I would just like to put in my two cents that I think this has to be addressed before basic auth is taken away. I am currently developing a mobile app that would not be possible with oauth.
David Troyer On Apr 20, 1:29 am, Doug Williams <d...@twitter.com> wrote: > Jeff, > We are still thinking internally about how we want to get around the browser > for OAuth token requests. Although, at this time we don't have a particular > implementation to share. > > Doug Williams > Twitter API Supporthttp://twitter.com/dougw > > On Sun, Apr 19, 2009 at 9:41 PM, Jeff Bishop <jeff.bis...@gmail.com> wrote: > > Doug, > > > I think if the user could log in to Twitter from a link and then be > > redirected to a place where the code could be shown to paste into the > > desktop application then that would work fine. Heck, you could even put a > > "copy to clipboard" button on that page so that the user could paste it in. > > Is this something planned or does it already exist? > > > Jeff > > > ----- Original Message ----- > > *From:* Doug Williams <d...@twitter.com> > > *To:* twitter-development-talk@googlegroups.com > > *Sent:* Sunday, April 19, 2009 9:22 PM > > *Subject:* [twitter-dev] Re: oAUTH - can it be done without interaction > > with a core browser? > > > The call tohttp://twitter.com/oauth/authorize(or the Sign in with > > Twitter equivalenthttp://twitter.com/oauth/authenticate) requires a > > browser to render the HTML necessary for the user prompt. This is a > > limitation we recognize with the current beta release of the OAuth > > implementation. > > > Doug Williams > > Twitter API Support > >http://twitter.com/dougw > > > On Sun, Apr 19, 2009 at 1:37 PM, Guan Yang <g...@yang.dk> wrote: > > >> On Sun, Apr 19, 2009 at 14:37, Jeff Bishop <jeff.bis...@gmail.com> wrote: > >> > 1. Get all of the required items from the user outside of Twitter's > >> > interface? > >> > 2. Authenticate (like with basic auth of some type using XML posts)? > >> > 3. Be able to post back to get the token information. > > >> I'm not completely sure what you want, but you could do something like > >> this: > > >> - Obtain a request token and secret. > >> - Start up a browser and send the user to > >>http://twitter.com/oauth/authorize > >> - Display a button that says something like "click here when you're done" > >> - When the user clicks that button, assume that you're authorized with > >> Twitter, and make a request to obtain the access token. > >> - If that's not the case, repeat the process. > > >> The point is that you don't really need any information back through > >> the callback other than the fact that the user has completed the > >> authorization process. But that can be accomplished simply by having > >> the user click a button. > > >> If you are able to register URI schemes in the operating system that > >> will launch your app, there is a different way of doing this. Suppose > >> you've registered mycoolapp:// with the operating system. Then you can > >> supply an oauth_callback parameter to > >>http://twitter.com/oauth/authorizethat looks something like this: > > >> mycoolapp://twitter-authorize-complete > > >> After successful authorization, Twitter will then redirect to something > >> like > > >> mycoolapp://twitter-authorize-complete?oauth_token=xxx&screen_name=guan&user_id=1234&other_params=values > > >> That way your app will automatically be launched after authorization > >> and you can call access_token at that point. > > >> Guan