Would appreciate any feedback or thoughts on this.
On Apr 13, 3:03 pm, YCBM <youcannotb...@gmail.com> wrote: > Ok, so I'm a bit out of the loop so I've been doing a lot of catching > up on oAuth Echo starting > withhttp://groups.google.com/group/twitter-development-talk/browse_thread.... > > Scenario is large number of Twitter clients accessing media upload api > for our site service along with end-users sharing via browser. > > I understand June 2010 is the cutoff for basic auth. Some sites may > be provided with xAuth on a limited basis in regards to "moving > everybody off basic authentication, we originally envisioned this as a > mechanism for developers to exchange all the username > and passwords they have in their databases for OAuth tokens en masse." > > Still trying to wrap my head around oAuth Echo. From what I > understand, delegation from a Twitter app like TweetDeck (for example) > would pass its oAuth access tokens to our site to pass to Twitter. > > A few questions: > > - xAuth seems straight-forward if granted temporary access. I assume > these tokens are the same as if the end-user went through the normal > oAuth process in a browser? New users to the 3rd party web site would > be using oAuth. > > - Typically if a user is sharing a media file through our site and > they are NOT registered (no account in our system) and have never > logged in using oAuth on our site, we create an account for them. Can > we store the access tokens from an external app when we create their > account? If so, would there be a conflict if an event occurs in which > we post a status update on their behalf without the delegation in the > header? Or is it a one-time use thing? > > - Once the user visits our site and logs into Twitter using oAuth, > we'll store those tokens. Is it best practice to use those whenever > the same user shares a media file through an external app or should > the delegated tokens always be used? > > - Finally, while Twitter may be depreciating basic auth and everyone > (if they haven't already) will be using oAuth, is there a plan for > users who use 3rd party Twitter apps for mobile devices that HAVE NOT > upgraded to the latest version yet? Although xAuth is geared towards > desktop and mobile apps, there may be quite a few users who have not > upgraded their app trying to either use it or share media with it > through sites like ours. > > - > > I did notice that on this pagehttp://apiwiki.twitter.com/Authentication, > its confusing as to whether or not basic auth will be completely > depreciated. If it will be, someone should update it as its > misleading. > > Thanks in advance! > > Best, > Y.