On 7 Oct 2010, at 15:17, Copeland, Bryan wrote: > Agreed... would like to finish it as well, especially since Twitter has > dropped BASIC authentication, the old way of getting private tweets and > posting status updates is now obsolete. > > Was there a final decision on signing OAuth requests from within a Wookie > widget? Should we try to do this at the widget-level itself with the OAuth > Javascript library or pass it to a server-side proxy for handling/storing the > token negotiation?
> Also, the version of OAuth to support could weigh on this decision somewhat, > with 1.0 I'd just try to sign it in JS, but I'm assuming the goal is to > support version 2.0 of the latest spec as it near completion. Since that > requires HTTPS all the way through the JS library itself might be obsolete > and it might need to be signed on the server anyway. > > If anyone has any thoughts on which way to go, I can try to wrap this up, I was reluctant to commit to us trying to develop an oAuth solution for Wookie given that there is another Apache podling doing oAuth: http://incubator.apache.org/projects/amber.html So my inclination would be to try to support Amber and then use it in Wookie as soon as they have a release, rather than try to do something just for Wookie. However that does create a dependency between the podlings, and if ultimately Amber stalls or goes in a direction that doesn't help us then we're back to square one. I had a chat with some Android developers and others and it seems like to use OAuth 2.0 you really do need to build in local token management (in our case, local meaning on the Wookie server) and not delegate everything to client JS. One of the reasons being that you can't distribute an open-source widget with its consumer key and secret! > > Bryan > > -----Original Message----- > From: Scott Wilson (JIRA) [mailto:[email protected]] > Sent: October 7, 2010 10:44 AM > To: [email protected] > Subject: [jira] Updated: (WOOKIE-142) Twitter API Widget > > > [ > https://issues.apache.org/jira/browse/WOOKIE-142?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel > ] > > Scott Wilson updated WOOKIE-142: > -------------------------------- > > Fix Version/s: 0.8.2 > > Lets finish this up and put it in 0.8.2 > >> Twitter API Widget >> ------------------ >> >> Key: WOOKIE-142 >> URL: https://issues.apache.org/jira/browse/WOOKIE-142 >> Project: Wookie >> Issue Type: Improvement >> Reporter: Bryan Copeland >> Priority: Trivial >> Fix For: 0.8.2 >> >> Attachments: twitter.wgt >> >> >> This is just a first stab to extending the same methods as Flickr and >> YouTube widgets into Twitter... >> It works for read only right now (search by Tweet text or User tweets) >> For Tweeting/status updates, there is a slight problem with the >> authentication in the OAuth signing directly from Javascript via the OAuth >> JS library, so, this may be one case of a widget which does require a >> server-side OAuth proxy to relay access tokens securely (although, I have >> seen Yahoo! YQL used to authenticate remotely to Twitter, so it may still be >> possible) > > -- > This message is automatically generated by JIRA. > - > You can reply to this email to add a comment to the issue online. >
