Twitter has been great responding to XAuth application requests, and helping developers implement their API. I suspect with all the OAuth integration work coming to a head, and the annotations hack fest going on this weekend, your request may have just fallen through a crack.
On May 30, 7:57 pm, Jann Gobble <janngob...@gmail.com> wrote: > Thanks! > > For now I have implemented xAuth (even though it does not work) by using > examples and what I expect. BUT I have hidden the Twitter button on my app > until xAuth is approved and I can fully test. > > The one thing Twitter does NOT need right now is app developers leaving them > in the dust because they make it too hard to implement their protocols. We > will see how my user base handles *not* having Twitter along side the other > social networks in my app (until I get approved). My guess is that they will > choose to post to their FB Wall instead. > > We will see. > > Jann > > On May 30, 2010, at 5:00 PM, Ron wrote: > > > > > XAuth is is the right choice for an end-user client app and > > satisfactorily resolves the UX issues in client applications that > > OAuth creates. Unfortunately, many web-app developers simply don't > > know enough about end-user client app development to understand these > > UX issues, or why end-user client application trust is neither an > > issue that needs addressing nor one that OAuth can (nor even attempts > > to) address. > > > It shouldn't take more than a week or two to get your authorization > > from Twitter to use XAuth if you're applying for a client app. > > > On May 30, 1:40 pm, Bernd Stramm <bernd.str...@gmail.com> wrote: > >> On Sun, 30 May 2010 11:14:54 -0700 > > >> Abraham Williams <4bra...@gmail.com> wrote: > >>> On Sun, May 30, 2010 at 11:01, Bernd Stramm <bernd.str...@gmail.com> > >>> wrote: > > >>>> The user does trust the app, otherwise they would not be using it. > >>>> The problem with the scheme of using the app *and* a browser is > >>>> that the user has to trust *both* of them. > > >>>> And if they don't trust the app, why are they using it to post their > >>>> tweets? > > >>> Trust is not a boolean value. There are levels of it. I trust my > >>> mobile browser to not take over my Twitter account but I only trust > >>> random new Twitter client to not post spam. If the Twitter client > >>> breaks my trust it is easy to revoke access to it. > > >> Is it easy for most users? The authentication token doesn't expire, so > >> an application (any application, not just desktop/mobile client) can do > >> what it wants for quite a while. > > >> You should be careful with trusting browsers, mobile or otherwise. They > >> are very leaky. > > >> And my point remains, when using a browser *and* a standalone client, > >> the user trusts both of them. From the point of view of the honest > >> application developer, I do not want to assume that another application > >> (the browser) which is completely unknown to me, is trustworthy. Hence > >> I prefer the solution with the small integrated webview in my > >> application. > > >> But also, what do people to with their twitter account that needs > >> protecting, other than posting messages and media content? And of > >> course giving away great data to the data miners. > > >> A lot of this authentication business misses the easiest intrusion > >> vector anyway. People will steal your phone, and have access to > >> everything you store on it. Including any authentication for serious > >> business. Nevermind trusting the standalone app or the browser, the > >> entire system is easily compromised if its stolen. > > >> -- > >> Bernd Stramm > >> <bernd.str...@gmail.com>
