On 8/12/10 3:07 AM, ERenken wrote:
> Does the token ever expire?
> Eric
> On Aug 11, 9:38 am, Taylor Singletary <taylorsinglet...@twitter.com>
> wrote:
>> One implementation option you have is to build only the portions of OAuth
>> that you need to meet your goals. On dev.twitter.com we provide a feature
>> that allows you to retrieve the access token for your own account, owning
>> the application. You would then hard code this access token and your API
>> keys within your device (with best effort security).
>> The migration from basic auth isn't an issue of protecting from
>> man-in-the-middle attacks (such that SSL would prevent) but more of an issue
>> with applications having access to Twitter usernames and passwords. There
>> are many people who use the same passwords across multiple sites, so the
>> security risk of supporting basic auth does not stop at Twitter.
>> TaylorOn Wed, Aug 11, 2010 at 9:30 AM, ERenken <eren...@gmail.com> wrote:
>>> So how can I use OAuth on a hardware device we are creating that
>>> doesn't have a UI?  Can I share the key between all the devices?  This
>>> is only twittering to 1 account that we have created.  Seems like
>>> OAuth is going to make stuff like this harder for people to develope.
>>> Seems like it would have just bee easier for security if you would
>>> have added HTTPS and left basic auth.  At least for embedded devices
>>> so they could send tweets.

As a reply to my previous e-mail: Your question is listed on the FAQ :-)



Reply via email to