Re: [twitter-dev] Re: How Does TwittPic Works ?

Thu, 04 Feb 2010 20:10:33 -0800

They do. They already generate a form authenticity token that you have to submit back with the other relevant form data in order for your submission to be authentic. 

Zac Bowling wrote:

Yes, what magic is this?

I'm confused. It takes username and password but then uses OAuth?
I wonder if they are injecting the username/password into the OAuth form on the page.
Twitter should really randomize that page or require captcha or something. 

Zac Bowling
On Wed, Feb 3, 2010 at 11:43 AM, Dewald Pretorius <[email protected] <mailto:[email protected]>> wrote: 

    Raffi,

    Have you tried it? There is no OAuth flow. I.e., the user types in his
    Twitter username and password. That's it.

    If it is indeed using OAuth, does that mean that the background
    requesting of tokens when you have the Twitter credentials is now
    available? Meaning, I can also now use it to convert all existing
    Twitter accounts to OAuth in one fell swoop?

    On Feb 3, 3:02 pm, Raffi Krikorian <[email protected]
    <mailto:[email protected]>> wrote:
    > seesmic look, i believe, is using oauth talking to
    api.twitter.com <http://api.twitter.com>.
    >
    >
    >
    > On Tue, Feb 2, 2010 at 8:09 PM, Dewald Pretorius
    <[email protected] <mailto:[email protected]>> wrote:
    > > Raffi,
    >
    > > What's going on here?
    >
    > > Your credibility is at stake here. You've been telling us in many
    > > posts that new apps must use OAuth to get a source
    attribution, and
    > > only old grandfathered apps have source attribution with Basic
    Auth.
    >
    > > On Feb 2, 11:18 pm, Dewald Pretorius <[email protected]
    <mailto:[email protected]>> wrote:
    > > > At first I thought they must have changed the old Seesmic
    source to
    > > > Seesmic Look.
    >
    > > > But no.
    >
    > > > Here's a recent tweet from Seesmic:
    > >http://twitter.com/CathyBrooks/status/8570217879
    >
    > > > And here's a recent one from Seesmic Look:
    > >http://twitter.com/adamse/status/8565271563
    >
    > > > Seesmic Look uses Basic Auth.
    >
    > > > Does anyone else spot Mt Everest on this level playing field
    of ours?
    >
    > > > On Feb 2, 10:41 pm, Pedro Junior <[email protected]
    <mailto:[email protected]>> wrote:
    >
    > > > > *Seesmic Look is old?
    > > > > *
    > > > > -
    > > > > Pedro Junior
    >
    > > > > 2010/2/2 Lukas Müller <[email protected]
    <mailto:[email protected]>>
    >
    > > > > > Only old apps can do this. New apps cannot use it.
    >
    > --
    > Raffi Krikorian
    > Twitter Platform Teamhttp://twitter.com/raffi
    <http://twitter.com/raffi>

Reply via email to