Hi Brian, Thank you, I just noticed the new OAuth specification. I'll read the specification first and see if there is any workaround available :-)
On Feb 12, 5:40 pm, Brian Smith <br...@briansmith.org> wrote: > yegle wrote: > > Basically, a API proxy script works as a middleman between twitter and > > twitter client, little like man-in-the-middle attack.It's possible to > > do this if the authentication is made in HTTP basic auth.But there is > > no way to do the same thing with OAuth. The base string of an OAuth > > request contains the domain of the HTTP request, so all client > > developers modify their code if they want to suite the need of API > > proxy. > > > This is really a disaster for all Chinese twitter users. > > Read Raffi's post from a few hours ago entitled "What's up with OAuth?" > where he describes xAuth. Also, look at the OAuth WRAP draft > specification, which defines something very similar to xAuth. In the > (near) future, Twitter-approved applications will be able to get OAuth > authorized with just the user's username and password, without forcing > the user to visit the Twitter website. After they are authorized, they > can proxy their requests like before. The proxies will undoubtedly need > to be modified, but the modifications will not be too bad. > > - Brian
