Hi Jonathon,

For Streaming API access that isn't from the perspective of a user's
account, you would use two-legged OAuth to establish authentication instead
of basic auth.

A two-legged OAuth request is very similar to other OAuth requests: you have
a specific resource you are trying to access, you have some parameters you
want to pass to that resource, and you have an OAuth consumer key and OAuth
consumer secret. Which is unlike three-legged OAuth where you also have
oauth_tokens representing either a user/access_token or a request token in
addition to the rest.

But the rules remain the same. You take all the OAuth parameters and the
parameters you are sending to the resource, organize them, build a signature
base string, then sign that with your consumer secret and send the request
on to Twitter properly signed. The only difference is that there is no
oauth_token and oauth_token_secret getting involved in the mix.

This is essentially what a two-legged request to the streaming API would
look like:

Signature Base String


Authorization Header
OAuth oauth_nonce="SJJqJPdaZrYuIogToapS6ueJRyWB4Rs2ox4HEbu4nW8",
oauth_signature_method="HMAC-SHA1", oauth_timestamp="1271783743",
oauth_signature="Xi5jfuw2XqtU5KpNX9ZCtTptJS0%3D", oauth_version="1.0"

Taylor Singletary
Developer Advocate, Twitter

On Tue, Apr 20, 2010 at 10:05 AM, Jonathon Hill <jhill9...@gmail.com> wrote:

> One thing I meant to find out @chirp last week--what will oauth look
> like for the Streaming API? I'm having a hard time visualizing how
> that will work.
> Thanks,
> Jonathon Hill
> @compwright
> Company52
> http://company52.com
> --
> Subscription settings:
> http://groups.google.com/group/twitter-development-talk/subscribe?hl=en

Reply via email to