So am I understanding this correctly that this means TwitPic won't have to ask for the user's Twitter username and Password any more and will instead be able to use OAuth and still provide an API to their users? I'm trying to figure out if this is encouraging the use of the username and password or discouraging it.
On Tue, Feb 9, 2010 at 4:08 PM, raffi <[email protected]> wrote: > hi - i'm still a bit behind, but i've posted a sample workflow of how > identity delegation may work in oauth - this is definitely a RFC, so > please feel free to comment. > > http://mehack.com/a-proposal-for-delegation-in-oauth-identity-v > > On Feb 4, 6:33 pm, Raffi Krikorian <[email protected]> wrote: > > i'll be posting our proposal for "oauth delegation" soon as a RFC. > > > > > > > > > > > > On Thu, Feb 4, 2010 at 3:41 PM, Greg <[email protected]> wrote: > > > However - will we ever see the ability for 3rd party applications to > > > talk to eachother using oAuth tokens? For example a custom twitter > > > oAuth application using TwitPic to publish photos? > > > > > On Feb 4, 6:26 pm, Raffi Krikorian <[email protected]> wrote: > > > > totally. > > > > > > On Thu, Feb 4, 2010 at 3:23 PM, Abraham Williams <[email protected]> > > > wrote: > > > > > I would imagine that Twitter will require SSL for xAuth calls. > > > > > > > Abraham > > > > > > > On Thu, Feb 4, 2010 at 14:44, Dewald Pretorius <[email protected]> > > > wrote: > > > > > > >> Interesting, Abraham. > > > > > > >> Don't we ever need OAuth Wrap, otherwise that x-auth-password will > be > > > > >> sent in clear text, kind of making a mockery of the whole OAuth > thing. > > > > > > >> On Feb 4, 6:35 pm, Abraham Williams <[email protected]> wrote: > > > > >> > I poked around Seesmic Look a little and this is what I found: > > > > >> > http://the.hackerconundrum.com/2010/02/sneak-peek-at-twitters-browser. > > > .. > > > > > > >> > Abraham > > > > > > >> > On Thu, Feb 4, 2010 at 14:24, Dewald Pretorius < > [email protected]> > > > > >> wrote: > > > > >> > > Zach, > > > > > > >> > > There's a soon to be published API method where you can > silently > > > get > > > > >> > > the OAuth tokens when you have the account's Twitter username > and > > > > >> > > password, meaning the user does not experience any of the > normal > > > OAuth > > > > >> > > flow. > > > > > > >> > > I presume that Seesmic just got early access to that method. > > > > > > >> > > So, in this case, user-to-app requires Basic Auth credentials, > but > > > > >> app- > > > > >> > > to-Twitter uses OAuth once the app has obtained the tokens > with > > > the > > > > >> > > new method. > > > > > > >> > > On Feb 4, 4:21 pm, Zac Bowling <[email protected]> wrote: > > > > >> > > > Yes, what magic is this? > > > > > > >> > > > I'm confused. It takes username and password but then uses > > > OAuth? > > > > > > >> > > > I wonder if they are injecting the username/password into > the > > > OAuth > > > > >> form > > > > >> > > on > > > > >> > > > the page. > > > > > > >> > > > Twitter should really randomize that page or require captcha > or > > > > >> > > something. > > > > > > >> > > > Zac Bowling > > > > > > >> > > > On Wed, Feb 3, 2010 at 11:43 AM, Dewald Pretorius < > > > [email protected] > > > > > > >> > > wrote: > > > > >> > > > > Raffi, > > > > > > >> > > > > Have you tried it? There is no OAuth flow. I.e., the user > > > types in > > > > >> his > > > > >> > > > > Twitter username and password. That's it. > > > > > > >> > > > > If it is indeed using OAuth, does that mean that the > > > background > > > > >> > > > > requesting of tokens when you have the Twitter credentials > is > > > now > > > > >> > > > > available? Meaning, I can also now use it to convert all > > > existing > > > > >> > > > > Twitter accounts to OAuth in one fell swoop? > > > > > > >> > > > > On Feb 3, 3:02 pm, Raffi Krikorian <[email protected]> > wrote: > > > > >> > > > > > seesmic look, i believe, is using oauth talking to > > > > >> api.twitter.com. > > > > > > >> > > > > > On Tue, Feb 2, 2010 at 8:09 PM, Dewald Pretorius < > > > > >> [email protected]> > > > > >> > > > > wrote: > > > > >> > > > > > > Raffi, > > > > > > >> > > > > > > What's going on here? > > > > > > >> > > > > > > Your credibility is at stake here. You've been telling > us > > > in > > > > >> many > > > > >> > > > > > > posts that new apps must use OAuth to get a source > > > > >> attribution, and > > > > >> > > > > > > only old grandfathered apps have source attribution > with > > > Basic > > > > >> > > Auth. > > > > > > >> > > > > > > On Feb 2, 11:18 pm, Dewald Pretorius < > [email protected]> > > > > >> wrote: > > > > >> > > > > > > > At first I thought they must have changed the old > > > Seesmic > > > > >> source > > > > >> > > to > > > > >> > > > > > > > Seesmic Look. > > > > > > >> > > > > > > > But no. > > > > > > >> > > > > > > > Here's a recent tweet from Seesmic: > > > > >> > > > > > >http://twitter.com/CathyBrooks/status/8570217879 > > > > > > >> > > > > > > > And here's a recent one from Seesmic Look: > > > > >> > > > > > >http://twitter.com/adamse/status/8565271563 > > > > > > >> > > > > > > > Seesmic Look uses Basic Auth. > > > > > > >> > > > > > > > Does anyone else spot Mt Everest on this level > playing > > > field > > > > >> of > > > > >> > > ours? > > > > > > >> > > > > > > > On Feb 2, 10:41 pm, Pedro Junior < > > > [email protected]> > > > > >> wrote: > > > > > > >> > > > > > > > > *Seesmic Look is old? > > > > >> > > > > > > > > * > > > > >> > > > > > > > > - > > > > >> > > > > > > > > Pedro Junior > > > > > > >> > > > > > > > > 2010/2/2 Lukas Müller <[email protected]> > > > > > > >> > > > > > > > > > Only old apps can do this. New apps cannot use > it. > > > > > > >> > > > > > -- > > > > >> > > > > > Raffi Krikorian > > > > >> > > > > > Twitter Platform Teamhttp://twitter.com/raffi > > > > > > >> > -- > > > > >> > Abraham Williams | Community Advocate |http://abrah.am > > > > >> > Project | Out Loud |http://outloud.labs.poseurtech.com > > > > >> > This email is: [ ] shareable [x] ask first [ ] private. > > > > >> > Sent from Seattle, WA, United States > > > > > > > -- > > > > > Abraham Williams | Community Advocate |http://abrah.am > > > > > Project | Out Loud |http://outloud.labs.poseurtech.com > > > > > This email is: [ ] shareable [x] ask first [ ] private. > > > > > Sent from Seattle, WA, United States > > > > > > -- > > > > Raffi Krikorian > > > > Twitter Platform Teamhttp://twitter.com/raffi > > > > -- > > Raffi Krikorian > > Twitter Platform Teamhttp://twitter.com/raffi >
