I read Raffi's post today,the original post is here:
https://groups.google.com/group/twitter-development-talk/browse_thread/thread/c2c4963061422f28
I think the abandon of HTTP basic auth would be a disaster for all
Chinese twitter users.
The gov of China runs a big censorship system called GFW. Wikipedia
gives more information about GFW here:
http://en.wikipedia.org/wiki/Golden_Shield_Project
GFW blocked many websites like facebook, twitter, youtube, plurk and
so on. So how does Chinese users post tweets from twitter client? We
uses Twitter API proxy.
A twitter API proxy is a simple script which redirect all POST and GET
request it received to twitter.com. These scripts are written in PHP
or Python, so it can be set up on virtual host outside China or on
GAE.
Basically, a API proxy script works as a middleman between twitter and
twitter client, little like man-in-the-middle attack.It's possible to
do this if the authentication is made in HTTP basic auth.But there is
no way to do the same thing with OAuth. The base string of an OAuth
request contains the domain of the HTTP request, so all client
developers modify their code if they want to suite the need of API
proxy.
This is really a disaster for all Chinese twitter users.
On Feb 12, 1:39 pm, Harshad RJ <harshad...@gmail.com> wrote:
> Wouldn't a regular HTTPS proxy be sufficient?
>
>
>
>
>
>
>
>
>
> On Fri, Feb 12, 2010 at 11:00 AM, yegle <cnye...@gmail.com> wrote:
> > Hi all,
> > This could be a long email.
>
> > I read Raffi's post today,the original post is here:
>
> >https://groups.google.com/group/twitter-development-talk/browse_threa...
Yes, but not all clients support HTTPS proxy, especially mobile
clients.
On Feb 12, 1:39 pm, Harshad RJ <harshad...@gmail.com> wrote:
> Wouldn't a regular HTTPS proxy be sufficient?
>
>
>
Anyway, HTTPS should be enabled or at least provide an option :-)
On Feb 12, 2:38 pm, Harshad RJ <harshad...@gmail.com> wrote:
> Made me realise that my app (tDash) should be using HTTPS for all API calls.
> Just made a new release now.
>
> Hoping that helps users behind a firewall.
>
Nope, it doesn't work :-(
All DNS queries to twitter.com inside China is poisoned and all
twitter's available IP is blocked.
- Brian
Nope, it doesn't work :-(
All DNS queries to twitter.com inside China is poisoned and all
twitter's available IP is blocked.
I'm still waiting for the approval of my request to try xauth, maybe I
can figure out how to do this when I can try xauth myself :-)
On Feb 12, 6:18 pm, Harshad RJ <harshad...@gmail.com> wrote:
Thank you all for your replies and concerns :-)
I've sent an eMail to a...@twitter.com requesting permission to use
xAuth in my S60 Twitter Client Gravity. Just curious if there's any
ETA for granting access to xAuth and/or providing documentation.
Many thanks in advance,
Ole
--
Jan Ole Suhr
su...@mobileways.de
On Twitter: http://twitter.com/janole
Raffi,
I assume that would be as a general rule for day-to-day operations of
web apps.
But, for web apps you are still going to allow the one-time bulk
conversion of existing users with xauth, correct?
But, for web apps you are still going to allow the one-time bulk
conversion of existing users with xauth, correct?
So, web apps should have the option of offering their users the xauth
path.