On 8/12/10 3:07 AM, ERenken wrote: > Does the token ever expire? > > Eric > > On Aug 11, 9:38 am, Taylor Singletary <taylorsinglet...@twitter.com> > wrote: >> One implementation option you have is to build only the portions of OAuth >> that you need to meet your goals. On dev.twitter.com we provide a feature >> that allows you to retrieve the access token for your own account, owning >> the application. You would then hard code this access token and your API >> keys within your device (with best effort security). >> >> The migration from basic auth isn't an issue of protecting from >> man-in-the-middle attacks (such that SSL would prevent) but more of an issue >> with applications having access to Twitter usernames and passwords. There >> are many people who use the same passwords across multiple sites, so the >> security risk of supporting basic auth does not stop at Twitter. >> >> TaylorOn Wed, Aug 11, 2010 at 9:30 AM, ERenken <eren...@gmail.com> wrote: >>> So how can I use OAuth on a hardware device we are creating that >>> doesn't have a UI? Can I share the key between all the devices? This >>> is only twittering to 1 account that we have created. Seems like >>> OAuth is going to make stuff like this harder for people to develope. >>> Seems like it would have just bee easier for security if you would >>> have added HTTPS and left basic auth. At least for embedded devices >>> so they could send tweets.
As a reply to my previous e-mail: Your question is listed on the FAQ :-) http://dev.twitter.com/pages/oauth_faq Tom