what i would do (with that caveat that i'm speaking as myself and not
necessarily as a twitter employee ;P):

make a proxy that uses xauth - you could still ask for a username/password,
use xauth to do the exchange with twitter, and then proxy the basic auth to
oauth.   the caveat is that i stated that xauth will not be allowed for "web
applications", but i can think of a few creative ways around that.

alternatively, assuming that your proxy can still see twitter.com (it is
positioned somewhere where the DNS isn't poisoned), then there is nothing
preventing that proxy from doing the oauth web workflow on behalf of the
user.  definitely not kosher, and may not scale...

On Fri, Feb 12, 2010 at 3:40 AM, yegle <cnye...@gmail.com> wrote:

> I read the WRAP draft. I have to say that it's much simpler than OAuth
> 1.0a.
> It doesn't need too much modification to twitter client to support API
> proxy, if xauth is widely available.
>
> Thank you all for your replies and concerns :-)
>
>
> On Feb 12, 7:04 pm, yegle <cnye...@gmail.com> wrote:
> > Oh yes I forgot that HTTP proxy resolves the domain name at server
> > side :-)
> >
> > On Feb 12, 6:18 pm, Harshad RJ <harshad...@gmail.com> wrote:
> >
> >
> >
> >
> >
> >
> >
> > > On Fri, Feb 12, 2010 at 12:17 PM, yegle <cnye...@gmail.com> wrote:
> > > > Nope, it doesn't work :-(
> > > > All DNS queries to twitter.com inside China is poisoned and all
> > > > twitter's available IP is blocked.
> >
> > > Oh btw, I meant HTTPS proxies that sit outside the firewall.
> >
> > > I assume that DNS queries for twitter.com would be run by the proxy
> server
> > > and not the client. (Tried to RTFM but still not very familiar with the
> > > protocol)
> >
> > > --
> > > Harshad RJhttp://hrj.wikidot.com
>



-- 
Raffi Krikorian
Twitter Platform Team
http://twitter.com/raffi

Reply via email to