On 8/12/10 3:07 AM, ERenken wrote: > Does the token ever expire? > > Eric > > On Aug 11, 9:38 am, Taylor Singletary <[email protected]> > wrote: >> One implementation option you have is to build only the portions of OAuth >> that you need to meet your goals. On dev.twitter.com we provide a feature >> that allows you to retrieve the access token for your own account, owning >> the application. You would then hard code this access token and your API >> keys within your device (with best effort security). >> >> The migration from basic auth isn't an issue of protecting from >> man-in-the-middle attacks (such that SSL would prevent) but more of an issue >> with applications having access to Twitter usernames and passwords. There >> are many people who use the same passwords across multiple sites, so the >> security risk of supporting basic auth does not stop at Twitter. >> >> TaylorOn Wed, Aug 11, 2010 at 9:30 AM, ERenken <[email protected]> wrote: >>> So how can I use OAuth on a hardware device we are creating that >>> doesn't have a UI? Can I share the key between all the devices? This >>> is only twittering to 1 account that we have created. Seems like >>> OAuth is going to make stuff like this harder for people to develope. >>> Seems like it would have just bee easier for security if you would >>> have added HTTPS and left basic auth. At least for embedded devices >>> so they could send tweets.
Currently, no. However, somewhere in the documentation it states that this may be changed in the future. Tom
