I think we're getting some movement on this - see this thread:
http://groups.google.com/group/twitter-development-talk/browse_thread/thread/73524da521d3081c?hl=en
Cheers,
G.
On Thu, Mar 26, 2009 at 7:30 PM, Elliott Kember
elliott.kem...@gmail.com wrote:
If you don't have a database storing the access tokens or indefinite
sessions on your webserver storing them, then the user will have to
login everytime. There's no way to get an access token without users
going
Well, on my site I'll say something like If you're logged in to
Twitter already, click here to log in. It works the same way as with
OpenID.
If they aren't logged into Twitter, they're prompted for their
username and password at Twitter's site. Then they're taken straight
back to mine.
If they
If they have to log in before you request authorization, can't you
just store the token with the login credentials (in your db) and use
it next time?
G.
On Mar 25, 8:19 pm, Elliott Kember elliott.kem...@gmail.com wrote:
Well, I've had it working for a while now using Rails. All this
solution
No - they don't log in before I request authorization. I get their
access token without having any idea who they are.
That's what I'm trying to avoid - I don't want to have any login stuff
on my side so the login is as easy as possible.
On Mar 26, 9:45 am, GraemeF grae...@gmail.com wrote:
If
2009/3/26 Elliott Kember elliott.kem...@gmail.com
No - they don't log in before I request authorization. I get their
access token without having any idea who they are.
That's what I'm trying to avoid - I don't want to have any login stuff
on my side so the login is as easy as possible.
I
Cool - yeah sorry about that. I meant to say the next time they try to
access their account.
It'd be even better if there were another level of OAuth permissions -
authorization only - which just lets you log in using the account,
and only lets you call verify_credentials.
Am I the only one
2009/3/26 Elliott Kember elliott.kem...@gmail.com
Cool - yeah sorry about that. I meant to say the next time they try to
access their account.
It'd be even better if there were another level of OAuth permissions -
authorization only - which just lets you log in using the account,
and only
Won't have read only access accomplish this? You can check
verify_credentials and never check anything else... but the OAuth
login flow remains the same..
..or am I missing something?
-Chad
On Thu, Mar 26, 2009 at 3:15 PM, Elliott Kember
elliott.kem...@gmail.com wrote:
Cool - yeah sorry
2009/3/26 Chad Etzel jazzyc...@gmail.com
Won't have read only access accomplish this? You can check
verify_credentials and never check anything else... but the OAuth
login flow remains the same..
..or am I missing something?
-Chad
We're trying to work out how to avoid a second OAuth
OAuth is a delegation API, it will never have support for Authentication
only (authentication is verifying identity, authorization is validating
access to some resource based on that identity). That is the job of
OpenID and is a service much better provided for by OpenID.
That said, it
If you don't have a database storing the access tokens or indefinite
sessions on your webserver storing them, then the user will have to
login everytime. There's no way to get an access token without users
going through the OAuth detour.
-Chad
On Thu, Mar 26, 2009 at 4:43 PM, Graeme Foster
The OpenID OAuth hybrid that Google and Plaxo have been working on would be
just about perfect for this:
http://googledataapis.blogspot.com/2009/01/bringing-openid-and-oauth-together.html
On Thu, Mar 26, 2009 at 15:56, Chad Etzel jazzyc...@gmail.com wrote:
If you don't have a database storing
2009/3/26 Joshua Perry j...@6bit.com
OAuth is a delegation API, it will never have support for Authentication
only (authentication is verifying identity, authorization is validating
access to some resource based on that identity). That is the job of
OpenID and is a service much better
2009/3/26 Chad Etzel jazzyc...@gmail.com
If you don't have a database storing the access tokens or indefinite
sessions on your webserver storing them, then the user will have to
login everytime. There's no way to get an access token without users
going through the OAuth detour.
-Chad
In
Well, I've had it working for a while now using Rails. All this
solution needs is an Always authorize this app button.
The way I do it is: I request an OAuth token, and then call
verify_credentials with it to find out who they are. It seems to work
fine, except it forces the user to click Allow
Very timely. I was thinking through this last night. I may develop a
general application for this purpose.
On Mar 22, 3:17 am, GraemeF grae...@gmail.com wrote:
Hi Elliott,
This scenario worked well with basic authentication; you could just
delegate the login to Twitter. Now I don't see
On Mar 22, 6:17 am, GraemeF grae...@gmail.com wrote:
Hi Elliott,
This scenario worked well with basic authentication; you could just
delegate the login to Twitter. Now I don't see a way to do it without
requiring the user to create another account so that the token can be
associated with
Hi Graeme,
I think I'm doing a similar thing - I want to use Twitter as the
registration and login process for my app. Right now, Twitter asks for
approval every time the user logs into the account. Is there a way to
say remember this application and then always accept auth requests
from that
Best practice would be a read only OAuth app and run the verify credentials
method.
Previously Twitter (al3x) as spoken against using OAuth as an OpenID flow
but I don't know if this is their current stand or not.
On Sat, Mar 21, 2009 at 06:35, GraemeF grae...@gmail.com wrote:
I have an
20 matches
Mail list logo
