I would imagine that Twitter will require SSL for xAuth calls.

Abraham

On Thu, Feb 4, 2010 at 14:44, Dewald Pretorius <dpr...@gmail.com> wrote:

> Interesting, Abraham.
>
> Don't we ever need OAuth Wrap, otherwise that x-auth-password will be
> sent in clear text, kind of making a mockery of the whole OAuth thing.
>
> On Feb 4, 6:35 pm, Abraham Williams <4bra...@gmail.com> wrote:
> > I poked around Seesmic Look a little and this is what I found:
> http://the.hackerconundrum.com/2010/02/sneak-peek-at-twitters-browser...
> >
> > Abraham
> >
> >
> >
> > On Thu, Feb 4, 2010 at 14:24, Dewald Pretorius <dpr...@gmail.com> wrote:
> > > Zach,
> >
> > > There's a soon to be published API method where you can silently get
> > > the OAuth tokens when you have the account's Twitter username and
> > > password, meaning the user does not experience any of the normal OAuth
> > > flow.
> >
> > > I presume that Seesmic just got early access to that method.
> >
> > > So, in this case, user-to-app requires Basic Auth credentials, but app-
> > > to-Twitter uses OAuth once the app has obtained the tokens with the
> > > new method.
> >
> > > On Feb 4, 4:21 pm, Zac Bowling <zbowl...@gmail.com> wrote:
> > > > Yes, what magic is this?
> >
> > > > I'm confused. It takes username and password but then uses OAuth?
> >
> > > > I wonder if they are injecting the username/password into the OAuth
> form
> > > on
> > > > the page.
> >
> > > > Twitter should really randomize that page or require captcha or
> > > something.
> >
> > > > Zac Bowling
> >
> > > > On Wed, Feb 3, 2010 at 11:43 AM, Dewald Pretorius <dpr...@gmail.com>
> > > wrote:
> > > > > Raffi,
> >
> > > > > Have you tried it? There is no OAuth flow. I.e., the user types in
> his
> > > > > Twitter username and password. That's it.
> >
> > > > > If it is indeed using OAuth, does that mean that the background
> > > > > requesting of tokens when you have the Twitter credentials is now
> > > > > available? Meaning, I can also now use it to convert all existing
> > > > > Twitter accounts to OAuth in one fell swoop?
> >
> > > > > On Feb 3, 3:02 pm, Raffi Krikorian <ra...@twitter.com> wrote:
> > > > > > seesmic look, i believe, is using oauth talking to
> api.twitter.com.
> >
> > > > > > On Tue, Feb 2, 2010 at 8:09 PM, Dewald Pretorius <
> dpr...@gmail.com>
> > > > > wrote:
> > > > > > > Raffi,
> >
> > > > > > > What's going on here?
> >
> > > > > > > Your credibility is at stake here. You've been telling us in
> many
> > > > > > > posts that new apps must use OAuth to get a source attribution,
> and
> > > > > > > only old grandfathered apps have source attribution with Basic
> > > Auth.
> >
> > > > > > > On Feb 2, 11:18 pm, Dewald Pretorius <dpr...@gmail.com> wrote:
> > > > > > > > At first I thought they must have changed the old Seesmic
> source
> > > to
> > > > > > > > Seesmic Look.
> >
> > > > > > > > But no.
> >
> > > > > > > > Here's a recent tweet from Seesmic:
> > > > > > >http://twitter.com/CathyBrooks/status/8570217879
> >
> > > > > > > > And here's a recent one from Seesmic Look:
> > > > > > >http://twitter.com/adamse/status/8565271563
> >
> > > > > > > > Seesmic Look uses Basic Auth.
> >
> > > > > > > > Does anyone else spot Mt Everest on this level playing field
> of
> > > ours?
> >
> > > > > > > > On Feb 2, 10:41 pm, Pedro Junior <v.ju.ni.o...@gmail.com>
> wrote:
> >
> > > > > > > > > *Seesmic Look is old?
> > > > > > > > > *
> > > > > > > > > -
> > > > > > > > > Pedro Junior
> >
> > > > > > > > > 2010/2/2 Lukas Müller <webmas...@muellerlukas.de>
> >
> > > > > > > > > > Only old apps can do this. New apps cannot use it.
> >
> > > > > > --
> > > > > > Raffi Krikorian
> > > > > > Twitter Platform Teamhttp://twitter.com/raffi
> >
> > --
> > Abraham Williams | Community Advocate |http://abrah.am
> > Project | Out Loud |http://outloud.labs.poseurtech.com
> > This email is: [ ] shareable [x] ask first [ ] private.
> > Sent from Seattle, WA, United States
>



-- 
Abraham Williams | Community Advocate | http://abrah.am
Project | Out Loud | http://outloud.labs.poseurtech.com
This email is: [ ] shareable [x] ask first [ ] private.
Sent from Seattle, WA, United States

Reply via email to