On Thu, May 19, 2011 at 08:18, hax0rsteve <[email protected]> wrote:
> > 1) it isn't > Ask users if they know that JavaScript can be inserted into UIWebViews that can read their password and I think you will find most of them will be surprised. > C) it doesn't > > Twitter.com is being framed within the application. > Of course, it depends how you read it. But what really matters is what > Twitter intended > when they wrote it. > > +1 for an official twitter comment please. > > Abraham ------------- Abraham Williams | InboxQ <http://inboxq.com/> | abrah.am @abraham <https://twitter.com/abraham> | github.com/abraham | blog.abrah.am This email is: [ ] shareable [x] ask first [ ] private. > > > On 19 May 2011, at 16:13, Tom van der Woerdt wrote: > > http://dev.twitter.com/pages/api_terms -> II. Principles -> 1. Don't > surprise users -> C. Your application should not: -> replicate, frame, or > mirror the Twitter website or its design. > > Tom > > > On 5/19/11 5:10 PM, hax0rsteve wrote: > > > Tom, > > Could you clarify : > > If using a web view is against the ToS, could you state which section ? > > And if "it soon will be" (which conflicts with the above), what makes you > think so ? > > Did I miss something ? > > Also, if someone from the Twitter team could confirm either of these, > this would be much > more helpful. > > > > > On 19 May 2011, at 16:00, Tom van der Woerdt wrote: > > Like I mentioned in my post - use the actual browser which includes an > address bar (that's what it's about - without the address bar the user > doesn't know it's actually twitter.com and you might just as well use > xAuth, lol). Use a callback URL which includes a custom scheme ( > myapp://oauth_redirect, for example) and catch this URL in your code. > > Tom > > > On 5/19/11 4:58 PM, Adriaan Pelzer wrote: > > If using a UIWebView is against the TOS, how should app developers > (standalone apps, that is) authenticate without xauth, in the light of > yesterday's announcements? > > Adriaan Pelzer > > //))//\\//\\||// > //\\//7//7///\\ > > putting you in touch with your crowds > http://www.wewillraakyou.com > twitter: http://www.twitter.com/adriaan_pelzer > linkedIn: http://uk.linkedin.com/pub/adriaan-pelzer/4/874/860/ > skype: adriaan_pelzer > +4478 7978 1743 > > > > On Thu, May 19, 2011 at 3:53 PM, Tom van der Woerdt <[email protected]> wrote: > >> 1. Yep >> 2. NO. There's no difference in oauth/authorize and oauth/authenticate, >> except that authenticate will simply pass the "accept/deny" screen if the >> user has already accepted the app. Also, don't display it in a WebView, use >> the normal browser instead and use a callback URL with a custom scheme - for >> example myapp://. Let the browser redirect this URL back to the app. >> Again, do NOT use a UIWebView - I'm pretty sure that that's against the TOS, >> and if it's not, it soon will be. >> 3. Yep >> 4. Yes, you will need to store the consumer token and secret in the code, >> and store the user's token and secret in the keychain (or somewhere else, >> secure). >> >> The OAuth flow is no different for mobile devices than for desktops. >> >> Tom >> >> >> >> On 5/19/11 4:45 PM, Andrew W. Donoho wrote: >> >> Gentle Twitter Support Folks, >> >> There is an ambiguity in the OAuth flow for mobile devices. As I now >> have little time to move from xAuth to OAuth, I would appreciate it if >> Twitter Support would confirm the following OAuth flow which uses your >> routes. >> >> 1) Use "POST oauth/request_token" to get the access token needed for the >> user web dialog. >> >> 2) Upon receiving the request token, open a web view using "GET >> oauth/authorize". This is the ambiguous path for mobile devices. It is >> specified that this path must be used for desktop devices. As a mobile >> device is really a wireless desktop device, I believe Twitter wants me to >> use this route in lieu of "GET oauth/authenticate". Other vendors also allow >> the specification of whether this is a mobile device. They then provide a >> web authorization dialog appropriate for a narrow screen. It does not appear >> that Twitter offers this functionality. Could you please confirm this? >> Finally, as my app runs on an iPad, what is the preferred web view width? >> (To support both portrait and landscape orientations, it needs to be less >> than 768 pixels. 600 pixels is a common, Apple suggested, width.) Could you >> please enlighten me to what is Twitter's preferred authorization web view >> width? >> >> 3) Use "GET oauth/authenticate" to acquire the access token and access >> secret. >> >> 4) As I haven't yet requested my new consumer key and, hence, do not >> know some things, will I also be maintaining a consumer secret for my OAuth >> signature mechanism? >> >> Thank you for your support. >> >> >> Anon, >> Andrew >> >> >> P.S. Thank you for the two week extension for our xAuth to OAuth >> transition. Because Apple may still reject my app for unrelated to Twitter >> issues, four weeks is still a totally inadequate period to ensure a zero >> downtime transition. Please recognize both the risks to our business and the >> hardship you are imposing on small organizations. Furthermore, Apple's WWDC >> conference occurs in the middle of your current conversion schedule, this >> only allows me, in effect, 3 weeks to make this change. You can really hurt >> us with your imposed schedule. While I doubt that is your intent, it is, >> nonetheless, a likely outcome. Please double, at least, your conversion >> period to 8 weeks. >> >> ____________________________________ >> Andrew W. Donoho >> Donoho Design Group, L.L.C. >> [email protected], +1 (512) 750-7596, twitter.com/adonoho >> >> "When you can't imagine how things are going to change, >> that doesn't mean that nothing will change. >> It means that things will change in ways that are unimaginable." >> Bruce Sterling, January 02, 2009 >> >> >> >> >> >> >> >> -- >> Twitter developer documentation and resources: >> https://dev.twitter.com/doc >> API updates via Twitter: https://twitter.com/twitterapi >> Issues/Enhancements Tracker: >> https://code.google.com/p/twitter-api/issues/list >> Change your membership to this group: >> https://groups.google.com/forum/#!forum/twitter-development-talk >> >> >> -- >> Twitter developer documentation and resources: >> https://dev.twitter.com/doc >> API updates via Twitter: https://twitter.com/twitterapi >> Issues/Enhancements Tracker: >> https://code.google.com/p/twitter-api/issues/list >> Change your membership to this group: >> https://groups.google.com/forum/#!forum/twitter-development-talk >> > > -- > Twitter developer documentation and resources: https://dev.twitter.com/doc > API updates via Twitter: https://twitter.com/twitterapi > Issues/Enhancements Tracker: > https://code.google.com/p/twitter-api/issues/list > Change your membership to this group: > https://groups.google.com/forum/#!forum/twitter-development-talk > > > > -- > Twitter developer documentation and resources: https://dev.twitter.com/doc > API updates via Twitter: https://twitter.com/twitterapi > Issues/Enhancements Tracker: > https://code.google.com/p/twitter-api/issues/list > Change your membership to this group: > https://groups.google.com/forum/#!forum/twitter-development-talk > > > -- > Twitter developer documentation and resources: https://dev.twitter.com/doc > API updates via Twitter: https://twitter.com/twitterapi > Issues/Enhancements Tracker: > https://code.google.com/p/twitter-api/issues/list > Change your membership to this group: > https://groups.google.com/forum/#!forum/twitter-development-talk > > > > -- > Twitter developer documentation and resources: https://dev.twitter.com/doc > API updates via Twitter: https://twitter.com/twitterapi > Issues/Enhancements Tracker: > https://code.google.com/p/twitter-api/issues/list > Change your membership to this group: > https://groups.google.com/forum/#!forum/twitter-development-talk > > > -- > Twitter developer documentation and resources: https://dev.twitter.com/doc > API updates via Twitter: https://twitter.com/twitterapi > Issues/Enhancements Tracker: > https://code.google.com/p/twitter-api/issues/list > Change your membership to this group: > https://groups.google.com/forum/#!forum/twitter-development-talk > -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk
