Good point. I'll considering encouraging it by default by presenting it that way. I certainly prefer it over https.
A gating issue are design choices in many OAuth libraries where a base URL is utilized for both authorization steps and resource requests. If the base URL is https, then that bleeds to all resource requests, which often aren't necessary over HTTPs. I much prefer OAuth libraries that don't make any base URL considerations, requiring request_token, access_token, authorization, and resource requests all to be addressed by explicit URLs. Taylor On Thu, Mar 4, 2010 at 8:57 AM, Jaanus <jaa...@gmail.com> wrote: > Is there a reason why the OAuth URL in the api wiki could not be HTTPS > by default? Why would you want to recommend HTTP over HTTPS? (I know > that OAuth was designed to be safe over HTTP, immune against man-in- > the-middle and all, but HTTPS just gives me a warm and fuzzy feel. ;) > > > rgds, > Jaanus > > > On Mar 4, 10:18 am, Thomas Woolway <tswool...@gmail.com> wrote: > > It's good to know that this is the recommended URI root for OAuth. Any > > chance of getting the docs ( > http://apiwiki.twitter.com/Twitter-REST-API-Method:-oauth-access_tokenetc) > > updated to help out newcomers? Also, it might be worth adding a big NB > that > > those resources aren't versioned - it's one of those things that is quite > > easy to miss. > > > > Cheers, > > > > Tom > > > > > > > > On Wed, Mar 3, 2010 at 3:26 PM, Scott Wilcox <sc...@tig.gr> wrote: > > > Zhami, > > > > > I'd go withhttps://api.twitter.com/1 > > > > > Scott. > > > > > On 3 Mar 2010, at 15:02, Zhami wrote: > > > > > > What is the correct API end-point for OAuth authenticated, > > > > *documented* API calls? > > > > > > http(s)://twitter.com > > > > > > http(s)://api.twitter.com > > > > > > http(s)://api.twitter.com/1 >