Hi,

I have read the xAuth page on apiwiki.twitter.com (http://
dev.twitter.com/pages/xauth) so I understand that xAuth is for desktop/
mobile application which the standard web OAuth flow or PIN-code out-
of-band flow is not right for. I respect Twitter's policy but I am
wondering if Twitter can help since we bumped into a very special case
which can't be resolved without xAuth grant for background processor
which is not desktop/mobile application.

(I don't really feel comfortable to describe all our services in
detail here in public forum but let me try. Please let me know if this
is too vague and you can't really understand what I am saying. I can
send an email with more detailed info.)

We are developing a service which helps twitter users to communicate
within their group. Members use their own Twitter account to sign in
our service and they can create groups, which are related to another
Twitter account. So all of our authorization is done using Twitter
accounts.

When members want to create a group they should sign in using their
own Twitter account first and create a group and authorize our service
to access group Twitter account for background processing on our
server. Our background processor will monitor activities of group
account and report them to the master, someone who created the group.
Also masters should be able to change screen name, bio, and profile
image of group Twitter account. All the processing for group twitter
account will be done by background processor on our server.

- Web client (web oAuth): members sign in using their own Twitter
account to read timeline, send/receive dm and tweet. (So we need
access token/key for member Twitter account)

- mobile/desktop client (xAuth): members sign in using their own
Twitter account to read timeline, send/receive dm and tweet. (So we
need access token/key for member Twitter account)

- Background processor (????): works on the behalf of group Twitter
account. (So we need access token/key for group Twitter account)

My team was wondering how members authorize our background processor
to access their other Twitter account which is a group account. After
long discussion and test, we reached the conclusion that it can't be
done without xAuth for background processor.

1) We need to get authorization for our background processor from
members to access group Twitter account. So we need to register our
background processor as Twitter application, which should use oAuth as
default.

2) We already have xAuth granted by Twitter for our desktop/mobile
application but this is for our clients only, not for our background
processor. So members can't authorize our background processor to
access group Twitter account in desktop/mobile application. That's a
violation against Twitter policy.

3) With xAuth for our background processor, members can authorize it
to access group Twitter account in desktop/mobile application.

Without it? I'm lost. Can you please help?

Thanks,

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en

Reply via email to