Good point.

I'll considering encouraging it by default by presenting it that way. I
certainly prefer it over https.

A gating issue are design choices in many OAuth libraries where a base URL
is utilized for both authorization steps and resource requests. If the base
URL is https, then that bleeds to all resource requests, which often aren't
necessary over HTTPs.

I much prefer OAuth libraries that don't make any base URL considerations,
requiring request_token, access_token, authorization, and resource requests
all to be addressed by explicit URLs.

Taylor

On Thu, Mar 4, 2010 at 8:57 AM, Jaanus <jaa...@gmail.com> wrote:

> Is there a reason why the OAuth URL in the api wiki could not be HTTPS
> by default? Why would you want to recommend HTTP over HTTPS? (I know
> that OAuth was designed to be safe over HTTP, immune against man-in-
> the-middle and all, but HTTPS just gives me a warm and fuzzy feel. ;)
>
>
> rgds,
> Jaanus
>
>
> On Mar 4, 10:18 am, Thomas Woolway <tswool...@gmail.com> wrote:
> > It's good to know that this is the recommended URI root for OAuth. Any
> > chance of getting the docs (
> http://apiwiki.twitter.com/Twitter-REST-API-Method:-oauth-access_tokenetc)
> > updated to help out newcomers? Also, it might be worth adding a big NB
> that
> > those resources aren't versioned - it's one of those things that is quite
> > easy to miss.
> >
> > Cheers,
> >
> > Tom
> >
> >
> >
> > On Wed, Mar 3, 2010 at 3:26 PM, Scott Wilcox <sc...@tig.gr> wrote:
> > > Zhami,
> >
> > > I'd go withhttps://api.twitter.com/1
> >
> > > Scott.
> >
> > > On 3 Mar 2010, at 15:02, Zhami wrote:
> >
> > > > What is the correct API end-point for OAuth authenticated,
> > > > *documented* API calls?
> >
> > > > http(s)://twitter.com
> >
> > > > http(s)://api.twitter.com
> >
> > > > http(s)://api.twitter.com/1
>

Reply via email to