With all that talk about OAuth, I thought I might share my experience
using it in for a mobile (j2me) twitter client.

I guess my approach is nothing new, and probably is not applicable to
iPhone apps because of the appstore distribution process, but anyways.

So the way I handle OAuth is as follows:

All application downloads are handled by my own server. Before
allowing user to download the app I initiate OAuth authorization with
Twitter and then, save user tokens along with generated unique id for
a user.

Once authorized, user is permitted to download the application which
is tagged with that unique user id I generated earlier.

Once user starts the app, it uses it's id to authenticate itself to my server.

All communicatin between Twitter and user's appication is
handled/proxied by the server that performs all necessary oauth
signing on behalf of the user.

So, this way I have all benefits of using OAuth in a mobile app.

The only drawback really, is that user must visit my web site at least
once to perform authorization.


Reply via email to