yegle wrote:
Basically, a API proxy script works as a middleman between twitter and
twitter client, little like man-in-the-middle attack.It's possible to
do this if the authentication is made in HTTP basic auth.But there is
no way to do the same thing with OAuth. The base string of an OAuth
request contains the domain of the HTTP request, so all client
developers modify their code if they want to suite the need of API

This is really a disaster for all Chinese twitter users.
Read Raffi's post from a few hours ago entitled "What's up with OAuth?" where he describes xAuth. Also, look at the OAuth WRAP draft specification, which defines something very similar to xAuth. In the (near) future, Twitter-approved applications will be able to get OAuth authorized with just the user's username and password, without forcing the user to visit the Twitter website. After they are authorized, they can proxy their requests like before. The proxies will undoubtedly need to be modified, but the modifications will not be too bad.

- Brian

Reply via email to