Re: [twitter-dev] Mobile java client - happy with OAuth as it is
On Wed, Feb 3, 2010 at 5:02 AM, Jeff Enderwick wrote: > App-engine is free to a point, and you do get (little) more than you pay > for. But that scheme carries a heavy price: > personally engraved downloads: one heavyweight op per subscriber (one-time > though), That's not strictly necessary, as the app could potentially be downloaded untagged and then it could contact server on once it run for a first time to get it's ID. There are two problems though: 1. User has to go throuh a website to perform the OAuth authorization. 2. There should be a way to establish the link between user's OAuth tokens saved on the server, and an app. For example a PIN code could be used. > having server-side resources proxy all mobile twitter interaction: way, way > to heavy for no real functional benefit (and also less fault tolerant). That depends on the platform the app is written for. It would be an overkill for iPhone or Android, but j2me? I think the Snaptu which currenlty is the biggest j2me client out threre does it exactly like this. Also, it the mobile app is doing OAuth itself, it has to be given the application token and secret with all the security implications of doing this. Anton > > On Tue, Feb 2, 2010 at 1:02 PM, Abraham Williams <4bra...@gmail.com> wrote: >> >> With the proliferation of services like Google App Engine finding free or >> cheap sever resources is easy. >> Abraham >> >> On Tue, Feb 2, 2010 at 06:09, ryan alford wrote: >>> >>> Another problem with this approach is that you are now required to have a >>> server. So now a developer would have the added expense of paying for a >>> server. Now if the developer already had a server, then it's a moot point, >>> but not all developers have their own hosted servers. >>> What happens when your server goes down, or your hosting provider has >>> connectivity problems? Your app is now dead, even though Twitter is still >>> functioning normally. >>> Ryan >>> >>> On Tue, Feb 2, 2010 at 7:08 AM, Anton Krasovsky >>> wrote: With all that talk about OAuth, I thought I might share my experience using it in for a mobile (j2me) twitter client. I guess my approach is nothing new, and probably is not applicable to iPhone apps because of the appstore distribution process, but anyways. So the way I handle OAuth is as follows: All application downloads are handled by my own server. Before allowing user to download the app I initiate OAuth authorization with Twitter and then, save user tokens along with generated unique id for a user. Once authorized, user is permitted to download the application which is tagged with that unique user id I generated earlier. Once user starts the app, it uses it's id to authenticate itself to my server. All communicatin between Twitter and user's appication is handled/proxied by the server that performs all necessary oauth signing on behalf of the user. So, this way I have all benefits of using OAuth in a mobile app. The only drawback really, is that user must visit my web site at least once to perform authorization. Regards, Anton http://pavo.me >>> >> >> >> >> -- >> Abraham Williams | Community Advocate | http://abrah.am >> Project | Out Loud | http://outloud.labs.poseurtech.com >> This email is: [ ] shareable [x] ask first [ ] private. >> Sent from Seattle, WA, United States >
Re: [twitter-dev] Mobile java client - happy with OAuth as it is
App-engine is free to a point, and you do get (little) more than you pay for. But that scheme carries a heavy price: personally engraved downloads: one heavyweight op per subscriber (one-time though), having server-side resources proxy all mobile twitter interaction: way, way to heavy for no real functional benefit (and also less fault tolerant). On Tue, Feb 2, 2010 at 1:02 PM, Abraham Williams <4bra...@gmail.com> wrote: > With the proliferation of services like Google App Engine finding free or > cheap sever resources is easy. > > Abraham > > > On Tue, Feb 2, 2010 at 06:09, ryan alford wrote: > >> Another problem with this approach is that you are now required to have a >> server. So now a developer would have the added expense of paying for a >> server. Now if the developer already had a server, then it's a moot point, >> but not all developers have their own hosted servers. >> >> What happens when your server goes down, or your hosting provider has >> connectivity problems? Your app is now dead, even though Twitter is still >> functioning normally. >> >> Ryan >> >> >> On Tue, Feb 2, 2010 at 7:08 AM, Anton Krasovsky < >> anton.krasov...@gmail.com> wrote: >> >>> With all that talk about OAuth, I thought I might share my experience >>> using it in for a mobile (j2me) twitter client. >>> >>> I guess my approach is nothing new, and probably is not applicable to >>> iPhone apps because of the appstore distribution process, but anyways. >>> >>> So the way I handle OAuth is as follows: >>> >>> All application downloads are handled by my own server. Before >>> allowing user to download the app I initiate OAuth authorization with >>> Twitter and then, save user tokens along with generated unique id for >>> a user. >>> >>> Once authorized, user is permitted to download the application which >>> is tagged with that unique user id I generated earlier. >>> >>> Once user starts the app, it uses it's id to authenticate itself to my >>> server. >>> >>> All communicatin between Twitter and user's appication is >>> handled/proxied by the server that performs all necessary oauth >>> signing on behalf of the user. >>> >>> So, this way I have all benefits of using OAuth in a mobile app. >>> >>> The only drawback really, is that user must visit my web site at least >>> once to perform authorization. >>> >>> Regards, >>> Anton >>> http://pavo.me >>> >> >> > > > -- > Abraham Williams | Community Advocate | http://abrah.am > Project | Out Loud | http://outloud.labs.poseurtech.com > This email is: [ ] shareable [x] ask first [ ] private. > Sent from Seattle, WA, United States >
Re: [twitter-dev] Mobile java client - happy with OAuth as it is
To paraphrase Heinlein, 'There is no such thing as a free server." On Tue, Feb 2, 2010 at 1:02 PM, Abraham Williams <4bra...@gmail.com> wrote: > With the proliferation of services like Google App Engine finding free or > cheap sever resources is easy. > Abraham > > On Tue, Feb 2, 2010 at 06:09, ryan alford wrote: >> >> Another problem with this approach is that you are now required to have a >> server. So now a developer would have the added expense of paying for a >> server. Now if the developer already had a server, then it's a moot point, >> but not all developers have their own hosted servers. >> What happens when your server goes down, or your hosting provider has >> connectivity problems? Your app is now dead, even though Twitter is still >> functioning normally. >> Ryan >> >> On Tue, Feb 2, 2010 at 7:08 AM, Anton Krasovsky >> wrote: >>> >>> With all that talk about OAuth, I thought I might share my experience >>> using it in for a mobile (j2me) twitter client. >>> >>> I guess my approach is nothing new, and probably is not applicable to >>> iPhone apps because of the appstore distribution process, but anyways. >>> >>> So the way I handle OAuth is as follows: >>> >>> All application downloads are handled by my own server. Before >>> allowing user to download the app I initiate OAuth authorization with >>> Twitter and then, save user tokens along with generated unique id for >>> a user. >>> >>> Once authorized, user is permitted to download the application which >>> is tagged with that unique user id I generated earlier. >>> >>> Once user starts the app, it uses it's id to authenticate itself to my >>> server. >>> >>> All communicatin between Twitter and user's appication is >>> handled/proxied by the server that performs all necessary oauth >>> signing on behalf of the user. >>> >>> So, this way I have all benefits of using OAuth in a mobile app. >>> >>> The only drawback really, is that user must visit my web site at least >>> once to perform authorization. >>> >>> Regards, >>> Anton >>> http://pavo.me >> > > > > -- > Abraham Williams | Community Advocate | http://abrah.am > Project | Out Loud | http://outloud.labs.poseurtech.com > This email is: [ ] shareable [x] ask first [ ] private. > Sent from Seattle, WA, United States -- M. Edward (Ed) Borasky http://borasky-research.net "I've always regarded nature as the clothing of God." ~Alan Hovhaness
Re: [twitter-dev] Mobile java client - happy with OAuth as it is
With the proliferation of services like Google App Engine finding free or cheap sever resources is easy. Abraham On Tue, Feb 2, 2010 at 06:09, ryan alford wrote: > Another problem with this approach is that you are now required to have a > server. So now a developer would have the added expense of paying for a > server. Now if the developer already had a server, then it's a moot point, > but not all developers have their own hosted servers. > > What happens when your server goes down, or your hosting provider has > connectivity problems? Your app is now dead, even though Twitter is still > functioning normally. > > Ryan > > > On Tue, Feb 2, 2010 at 7:08 AM, Anton Krasovsky > wrote: > >> With all that talk about OAuth, I thought I might share my experience >> using it in for a mobile (j2me) twitter client. >> >> I guess my approach is nothing new, and probably is not applicable to >> iPhone apps because of the appstore distribution process, but anyways. >> >> So the way I handle OAuth is as follows: >> >> All application downloads are handled by my own server. Before >> allowing user to download the app I initiate OAuth authorization with >> Twitter and then, save user tokens along with generated unique id for >> a user. >> >> Once authorized, user is permitted to download the application which >> is tagged with that unique user id I generated earlier. >> >> Once user starts the app, it uses it's id to authenticate itself to my >> server. >> >> All communicatin between Twitter and user's appication is >> handled/proxied by the server that performs all necessary oauth >> signing on behalf of the user. >> >> So, this way I have all benefits of using OAuth in a mobile app. >> >> The only drawback really, is that user must visit my web site at least >> once to perform authorization. >> >> Regards, >> Anton >> http://pavo.me >> > > -- Abraham Williams | Community Advocate | http://abrah.am Project | Out Loud | http://outloud.labs.poseurtech.com This email is: [ ] shareable [x] ask first [ ] private. Sent from Seattle, WA, United States
Re: [twitter-dev] Mobile java client - happy with OAuth as it is
I know, I know. It's a solution that works for me, - given the resource limitation of a typical low end phone I decided to do most processing on the server anyway. I'm not trying to persuade everyone to do it this way, just sharing my experience. Anton On Tue, Feb 2, 2010 at 2:09 PM, ryan alford wrote: > Another problem with this approach is that you are now required to have a > server. So now a developer would have the added expense of paying for a > server. Now if the developer already had a server, then it's a moot point, > but not all developers have their own hosted servers. > What happens when your server goes down, or your hosting provider has > connectivity problems? Your app is now dead, even though Twitter is still > functioning normally. > Ryan > > On Tue, Feb 2, 2010 at 7:08 AM, Anton Krasovsky > wrote: >> >> With all that talk about OAuth, I thought I might share my experience >> using it in for a mobile (j2me) twitter client. >> >> I guess my approach is nothing new, and probably is not applicable to >> iPhone apps because of the appstore distribution process, but anyways. >> >> So the way I handle OAuth is as follows: >> >> All application downloads are handled by my own server. Before >> allowing user to download the app I initiate OAuth authorization with >> Twitter and then, save user tokens along with generated unique id for >> a user. >> >> Once authorized, user is permitted to download the application which >> is tagged with that unique user id I generated earlier. >> >> Once user starts the app, it uses it's id to authenticate itself to my >> server. >> >> All communicatin between Twitter and user's appication is >> handled/proxied by the server that performs all necessary oauth >> signing on behalf of the user. >> >> So, this way I have all benefits of using OAuth in a mobile app. >> >> The only drawback really, is that user must visit my web site at least >> once to perform authorization. >> >> Regards, >> Anton >> http://pavo.me > >
Re: [twitter-dev] Mobile java client - happy with OAuth as it is
Another problem with this approach is that you are now required to have a server. So now a developer would have the added expense of paying for a server. Now if the developer already had a server, then it's a moot point, but not all developers have their own hosted servers. What happens when your server goes down, or your hosting provider has connectivity problems? Your app is now dead, even though Twitter is still functioning normally. Ryan On Tue, Feb 2, 2010 at 7:08 AM, Anton Krasovsky wrote: > With all that talk about OAuth, I thought I might share my experience > using it in for a mobile (j2me) twitter client. > > I guess my approach is nothing new, and probably is not applicable to > iPhone apps because of the appstore distribution process, but anyways. > > So the way I handle OAuth is as follows: > > All application downloads are handled by my own server. Before > allowing user to download the app I initiate OAuth authorization with > Twitter and then, save user tokens along with generated unique id for > a user. > > Once authorized, user is permitted to download the application which > is tagged with that unique user id I generated earlier. > > Once user starts the app, it uses it's id to authenticate itself to my > server. > > All communicatin between Twitter and user's appication is > handled/proxied by the server that performs all necessary oauth > signing on behalf of the user. > > So, this way I have all benefits of using OAuth in a mobile app. > > The only drawback really, is that user must visit my web site at least > once to perform authorization. > > Regards, > Anton > http://pavo.me >
[twitter-dev] Mobile java client - happy with OAuth as it is
With all that talk about OAuth, I thought I might share my experience using it in for a mobile (j2me) twitter client. I guess my approach is nothing new, and probably is not applicable to iPhone apps because of the appstore distribution process, but anyways. So the way I handle OAuth is as follows: All application downloads are handled by my own server. Before allowing user to download the app I initiate OAuth authorization with Twitter and then, save user tokens along with generated unique id for a user. Once authorized, user is permitted to download the application which is tagged with that unique user id I generated earlier. Once user starts the app, it uses it's id to authenticate itself to my server. All communicatin between Twitter and user's appication is handled/proxied by the server that performs all necessary oauth signing on behalf of the user. So, this way I have all benefits of using OAuth in a mobile app. The only drawback really, is that user must visit my web site at least once to perform authorization. Regards, Anton http://pavo.me