What? Absolutely not. Desktop applications are already an unsafe way of using OAuth, and JavaScript is even worse. You'd be exposing your Client Secret which is against the "rules".
Tom On 10/7/10 7:47 PM, Jonathon Hill wrote: > Have you looked at xAuth? It was designed for desktop clients but it > may work well with Javascript clients. > > Jonathon Hill > > > On Oct 6, 4:54 pm, Tim Bull <[email protected]> wrote: >> Hi, >> >> We are building an application client that is browser based. We're >> very comfortable with using OAuth from our server side code and are >> using it fine with the REST API (users sign in, authenticate with >> Twitter, we store their access tokens and reuse as requested - at the >> moment we mimic the required Twitter API on our server and when a user >> does something like a POST, we call our stub, use their token to then >> make the call via OAuth to Twitter). >> >> So far so good, but we'd like to implement User Streaming directly >> into the client side application. >> >> I've been browsing the Twitter Development documentation and there's a >> couple of points I'd like clarification on: >> >> *http://dev.twitter.com/pages/auth_overviewsays Streaming supports >> Basic and OAuth. >> >> *http://dev.twitter.com/pages/user_streamssays that the user streams >> supports OAuth only "HTTPS, OAuth and JSON only". No problems here, I >> just raise it to point out the auth_overview doco is slightly out of >> date. >> >> *http://dev.twitter.com/pages/oauth_librariestalks about a JS >> library but says "Javascript really shouldn't be used for OAuth 1.0A >> with respect to websites in web browsers. Ideally, you'll only use >> Javascript to perform OAuth operations when using server-side." >> >> The points I'd like some clarification on: >> >> 1. Given user_streams API is the intended way for clients to access >> Twitter going forwards, I presume it's intended not just for desktop, >> but also web clients too? >> 2. If 1 is correct, then is it OK to use JavaScript for the OAuth? If >> it's not, what is the recommended approach for a client side web >> application to connect and authenticate to the user_stream? >> >> Thanks, >> >> Tim > -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
