Hi, I have read the xAuth page on apiwiki.twitter.com (http:// dev.twitter.com/pages/xauth) so I understand that xAuth is for desktop/ mobile application which the standard web OAuth flow or PIN-code out- of-band flow is not right for. I respect Twitter's policy but I am wondering if Twitter can help since we bumped into a very special case which can't be resolved without xAuth grant for background processor which is not desktop/mobile application.
(I don't really feel comfortable to describe all our services in detail here in public forum but let me try. Please let me know if this is too vague and you can't really understand what I am saying. I can send an email with more detailed info.) We are developing a service which helps twitter users to communicate within their group. Members use their own Twitter account to sign in our service and they can create groups, which are related to another Twitter account. So all of our authorization is done using Twitter accounts. When members want to create a group they should sign in using their own Twitter account first and create a group and authorize our service to access group Twitter account for background processing on our server. Our background processor will monitor activities of group account and report them to the master, someone who created the group. Also masters should be able to change screen name, bio, and profile image of group Twitter account. All the processing for group twitter account will be done by background processor on our server. - Web client (web oAuth): members sign in using their own Twitter account to read timeline, send/receive dm and tweet. (So we need access token/key for member Twitter account) - mobile/desktop client (xAuth): members sign in using their own Twitter account to read timeline, send/receive dm and tweet. (So we need access token/key for member Twitter account) - Background processor (????): works on the behalf of group Twitter account. (So we need access token/key for group Twitter account) My team was wondering how members authorize our background processor to access their other Twitter account which is a group account. After long discussion and test, we reached the conclusion that it can't be done without xAuth for background processor. 1) We need to get authorization for our background processor from members to access group Twitter account. So we need to register our background processor as Twitter application, which should use oAuth as default. 2) We already have xAuth granted by Twitter for our desktop/mobile application but this is for our clients only, not for our background processor. So members can't authorize our background processor to access group Twitter account in desktop/mobile application. That's a violation against Twitter policy. 3) With xAuth for our background processor, members can authorize it to access group Twitter account in desktop/mobile application. Without it? I'm lost. Can you please help? Thanks, -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en