As Abraham said, even though we don't know your code it is simple to maintain both basic auth and oauth at the same time. Twollo's flow is basically:
if user.UseOauth: request using oAuth else: request using basic Auth. Obviously at some point path 2 will be redundant, however there has been a very high take up of accounts using oauth. I honestly don't think there is any chance of an API to turn basic auth in to oauth, as it defeats most of the point of oauth (that is empowering the user to control the applications that access their account) Paul 2009/6/17 Abraham Williams <[email protected]> > You have the code already finished for basic auth and maybe for oauth as > well. it is pretty much just a simple if statment in your code to choose > which one to run. > Someone also posted a ruby script that I think screenscraped the oauth > authorize page to automate a switch from basic auth to oauth. I don't know > what Twitters view is on practice though. > > Abraham > > On Wed, Jun 17, 2009 at 14:49, Simon <[email protected]> wrote: > >> >> >> > You can stop taking peoples accounts, use sign in with twitter and for >> all >> > the existing user who have not done it yet basic auth is still around. >> >> I have that basically set up, but the problem is getting the basic >> auth users switched... I can't run both. The user must either be on >> one, or the other. So adding OAuth must go hand in hand with deleting >> basic auth, which is just unnecessary steps for me to code and the >> user to do. Speaking from an ease of use point of view, I don't WANT >> to users to return to switch to OAuth. Simple. >> >> What will Twitter do when it will supposedly switch off basic auth? >> What about services like twitpic that still runs on basic auth? The >> crap thing is, is that a service like twitpic, users DO come back and >> switching to OAuth will be easier. Mine isn't. Users don't enter their >> details ever again. I'm sure they'll make it easier to switch to OAuth >> no doubt. I hope. >> >> I'll probably add the OAuth, and then have to direct users who want to >> switch to OAuth, through the laborious steps. :( >> >> > >> > Paul >> > >> > 2009/6/17 Simon <[email protected]> >> > >> > >> > >> > >> > >> > > On Jun 16, 2:58 pm, Paul Kinlan <[email protected]> wrote: >> > > > Hi, >> > > > Since you have all the passwords, could you not just log into the >> users >> > > > account and authorise access to your oauth based application? >> > >> > > No, it's way too many users. I don't have that time. But see that's >> > > exactly my point. I HAVE the password, instead of manually going >> > > through the motions (which I can), why can't there be an API method >> > > that can do it automatically? >> > >> > > > Looking at what you have done, other than letting the user tweet >> what >> > > they >> > > > are listenting too you don't need any authentication, would it not >> be >> > > easier >> > > > to get the user to follow you, in response you send a DM to them >> with a >> > > url >> > > > in that contains a unique url in that they can then enter their >> lastFM >> > > > username in. Because they are following you, you can still DM the >> stats >> > > > that you send. >> > >> > > The goal is to automatically tweet what the people are listening to. >> > > That method won't work. >> > >> > > > > Hi. I made a mashup in the beginning of the year (before OAuth). >> You >> > > > > can check it out here:http://www.tweekly.fm. >> > >> > > > > I really want to switch to OAuth (for the sake of security), but >> > > > > Twitter isn't exactly making it easy. I've read through some old >> > > > > threads, but couldn't precisely find what I wanted to say. Sorry, >> if >> > > > > its been said before. >> > >> > > > > My mashup only requires the user to enter their details once. The >> only >> > > > > time they enter it again, is to delete it. It's an automation >> service. >> > > > > It sends data from last.fm to twitter. >> > >> > > > > Switching to OAuth is a nightmare for both me (as a coder) and the >> > > > > user. I can't run both basic auth and OAuth for the same user (its >> the >> > > > > way my mashup works). So if a user wants to switch to OAuth, they >> have >> > > > > to delete the old basic auth details. Its unnecessary hurdles. >> > >> > > > > Its been said before. All I want is an API method to use basic >> auth to >> > > > > get the OAuth access tokens. This way, I can easily write one >> script, >> > > > > to convert all my users to OAuth. No hassles for me, and no >> hassles >> > > > > for the users. >> > > > > -- > Abraham Williams | Community | http://web608.org > Hacker | http://abrah.am | http://twitter.com/abraham > Project | http://fireeagle.labs.poseurtech.com > This email is: [ ] blogable [x] ask first [ ] private. >
