[twitter-dev] Re: OAUTH: Basic Auth is simpler/more reliable/more secure/better received than OAuth!?

2009-07-29 Thread oshells

I used Abraham examples to implement OAuth into Elgg v0.9.2 (last
version of an open source social network platform).
It`s working as it should be, but I also made further thinking (if by
any chance OAuth gets down) and  the first time users join our website
they must complete a "one time" signup process, allowing us to have
the missing parts from theyr account (email - any email they might
choose) and also let them set theyr username/password .
Now, even if theyr password is the same as for twitter it`s md5
encripted and no-one, neither the admins can use it in a "non-right
way".

The signup process is by-passed (from the 2nd time they join our
website using twitter authentication) by saving the twitter ID into
our database linked to the user account (the very 1st time they join),
so everytime the user joins using OAuth a session will be created for
that unique account (ID), but remember that he can also use username/
password to authenticate into our website.

I`ll advice anyone using OAuth to setup this "one-time" account
creation on theyr website (database) too, just in case something bad
could ever happen to OAuth.

If I`m pleased with OAuth? Hell ya, I do..I love it!

Sincerly, Cristian.

On Jul 29, 6:42 pm, Amitab  wrote:
> On Jul 28, 4:16 pm, Isaiah  wrote:
>
> > I publish an open source example of using a OAuth in a standalone mac  
> > app -- so I'm bought in to the OAuth idea.  But it wasn't easy, I had  
> > to fight to make it appear even somewhat integrated, and the lack of  
> > security around my apps private keys really freaks me out.
> > On the other hand I see a lot of posts like this where I tilt my head  
> > and say, "what are you talking about?" Because I just don't get where  
> > you're coming from.  It's like there's some hidden assumption someone  
> > forgot to tell me.
>
> > So, please don't take offense, I'd just like to play devil's advocate  
> > and ask you to back up these reasons with some more info.  I'll try to  
> > be specific about what seems odd, or at least odd to me:
>
> > > I really loved OAuth because:
>
> > > (1) Ease of coding. I could get OAuth working within a couple of days.
>
> > You're saying that OAuth was easier to implement than basic auth?  How  
> > so?  Basic auth just places the authorization info into the request --  
> > oauth requires the entire token request, token exchange, token  
> > inclusion dance.
> > At best I could see someone arguing that it's roughly the same because  
> > you can use a nice library either way, but saying OAuth is actually  
> > easier seems a bit far fetched.
>
> I was merely advocating about OAuth here. I didn't play around with
> BasicAuth since OAuth was available when I started developing
> twaller.com. I wanted to respond to comments which said, OAuth is hard
> to code etc., by saying I didn't feel that way, mainly because I used
> the library Twitter4J.
>
> > > Saves me any password maintenance, encryption etc.
>
> > But how do you maintain the user's auth tokens?  Since they're  
> > basically as powerful as a password (so long as the user has not  
> > turned them off) they need to be given the same care, right?
> > In my implementation I save them just like passwords.  Are other  
> > developers not doing this?  If not why not?
>
> I think there is a difference. I find passwords messy because if
> someone wants to misuse them, they can potentially misuse them for
> other websites beyond twitter. Many people including myself have
> similar usernames and exactly the same password in multiple websites.
> So if I accidently leak a password, and someone uses that to login a
> bank website and make a financial transaction, that will not look very
> good.
>
> Oauth token's are limited to Twitter use. At the moment, i am not
> encrypting it in my database.
>
> > > (2) Integration with Twitter Branding. With the OAuth scheme, I
> > > believe my website is more integrated with Twitter. It would also be
> > > nicer if Twitter would maintain their own list of websites they trust
> > > with Oauth, just to give users the added confidence that Twitter
> > > trusts me.
>
> > I'm sure if Twitter decided that tomorrow that OAuth was out, and that  
> > PAuth or QAuth were the new black, then those would be "more  
> > integrated."  My point being that this is not an advantage intrinsic  
> > to OAuth, just an advantage of using the currently blessed standard.  
> > I'll give you that one, if you also agree if that if tomorrow Twitter  
> > decided Basic Auth was the way forward, Basic Auth would then be more  
> > integrated than OAuth.
>
> I meant the process of going to Twitter for a login makes me feel that
> my application is integrated with them. As oppossed to merely saying,
> please supply your Twitter name and password to my website.
>
>
>
> > > (3) Saves me worrying about SSL. A lot of people are finicky about
> > > HTTPS/SSL. This was I can just ytell them that if Twitter wants Oauth
> > > that way in future, we wi

[twitter-dev] Re: Adding tweets with a certain word them them to a feed on your site?

2009-07-29 Thread oshells

How about a much more easy way?

I combined Elgg (was an open source platform for social networks) with
RSS (any RSS to HTML is fine too).
A live example you can find here: http://www.otd.to/iran/weblog/

and the RSS from twitter would be: http://search.twitter.com/search.rss?q=iran

Now you notice on OTD the LINK to twitter real status, as you wouldn`t
take credit for something someone else sayd.
And remember that Twitter dosen`t take credential for what ppl say.
It`s up to them (twitter users) to give access or set private.

Hope this helps you.

Sincerly, Cristian.

On Jul 28, 3:49 pm, "Michael Paladino" 
wrote:
> Twitter just recently added a widget to allow this 
> athttp://twitter.com/goodies/widget_search.  Also, check out a few third party
> options:
>
> http://www.tweetseek.co.uk/http://tweetgrid.com/widget/http://tidytweet.com
>
> Good luck!
>
> Michael
>
> -Original Message-
> From: twitter-development-talk@googlegroups.com
>
> [mailto:twitter-development-t...@googlegroups.com] On Behalf Of DougMellon
> Sent: Sunday, July 26, 2009 4:48 AM
> To: Twitter Development Talk
> Subject: [twitter-dev] Adding tweets with a certain word them them to a feed
> on your site?
>
> Does anyone know of a way I could add tweets with a certain word in
> them to a feed on my site?  For example if there are tweets that have
> say "#somethinghere" in them.  If I search twitter for #somethinghere
> (#somethinghere) the list of tweets comes up.  Is it possible to get
> that list of tweets posted on my site?  This may be really confusing
> and if so let me know and ill try to word it another way.  Thanks in
> advance,
> Doug


[twitter-dev] Re: Does twitter allow apps for getting followers by following each other?

2009-07-25 Thread oshells

I was looking for the same thing, an answer if there is a limit for
using OAuth in order to create friendships between members of a
twitter authentication based site.
Basicaly this is a sort of auto-follow when login using twitter
account.

The first moral question would be: Is it allowed?
2nd question: If YES, is there a limit?

To be precise i`m only refering to the OAuth option to POST friendship
creation between one (login/signup twitter user) and others (also
members of the website, twitter users).

Example: If there is a limit of one hour since user1 last time logged
into our website, he can/or may not be able to follow other 5,10
members.

Would be of great help to know if this is not against twitter policy
on how API resources can be used so we can start developing on this
idea.

Thank you.

Sincerly, Cristian.

On Jul 25, 7:41 am, Chaoming Li  wrote:
> I see a few apps doing this, some have been there for months.
> Basically they allow users to login and click a button to follow other
> users on the list, and then the other users might follows you back. I
> am wondering is that allowed?


[twitter-dev] Re: Does twitter allow apps for getting followers by following each other?

2009-07-25 Thread oshells

I was searching for the same thing, so it would be great to know if
this "auto-follow" sort of usage of twitter API is allowed or not?

Example: On a twitter authentication (OAauth) based website, when
USER1 logs into the website will follow 5 other members (that might or
not follow back).

If it`s allowed, what would be the API usage limit?

Would it be ok to restrict this auto-follow option on 5 followings /
member / each one hour - basis?

Thank you.

Sincerly, Cristian.

P.S.: I`m not sure what happent to my first post, this is the 2nd on
this topic. I appologise if reply needed to be approved and that`s why
it didn`t show the 1st one.

On Jul 25, 7:41 am, Chaoming Li  wrote:
> I see a few apps doing this, some have been there for months.
> Basically they allow users to login and click a button to follow other
> users on the list, and then the other users might follows you back. I
> am wondering is that allowed?