I'm ignoring for the present sandboxed or sandboxable environments such
as Java and AIR. The runtime may prevent the local application from
having access to the username/password as used by other applications.
- Michael
--
mouse, n: A device for pointing at the xterm in which you want to type.
Confused by the strange files? I cryptographically sign my messages.
For more information see <http://www.elehack.net/resources/gpg>.
we're not unwilling to answer the question. it is something we're actively working on, and we're just not in a state to release anything yet.
On Thu, Dec 10, 2009 at 9:52 AM, Michael Steuer <mst...@gmail.com> wrote:
Raffi - can someone at Twitter PLEASE comment on the delegation question? If
your app uses the web oauth flow, as strongly recommended by Twitter and
reiterated in your statement below, how do you see consumption of 3rd party
APIs happening when you don't have the user's un/pw? I don't understand why
you're so unwilling to address that question?
On 12/10/09 7:42 AM, "Raffi Krikorian" <ra...@twitter.com> wrote:
> don't be evil. in a web scenario, send them to twitter.com <http://twitter.com> for the
Great to hear it’s on your radar and you’re actively working on it. Any chance you’ll involve the dev community prior to presenting the solution as a fait-accompli? And do you have an idea around timing for this solution?
- If oauth is the only allowed authentication method, a rogue app would
not be able to gain full access to your account. Perhaps most
importantly, it would not be capable of changing your password and
locking you out.
When will this roll out? Is there an authorization endpoint we can use
now for testing purposes? That would be great.
On Dec 10 2009, 8:58 am, Isaiah <supp...@yourhead.com> wrote:
> This seems like a dramatic improvement to me. When will Twitter start rolling out support for this, I'd like to be ready with something on github for this as soon as it lands.
>
> Isaiah
>
> YourHead Software
> supp...@yourhead.comhttp://www.yourhead.com
>
> On Dec 10, 2009, at 5:22 AM, Raffi Krikorian wrote:
>
> > we're not making any fundamental changes to oauth - your apps should
> > continue to work fine.
>
> > the changes that we are making involve implementing
> >http://tools.ietf.org/html/draft-dehora-farrell-oauth-accesstoken-cre....
> > this will allow applications to obtain oauth tokens for a user given
> > the user's username / password.
>