So am I understanding this correctly that this means TwitPic won't have to
ask for the user's Twitter username and Password any more and will instead
be able to use OAuth and still provide an API to their users?  I'm trying to
figure out if this is encouraging the use of the username and password or
discouraging it.

On Tue, Feb 9, 2010 at 4:08 PM, raffi <ra...@twitter.com> wrote:

> hi - i'm still a bit behind, but i've posted a sample workflow of how
> identity delegation may work in oauth - this is definitely a RFC, so
> please feel free to comment.
>
> http://mehack.com/a-proposal-for-delegation-in-oauth-identity-v
>
> On Feb 4, 6:33 pm, Raffi Krikorian <ra...@twitter.com> wrote:
> > i'll be posting our proposal for "oauth delegation" soon as a RFC.
> >
> >
> >
> >
> >
> > On Thu, Feb 4, 2010 at 3:41 PM, Greg <gregory.av...@gmail.com> wrote:
> > > However - will we ever see the ability for 3rd party applications to
> > > talk to eachother using oAuth tokens? For example a custom twitter
> > > oAuth application using TwitPic to publish photos?
> >
> > > On Feb 4, 6:26 pm, Raffi Krikorian <ra...@twitter.com> wrote:
> > > > totally.
> >
> > > > On Thu, Feb 4, 2010 at 3:23 PM, Abraham Williams <4bra...@gmail.com>
> > > wrote:
> > > > > I would imagine that Twitter will require SSL for xAuth calls.
> >
> > > > > Abraham
> >
> > > > > On Thu, Feb 4, 2010 at 14:44, Dewald Pretorius <dpr...@gmail.com>
> > > wrote:
> >
> > > > >> Interesting, Abraham.
> >
> > > > >> Don't we ever need OAuth Wrap, otherwise that x-auth-password will
> be
> > > > >> sent in clear text, kind of making a mockery of the whole OAuth
> thing.
> >
> > > > >> On Feb 4, 6:35 pm, Abraham Williams <4bra...@gmail.com> wrote:
> > > > >> > I poked around Seesmic Look a little and this is what I found:
> > > > >>
> http://the.hackerconundrum.com/2010/02/sneak-peek-at-twitters-browser.
> > > ..
> >
> > > > >> > Abraham
> >
> > > > >> > On Thu, Feb 4, 2010 at 14:24, Dewald Pretorius <
> dpr...@gmail.com>
> > > > >> wrote:
> > > > >> > > Zach,
> >
> > > > >> > > There's a soon to be published API method where you can
> silently
> > > get
> > > > >> > > the OAuth tokens when you have the account's Twitter username
> and
> > > > >> > > password, meaning the user does not experience any of the
> normal
> > > OAuth
> > > > >> > > flow.
> >
> > > > >> > > I presume that Seesmic just got early access to that method.
> >
> > > > >> > > So, in this case, user-to-app requires Basic Auth credentials,
> but
> > > > >> app-
> > > > >> > > to-Twitter uses OAuth once the app has obtained the tokens
> with
> > > the
> > > > >> > > new method.
> >
> > > > >> > > On Feb 4, 4:21 pm, Zac Bowling <zbowl...@gmail.com> wrote:
> > > > >> > > > Yes, what magic is this?
> >
> > > > >> > > > I'm confused. It takes username and password but then uses
> > > OAuth?
> >
> > > > >> > > > I wonder if they are injecting the username/password into
> the
> > > OAuth
> > > > >> form
> > > > >> > > on
> > > > >> > > > the page.
> >
> > > > >> > > > Twitter should really randomize that page or require captcha
> or
> > > > >> > > something.
> >
> > > > >> > > > Zac Bowling
> >
> > > > >> > > > On Wed, Feb 3, 2010 at 11:43 AM, Dewald Pretorius <
> > > dpr...@gmail.com
> >
> > > > >> > > wrote:
> > > > >> > > > > Raffi,
> >
> > > > >> > > > > Have you tried it? There is no OAuth flow. I.e., the user
> > > types in
> > > > >> his
> > > > >> > > > > Twitter username and password. That's it.
> >
> > > > >> > > > > If it is indeed using OAuth, does that mean that the
> > > background
> > > > >> > > > > requesting of tokens when you have the Twitter credentials
> is
> > > now
> > > > >> > > > > available? Meaning, I can also now use it to convert all
> > > existing
> > > > >> > > > > Twitter accounts to OAuth in one fell swoop?
> >
> > > > >> > > > > On Feb 3, 3:02 pm, Raffi Krikorian <ra...@twitter.com>
> wrote:
> > > > >> > > > > > seesmic look, i believe, is using oauth talking to
> > > > >> api.twitter.com.
> >
> > > > >> > > > > > On Tue, Feb 2, 2010 at 8:09 PM, Dewald Pretorius <
> > > > >> dpr...@gmail.com>
> > > > >> > > > > wrote:
> > > > >> > > > > > > Raffi,
> >
> > > > >> > > > > > > What's going on here?
> >
> > > > >> > > > > > > Your credibility is at stake here. You've been telling
> us
> > > in
> > > > >> many
> > > > >> > > > > > > posts that new apps must use OAuth to get a source
> > > > >> attribution, and
> > > > >> > > > > > > only old grandfathered apps have source attribution
> with
> > > Basic
> > > > >> > > Auth.
> >
> > > > >> > > > > > > On Feb 2, 11:18 pm, Dewald Pretorius <
> dpr...@gmail.com>
> > > > >> wrote:
> > > > >> > > > > > > > At first I thought they must have changed the old
> > > Seesmic
> > > > >> source
> > > > >> > > to
> > > > >> > > > > > > > Seesmic Look.
> >
> > > > >> > > > > > > > But no.
> >
> > > > >> > > > > > > > Here's a recent tweet from Seesmic:
> > > > >> > > > > > >http://twitter.com/CathyBrooks/status/8570217879
> >
> > > > >> > > > > > > > And here's a recent one from Seesmic Look:
> > > > >> > > > > > >http://twitter.com/adamse/status/8565271563
> >
> > > > >> > > > > > > > Seesmic Look uses Basic Auth.
> >
> > > > >> > > > > > > > Does anyone else spot Mt Everest on this level
> playing
> > > field
> > > > >> of
> > > > >> > > ours?
> >
> > > > >> > > > > > > > On Feb 2, 10:41 pm, Pedro Junior <
> > > v.ju.ni.o...@gmail.com>
> > > > >> wrote:
> >
> > > > >> > > > > > > > > *Seesmic Look is old?
> > > > >> > > > > > > > > *
> > > > >> > > > > > > > > -
> > > > >> > > > > > > > > Pedro Junior
> >
> > > > >> > > > > > > > > 2010/2/2 Lukas Müller <webmas...@muellerlukas.de>
> >
> > > > >> > > > > > > > > > Only old apps can do this. New apps cannot use
> it.
> >
> > > > >> > > > > > --
> > > > >> > > > > > Raffi Krikorian
> > > > >> > > > > > Twitter Platform Teamhttp://twitter.com/raffi
> >
> > > > >> > --
> > > > >> > Abraham Williams | Community Advocate |http://abrah.am
> > > > >> > Project | Out Loud |http://outloud.labs.poseurtech.com
> > > > >> > This email is: [ ] shareable [x] ask first [ ] private.
> > > > >> > Sent from Seattle, WA, United States
> >
> > > > > --
> > > > > Abraham Williams | Community Advocate |http://abrah.am
> > > > > Project | Out Loud |http://outloud.labs.poseurtech.com
> > > > > This email is: [ ] shareable [x] ask first [ ] private.
> > > > > Sent from Seattle, WA, United States
> >
> > > > --
> > > > Raffi Krikorian
> > > > Twitter Platform Teamhttp://twitter.com/raffi
> >
> > --
> > Raffi Krikorian
> > Twitter Platform Teamhttp://twitter.com/raffi
>

Reply via email to