twitpic will not have to ask for usernames and passwords anymore, nor will users have to actually authorize twitpic (as twitpic is not doing anything on their behalf -- it is just confirming their identity).
i think this is a "good thing". On Tue, Feb 9, 2010 at 11:26 PM, Jesse Stay <[email protected]> wrote: > So am I understanding this correctly that this means TwitPic won't have to > ask for the user's Twitter username and Password any more and will instead > be able to use OAuth and still provide an API to their users? I'm trying to > figure out if this is encouraging the use of the username and password or > discouraging it. > > > On Tue, Feb 9, 2010 at 4:08 PM, raffi <[email protected]> wrote: > >> hi - i'm still a bit behind, but i've posted a sample workflow of how >> identity delegation may work in oauth - this is definitely a RFC, so >> please feel free to comment. >> >> http://mehack.com/a-proposal-for-delegation-in-oauth-identity-v >> >> On Feb 4, 6:33 pm, Raffi Krikorian <[email protected]> wrote: >> > i'll be posting our proposal for "oauth delegation" soon as a RFC. >> > >> > >> > >> > >> > >> > On Thu, Feb 4, 2010 at 3:41 PM, Greg <[email protected]> wrote: >> > > However - will we ever see the ability for 3rd party applications to >> > > talk to eachother using oAuth tokens? For example a custom twitter >> > > oAuth application using TwitPic to publish photos? >> > >> > > On Feb 4, 6:26 pm, Raffi Krikorian <[email protected]> wrote: >> > > > totally. >> > >> > > > On Thu, Feb 4, 2010 at 3:23 PM, Abraham Williams <[email protected] >> > >> > > wrote: >> > > > > I would imagine that Twitter will require SSL for xAuth calls. >> > >> > > > > Abraham >> > >> > > > > On Thu, Feb 4, 2010 at 14:44, Dewald Pretorius <[email protected]> >> > > wrote: >> > >> > > > >> Interesting, Abraham. >> > >> > > > >> Don't we ever need OAuth Wrap, otherwise that x-auth-password >> will be >> > > > >> sent in clear text, kind of making a mockery of the whole OAuth >> thing. >> > >> > > > >> On Feb 4, 6:35 pm, Abraham Williams <[email protected]> wrote: >> > > > >> > I poked around Seesmic Look a little and this is what I found: >> > > > >> >> http://the.hackerconundrum.com/2010/02/sneak-peek-at-twitters-browser. >> > > .. >> > >> > > > >> > Abraham >> > >> > > > >> > On Thu, Feb 4, 2010 at 14:24, Dewald Pretorius < >> [email protected]> >> > > > >> wrote: >> > > > >> > > Zach, >> > >> > > > >> > > There's a soon to be published API method where you can >> silently >> > > get >> > > > >> > > the OAuth tokens when you have the account's Twitter username >> and >> > > > >> > > password, meaning the user does not experience any of the >> normal >> > > OAuth >> > > > >> > > flow. >> > >> > > > >> > > I presume that Seesmic just got early access to that method. >> > >> > > > >> > > So, in this case, user-to-app requires Basic Auth >> credentials, but >> > > > >> app- >> > > > >> > > to-Twitter uses OAuth once the app has obtained the tokens >> with >> > > the >> > > > >> > > new method. >> > >> > > > >> > > On Feb 4, 4:21 pm, Zac Bowling <[email protected]> wrote: >> > > > >> > > > Yes, what magic is this? >> > >> > > > >> > > > I'm confused. It takes username and password but then uses >> > > OAuth? >> > >> > > > >> > > > I wonder if they are injecting the username/password into >> the >> > > OAuth >> > > > >> form >> > > > >> > > on >> > > > >> > > > the page. >> > >> > > > >> > > > Twitter should really randomize that page or require >> captcha or >> > > > >> > > something. >> > >> > > > >> > > > Zac Bowling >> > >> > > > >> > > > On Wed, Feb 3, 2010 at 11:43 AM, Dewald Pretorius < >> > > [email protected] >> > >> > > > >> > > wrote: >> > > > >> > > > > Raffi, >> > >> > > > >> > > > > Have you tried it? There is no OAuth flow. I.e., the user >> > > types in >> > > > >> his >> > > > >> > > > > Twitter username and password. That's it. >> > >> > > > >> > > > > If it is indeed using OAuth, does that mean that the >> > > background >> > > > >> > > > > requesting of tokens when you have the Twitter >> credentials is >> > > now >> > > > >> > > > > available? Meaning, I can also now use it to convert all >> > > existing >> > > > >> > > > > Twitter accounts to OAuth in one fell swoop? >> > >> > > > >> > > > > On Feb 3, 3:02 pm, Raffi Krikorian <[email protected]> >> wrote: >> > > > >> > > > > > seesmic look, i believe, is using oauth talking to >> > > > >> api.twitter.com. >> > >> > > > >> > > > > > On Tue, Feb 2, 2010 at 8:09 PM, Dewald Pretorius < >> > > > >> [email protected]> >> > > > >> > > > > wrote: >> > > > >> > > > > > > Raffi, >> > >> > > > >> > > > > > > What's going on here? >> > >> > > > >> > > > > > > Your credibility is at stake here. You've been >> telling us >> > > in >> > > > >> many >> > > > >> > > > > > > posts that new apps must use OAuth to get a source >> > > > >> attribution, and >> > > > >> > > > > > > only old grandfathered apps have source attribution >> with >> > > Basic >> > > > >> > > Auth. >> > >> > > > >> > > > > > > On Feb 2, 11:18 pm, Dewald Pretorius < >> [email protected]> >> > > > >> wrote: >> > > > >> > > > > > > > At first I thought they must have changed the old >> > > Seesmic >> > > > >> source >> > > > >> > > to >> > > > >> > > > > > > > Seesmic Look. >> > >> > > > >> > > > > > > > But no. >> > >> > > > >> > > > > > > > Here's a recent tweet from Seesmic: >> > > > >> > > > > > >http://twitter.com/CathyBrooks/status/8570217879 >> > >> > > > >> > > > > > > > And here's a recent one from Seesmic Look: >> > > > >> > > > > > >http://twitter.com/adamse/status/8565271563 >> > >> > > > >> > > > > > > > Seesmic Look uses Basic Auth. >> > >> > > > >> > > > > > > > Does anyone else spot Mt Everest on this level >> playing >> > > field >> > > > >> of >> > > > >> > > ours? >> > >> > > > >> > > > > > > > On Feb 2, 10:41 pm, Pedro Junior < >> > > [email protected]> >> > > > >> wrote: >> > >> > > > >> > > > > > > > > *Seesmic Look is old? >> > > > >> > > > > > > > > * >> > > > >> > > > > > > > > - >> > > > >> > > > > > > > > Pedro Junior >> > >> > > > >> > > > > > > > > 2010/2/2 Lukas Müller <[email protected] >> > >> > >> > > > >> > > > > > > > > > Only old apps can do this. New apps cannot use >> it. >> > >> > > > >> > > > > > -- >> > > > >> > > > > > Raffi Krikorian >> > > > >> > > > > > Twitter Platform Teamhttp://twitter.com/raffi >> > >> > > > >> > -- >> > > > >> > Abraham Williams | Community Advocate |http://abrah.am >> > > > >> > Project | Out Loud |http://outloud.labs.poseurtech.com >> > > > >> > This email is: [ ] shareable [x] ask first [ ] private. >> > > > >> > Sent from Seattle, WA, United States >> > >> > > > > -- >> > > > > Abraham Williams | Community Advocate |http://abrah.am >> > > > > Project | Out Loud |http://outloud.labs.poseurtech.com >> > > > > This email is: [ ] shareable [x] ask first [ ] private. >> > > > > Sent from Seattle, WA, United States >> > >> > > > -- >> > > > Raffi Krikorian >> > > > Twitter Platform Teamhttp://twitter.com/raffi >> > >> > -- >> > Raffi Krikorian >> > Twitter Platform Teamhttp://twitter.com/raffi >> > > -- Raffi Krikorian Twitter Platform Team http://twitter.com/raffi
