On Wed, Feb 3, 2010 at 5:02 AM, Jeff Enderwick <[email protected]> wrote:
> App-engine is free to a point, and you do get (little) more than you pay
> for. But that scheme carries a heavy price:
> personally engraved downloads: one heavyweight op per subscriber (one-time
> though),
That's not strictly necessary, as the app could potentially be
downloaded untagged and then it could contact server on once it run
for a first time to get it's ID.
There are two problems though:
1. User has to go throuh a website to perform the OAuth authorization.
2. There should be a way to establish the link between user's
OAuth tokens saved on the server, and an app. For example a PIN code
could be used.
> having server-side resources proxy all mobile twitter interaction: way, way
> to heavy for no real functional benefit (and also less fault tolerant).
That depends on the platform the app is written for. It would be an
overkill for iPhone or Android, but j2me? I think the Snaptu which
currenlty is the biggest j2me client out threre does it exactly like
this.
Also, it the mobile app is doing OAuth itself, it has to be given the
application token and secret with all the security implications of
doing this.
Anton
>
> On Tue, Feb 2, 2010 at 1:02 PM, Abraham Williams <[email protected]> wrote:
>>
>> With the proliferation of services like Google App Engine finding free or
>> cheap sever resources is easy.
>> Abraham
>>
>> On Tue, Feb 2, 2010 at 06:09, ryan alford <[email protected]> wrote:
>>>
>>> Another problem with this approach is that you are now required to have a
>>> server. So now a developer would have the added expense of paying for a
>>> server. Now if the developer already had a server, then it's a moot point,
>>> but not all developers have their own hosted servers.
>>> What happens when your server goes down, or your hosting provider has
>>> connectivity problems? Your app is now dead, even though Twitter is still
>>> functioning normally.
>>> Ryan
>>>
>>> On Tue, Feb 2, 2010 at 7:08 AM, Anton Krasovsky
>>> <[email protected]> wrote:
>>>>
>>>> With all that talk about OAuth, I thought I might share my experience
>>>> using it in for a mobile (j2me) twitter client.
>>>>
>>>> I guess my approach is nothing new, and probably is not applicable to
>>>> iPhone apps because of the appstore distribution process, but anyways.
>>>>
>>>> So the way I handle OAuth is as follows:
>>>>
>>>> All application downloads are handled by my own server. Before
>>>> allowing user to download the app I initiate OAuth authorization with
>>>> Twitter and then, save user tokens along with generated unique id for
>>>> a user.
>>>>
>>>> Once authorized, user is permitted to download the application which
>>>> is tagged with that unique user id I generated earlier.
>>>>
>>>> Once user starts the app, it uses it's id to authenticate itself to my
>>>> server.
>>>>
>>>> All communicatin between Twitter and user's appication is
>>>> handled/proxied by the server that performs all necessary oauth
>>>> signing on behalf of the user.
>>>>
>>>> So, this way I have all benefits of using OAuth in a mobile app.
>>>>
>>>> The only drawback really, is that user must visit my web site at least
>>>> once to perform authorization.
>>>>
>>>> Regards,
>>>> Anton
>>>> http://pavo.me
>>>
>>
>>
>>
>> --
>> Abraham Williams | Community Advocate | http://abrah.am
>> Project | Out Loud | http://outloud.labs.poseurtech.com
>> This email is: [ ] shareable [x] ask first [ ] private.
>> Sent from Seattle, WA, United States
>
