Hi all,

I'm currently writing a web app that interfaces with Twitter - I won't
bore you with the details, but suffice to say that this app is
designed to be installed on individual users' web servers, and uses
read-only access to the Twitter API to perform a few useful functions.

Up until this week I was using Basic Auth, and the time has now come
for me to move the app over to OAuth. However, I'm a bit confused as
to which OAuth method would be most suitable for my app.

Here are a couple of constraints: 1) The app may end up being
installed on a non-public-facing server, so the use of callback URLs
might be a bit difficult. 2) The most straightforward flow in my mind
would be if users could enter their username/password (or some other
kind of auth token) in the app's config file (which suggests using
xAuth to me, from a reading of the docs).

The desktop Twitter clients I use seem to have no problem taking/
storing a username and password and converting that into an OAuth
transaction. Would they be using xAuth?

Basically I'm open to advice as to which OAuth method I should be
considering for this app. I want to make things as secure/
straightforward as possible for the user while ensuring that the app
will work in a variety of environments (including private servers that
can't receive callbacks).

Any thoughts or tips as to how I could achieve this would be hugely
appreciated. Thanks for reading,


Reply via email to