Dude, I think it is you who needs to chill... srsly. I love the bomb. I've wanted the bomb for a long time, a lot of us have.
Having an open discussion on an interesting topic does not mean we are all running around like chickens with our heads cut off. Without this thread I may never have thought of storing the tokens in a browser cookie. So, thank you for that suggestion. Whether you meant to or not, you may have actually contributed positively to this thread :) -Chad On Sun, Mar 1, 2009 at 3:34 PM, Dossy Shiobara <do...@panoptic.com> wrote: > > On 3/1/09 2:22 PM, Chad Etzel wrote: >> >> So, if someone wants to use 4 or 5 accounts >> at once they'd make 4 or 5 authentication trips to twitter and back. > > Sure, once per OAuth token lifetime. If Twitter implements OAuth correctly, > it's supposed to work like this: > > User "Sue" uses third-pary Application "App". App needs to access Twitter > API on behalf of Sue. App sends Sue through the OAuth flow, where Twitter > authenticates Sue and confirms that Sue is granting App permission to act on > her behalf. Twitter returns App an OAuth "Token" which it must store (more > on this later) in order to make requests on Sue's behalf. App can use and > reuse Token until Token's lifetime expires, at which point App must send Sue > through the OAuth flow again. > > To ensure a reasonably sane UX for Sue, Twitter needs to permit a reasonably > sane Token lifetime. _Ideally_, Twitter should allow users to select their > desired lifetime (one hour, one day, one week, one year, for example), in > addition to a UX flow to revoke a valid OAuth Token. > > Now, on the subject of "storing" the Token: yes, you could create your own > private authentication database and associate the Token to said credentials. > Alternatively, you could store the Token (optionally with symmetric key > encryption) as a cookie in the user's browser. Done intelligently, the > user's browser could store multiple such cookies in various chips, one for > each identity they control and have authorized. > > Does this help? Can we stop worrying and love the bomb, now? > > -- > Dossy Shiobara | do...@panoptic.com | http://dossy.org/ > Panoptic Computer Network | http://panoptic.com/ > "He realized the fastest way to change is to laugh at your own > folly -- then you can let go and quickly move on." (p. 70) >
