Ok, so I'm a bit out of the loop so I've been doing a lot of catching
up on oAuth Echo starting with

Scenario is large number of Twitter clients accessing media upload api
for our site service along with end-users sharing via browser.

I understand June 2010 is the cutoff for basic auth.  Some sites may
be provided with xAuth on a limited basis in regards to "moving
everybody off basic authentication, we originally envisioned this as a
mechanism for developers to exchange all the username
and passwords they have in their databases for OAuth tokens en masse."

Still trying to wrap my head around oAuth Echo.  From what I
understand, delegation from a Twitter app like TweetDeck (for example)
would pass its oAuth access tokens to our site to pass to Twitter.

A few questions:

- xAuth seems straight-forward if granted temporary access.  I assume
these tokens are the same as if the end-user went through the normal
oAuth process in a browser?  New users to the 3rd party web site would
be using oAuth.

- Typically if a user is sharing a media file through our site and
they are NOT registered (no account in our system) and have never
logged in using oAuth on our site, we create an account for them.  Can
we store the access tokens from an external app when we create their
account?  If so, would there be a conflict if an event occurs in which
we post a status update on their behalf without the delegation in the
header?  Or is it a one-time use thing?

- Once the user visits our site and logs into Twitter using oAuth,
we'll store those tokens.  Is it best practice to use those whenever
the same user shares a media file through an external app or should
the delegated tokens always be used?

- Finally, while Twitter may be depreciating basic auth and everyone
(if they haven't already) will be using oAuth, is there a plan for
users who use 3rd party Twitter apps for mobile devices that HAVE NOT
upgraded to the latest version yet?  Although xAuth is geared towards
desktop and mobile apps, there may be quite a few users who have not
upgraded their app trying to either use it or share media with it
through sites like ours.


I did notice that on this page http://apiwiki.twitter.com/Authentication,
its confusing as to whether or not basic auth will be completely
depreciated.  If it will be, someone should update it as its

Thanks in advance!


To unsubscribe, reply using "remove me" as the subject.

Reply via email to