > have a specific resource you are trying to access, you have some parameters > you want to pass to that resource, and you have an OAuth consumer key and > OAuth consumer secret. Which is unlike three-legged OAuth where you also > have oauth_tokens representing either a user/access_token or a request token > in addition to the rest. > > But the rules remain the same. You take all the OAuth parameters and the > parameters you are sending to the resource, organize them, build a signature > base string, then sign that with your consumer secret and send the request > on to Twitter properly signed. The only difference is that there is no > oauth_token and oauth_token_secret getting involved in the mix. > > This is essentially what a two-legged request to the streaming API would > look like: > > Signature Base String > GET&http%3A%2F%2Fstream.twitter.com > %2F1%2Fstatuses%2Fsample.json&oauth_consumer_key%3Dri8JxYK2zzwSV5xIUfNNvQ%26oauth_nonce%3DSJJqJPdaZrYuIogToapS6ueJRyWB4Rs2ox4HEbu4nW8%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1271783743%26oauth_version%3D1.0 > > Signature > Xi5jfuw2XqtU5KpNX9ZCtTptJS0= > > Authorization Header > OAuth oauth_nonce="SJJqJPdaZrYuIogToapS6ueJRyWB4Rs2ox4HEbu4nW8", > oauth_signature_method="HMAC-SHA1", oauth_timestamp="1271783743", > oauth_consumer_key="ri8JxYK2zzwSV5xIUfNNvQ", > oauth_signature="Xi5jfuw2XqtU5KpNX9ZCtTptJS0%3D", oauth_version="1.0" > > Taylor Singletary > Developer Advocate, Twitter > http://twitter.com/episod > > > On Tue, Apr 20, 2010 at 10:05 AM, Jonathon Hill wrote: > >> One thing I meant to find out @chirp last week--what will oauth look >> like for the Streaming API? I'm having a hard time visualizing how >> that will work. >> >> Thanks, >> >> Jonathon Hill >> @compwright >> Company52 >> http://company52.com >> >> >> -- >> Subscription settings: >> http://groups.google.com/group/twitter-development-talk/subscribe?hl=en >> > >
Re: [twitter-dev] Streaming API OAuth explanation?
Hi Jonathon, For Streaming API access that isn't from the perspective of a user's account, you would use two-legged OAuth to establish authentication instead of basic auth. A two-legged OAuth request is very similar to other OAuth requests: you have a specific resource you are trying to access, you have some parameters you want to pass to that resource, and you have an OAuth consumer key and OAuth consumer secret. Which is unlike three-legged OAuth where you also have oauth_tokens representing either a user/access_token or a request token in addition to the rest. But the rules remain the same. You take all the OAuth parameters and the parameters you are sending to the resource, organize them, build a signature base string, then sign that with your consumer secret and send the request on to Twitter properly signed. The only difference is that there is no oauth_token and oauth_token_secret getting involved in the mix. This is essentially what a two-legged request to the streaming API would look like: Signature Base String GET&http%3A%2F%2Fstream.twitter.com %2F1%2Fstatuses%2Fsample.json&oauth_consumer_key%3Dri8JxYK2zzwSV5xIUfNNvQ%26oauth_nonce%3DSJJqJPdaZrYuIogToapS6ueJRyWB4Rs2ox4HEbu4nW8%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1271783743%26oauth_version%3D1.0 Signature Xi5jfuw2XqtU5KpNX9ZCtTptJS0= Authorization Header OAuth oauth_nonce="SJJqJPdaZrYuIogToapS6ueJRyWB4Rs2ox4HEbu4nW8", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1271783743", oauth_consumer_key="ri8JxYK2zzwSV5xIUfNNvQ", oauth_signature="Xi5jfuw2XqtU5KpNX9ZCtTptJS0%3D", oauth_version="1.0" Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Tue, Apr 20, 2010 at 10:05 AM, Jonathon Hill wrote: > One thing I meant to find out @chirp last week--what will oauth look > like for the Streaming API? I'm having a hard time visualizing how > that will work. > > Thanks, > > Jonathon Hill > @compwright > Company52 > http://company52.com > > > -- > Subscription settings: > http://groups.google.com/group/twitter-development-talk/subscribe?hl=en >
