> > > This is the same issue I'm working with for TTYtter, and I think I have a > > > solution which I plan to implement when OAuth goes open. I'll post more > > > about the workflow (it's open source) when I get a working beta > > > operating. > > > > +1 on being interested in your workflow solution as I have a lot of > > commandline stuff going on, too. > > Ditto.
Well, since people are asking, the workflow doesn't significantly differ from other OAuth applications and depends on the fact that access tokens don't expire. When people start TTYtter up for the first time without an access token (or TTYtter tries the access token and it fails), it asks for the usual request token, prints the access URL with the request token it wants the user to authorize, and waits for the user to authorize. Twitter, presumably, will say, "ok, tell your program to continue." Back on TTYtter's side, the user hits ENTER, and TTYtter exchanges its request token for an access token *and caches it* once it has verified it can successfully hit the user timeline for data. So far, this is not significantly different than any other OAuth app. The OAuth request token is then saved to disk and now TTYtter can run unattended -- all that needs to happen is the user tells TTYtter which credentials file to use, and TTYtter does not require further intervention (I use TTYtter to automatically fetch replies from a number of my accounts and mail them to me, so I wanted to make sure this would still work). The real trick was what to do with keys in an open source app, but fortunately the key issue is already solved because Twitter is presumably not relying on oauth_consumer_key to unambiguously or securely identify consumer clients, and the key needed for HMAC-SHA1 signatures can simply be randomly generated at the point of asking for a request token. I hashed this out with Blaine Cook in E-mail, so I am fairly confident this should work, and I appreciate his help. Note to Twitter: it would be nice if the OAuth authorization page were viewable in something like Lynx, even if it were only trivially so. :) Good for screen readers too. When I have working code running, I'll announce. I plan to start working on it right away when the beta opens. -- ------------------------------------ personal: http://www.cameronkaiser.com/ -- Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com -- Don't Be Evil. -- Paul Buchheit --------------------------------------------