twitpic will not have to ask for usernames and passwords anymore, nor will
users have to actually authorize twitpic (as twitpic is not doing anything
on their behalf -- it is just confirming their identity).

i think this is a "good thing".

On Tue, Feb 9, 2010 at 11:26 PM, Jesse Stay <jesses...@gmail.com> wrote:

> So am I understanding this correctly that this means TwitPic won't have to
> ask for the user's Twitter username and Password any more and will instead
> be able to use OAuth and still provide an API to their users?  I'm trying to
> figure out if this is encouraging the use of the username and password or
> discouraging it.
>
>
> On Tue, Feb 9, 2010 at 4:08 PM, raffi <ra...@twitter.com> wrote:
>
>> hi - i'm still a bit behind, but i've posted a sample workflow of how
>> identity delegation may work in oauth - this is definitely a RFC, so
>> please feel free to comment.
>>
>> http://mehack.com/a-proposal-for-delegation-in-oauth-identity-v
>>
>> On Feb 4, 6:33 pm, Raffi Krikorian <ra...@twitter.com> wrote:
>> > i'll be posting our proposal for "oauth delegation" soon as a RFC.
>> >
>> >
>> >
>> >
>> >
>> > On Thu, Feb 4, 2010 at 3:41 PM, Greg <gregory.av...@gmail.com> wrote:
>> > > However - will we ever see the ability for 3rd party applications to
>> > > talk to eachother using oAuth tokens? For example a custom twitter
>> > > oAuth application using TwitPic to publish photos?
>> >
>> > > On Feb 4, 6:26 pm, Raffi Krikorian <ra...@twitter.com> wrote:
>> > > > totally.
>> >
>> > > > On Thu, Feb 4, 2010 at 3:23 PM, Abraham Williams <4bra...@gmail.com
>> >
>> > > wrote:
>> > > > > I would imagine that Twitter will require SSL for xAuth calls.
>> >
>> > > > > Abraham
>> >
>> > > > > On Thu, Feb 4, 2010 at 14:44, Dewald Pretorius <dpr...@gmail.com>
>> > > wrote:
>> >
>> > > > >> Interesting, Abraham.
>> >
>> > > > >> Don't we ever need OAuth Wrap, otherwise that x-auth-password
>> will be
>> > > > >> sent in clear text, kind of making a mockery of the whole OAuth
>> thing.
>> >
>> > > > >> On Feb 4, 6:35 pm, Abraham Williams <4bra...@gmail.com> wrote:
>> > > > >> > I poked around Seesmic Look a little and this is what I found:
>> > > > >>
>> http://the.hackerconundrum.com/2010/02/sneak-peek-at-twitters-browser.
>> > > ..
>> >
>> > > > >> > Abraham
>> >
>> > > > >> > On Thu, Feb 4, 2010 at 14:24, Dewald Pretorius <
>> dpr...@gmail.com>
>> > > > >> wrote:
>> > > > >> > > Zach,
>> >
>> > > > >> > > There's a soon to be published API method where you can
>> silently
>> > > get
>> > > > >> > > the OAuth tokens when you have the account's Twitter username
>> and
>> > > > >> > > password, meaning the user does not experience any of the
>> normal
>> > > OAuth
>> > > > >> > > flow.
>> >
>> > > > >> > > I presume that Seesmic just got early access to that method.
>> >
>> > > > >> > > So, in this case, user-to-app requires Basic Auth
>> credentials, but
>> > > > >> app-
>> > > > >> > > to-Twitter uses OAuth once the app has obtained the tokens
>> with
>> > > the
>> > > > >> > > new method.
>> >
>> > > > >> > > On Feb 4, 4:21 pm, Zac Bowling <zbowl...@gmail.com> wrote:
>> > > > >> > > > Yes, what magic is this?
>> >
>> > > > >> > > > I'm confused. It takes username and password but then uses
>> > > OAuth?
>> >
>> > > > >> > > > I wonder if they are injecting the username/password into
>> the
>> > > OAuth
>> > > > >> form
>> > > > >> > > on
>> > > > >> > > > the page.
>> >
>> > > > >> > > > Twitter should really randomize that page or require
>> captcha or
>> > > > >> > > something.
>> >
>> > > > >> > > > Zac Bowling
>> >
>> > > > >> > > > On Wed, Feb 3, 2010 at 11:43 AM, Dewald Pretorius <
>> > > dpr...@gmail.com
>> >
>> > > > >> > > wrote:
>> > > > >> > > > > Raffi,
>> >
>> > > > >> > > > > Have you tried it? There is no OAuth flow. I.e., the user
>> > > types in
>> > > > >> his
>> > > > >> > > > > Twitter username and password. That's it.
>> >
>> > > > >> > > > > If it is indeed using OAuth, does that mean that the
>> > > background
>> > > > >> > > > > requesting of tokens when you have the Twitter
>> credentials is
>> > > now
>> > > > >> > > > > available? Meaning, I can also now use it to convert all
>> > > existing
>> > > > >> > > > > Twitter accounts to OAuth in one fell swoop?
>> >
>> > > > >> > > > > On Feb 3, 3:02 pm, Raffi Krikorian <ra...@twitter.com>
>> wrote:
>> > > > >> > > > > > seesmic look, i believe, is using oauth talking to
>> > > > >> api.twitter.com.
>> >
>> > > > >> > > > > > On Tue, Feb 2, 2010 at 8:09 PM, Dewald Pretorius <
>> > > > >> dpr...@gmail.com>
>> > > > >> > > > > wrote:
>> > > > >> > > > > > > Raffi,
>> >
>> > > > >> > > > > > > What's going on here?
>> >
>> > > > >> > > > > > > Your credibility is at stake here. You've been
>> telling us
>> > > in
>> > > > >> many
>> > > > >> > > > > > > posts that new apps must use OAuth to get a source
>> > > > >> attribution, and
>> > > > >> > > > > > > only old grandfathered apps have source attribution
>> with
>> > > Basic
>> > > > >> > > Auth.
>> >
>> > > > >> > > > > > > On Feb 2, 11:18 pm, Dewald Pretorius <
>> dpr...@gmail.com>
>> > > > >> wrote:
>> > > > >> > > > > > > > At first I thought they must have changed the old
>> > > Seesmic
>> > > > >> source
>> > > > >> > > to
>> > > > >> > > > > > > > Seesmic Look.
>> >
>> > > > >> > > > > > > > But no.
>> >
>> > > > >> > > > > > > > Here's a recent tweet from Seesmic:
>> > > > >> > > > > > >http://twitter.com/CathyBrooks/status/8570217879
>> >
>> > > > >> > > > > > > > And here's a recent one from Seesmic Look:
>> > > > >> > > > > > >http://twitter.com/adamse/status/8565271563
>> >
>> > > > >> > > > > > > > Seesmic Look uses Basic Auth.
>> >
>> > > > >> > > > > > > > Does anyone else spot Mt Everest on this level
>> playing
>> > > field
>> > > > >> of
>> > > > >> > > ours?
>> >
>> > > > >> > > > > > > > On Feb 2, 10:41 pm, Pedro Junior <
>> > > v.ju.ni.o...@gmail.com>
>> > > > >> wrote:
>> >
>> > > > >> > > > > > > > > *Seesmic Look is old?
>> > > > >> > > > > > > > > *
>> > > > >> > > > > > > > > -
>> > > > >> > > > > > > > > Pedro Junior
>> >
>> > > > >> > > > > > > > > 2010/2/2 Lukas Müller <webmas...@muellerlukas.de
>> >
>> >
>> > > > >> > > > > > > > > > Only old apps can do this. New apps cannot use
>> it.
>> >
>> > > > >> > > > > > --
>> > > > >> > > > > > Raffi Krikorian
>> > > > >> > > > > > Twitter Platform Teamhttp://twitter.com/raffi
>> >
>> > > > >> > --
>> > > > >> > Abraham Williams | Community Advocate |http://abrah.am
>> > > > >> > Project | Out Loud |http://outloud.labs.poseurtech.com
>> > > > >> > This email is: [ ] shareable [x] ask first [ ] private.
>> > > > >> > Sent from Seattle, WA, United States
>> >
>> > > > > --
>> > > > > Abraham Williams | Community Advocate |http://abrah.am
>> > > > > Project | Out Loud |http://outloud.labs.poseurtech.com
>> > > > > This email is: [ ] shareable [x] ask first [ ] private.
>> > > > > Sent from Seattle, WA, United States
>> >
>> > > > --
>> > > > Raffi Krikorian
>> > > > Twitter Platform Teamhttp://twitter.com/raffi
>> >
>> > --
>> > Raffi Krikorian
>> > Twitter Platform Teamhttp://twitter.com/raffi
>>
>
>


-- 
Raffi Krikorian
Twitter Platform Team
http://twitter.com/raffi

Reply via email to