OAuth Feature: oauth_access_type added

146 views
Skip to first unread message

Matt Sanford

unread,
Mar 6, 2009, 10:51:13 AM3/6/09
to Twitter Development Talk
Hi there,

This is mostly for the people in the OAuth closed beta, but that
is rapidly coming to an end so other may want to read this as well.
One of the major changes requested was the ability for one application
to have both read and read+write users [1]. This was a fundamental
shift in the security model but last night I deployed the end of it so
it's now working.

When sending a user to the authorize URL (/oauth/authorize) you
can now include a parameter named oauth_access_type with a value of
"read" or "write", depending on which you need. If your application
needs to change the access type for a user you can send them back
again. You will probably want to make sure your app works correctly
when people re-authorize this way, since you need to replace the
tokens you have.

We discussed a 3-button layout but decided that OAuth is confusing
enough without moving choices onto the user. We also worked on a way
for users to change the access type of a token but in the end every UI
was confusing. Re-approval allows your app to handle the state change
rather than sendinf them to the connections tab with instructions.

Thanks;
— Matt Sanford


[1] - http://code.google.com/p/twitter-api/issues/detail?id=302

dmoney

unread,
Mar 6, 2009, 5:10:05 PM3/6/09
to Twitter Development Talk
Any timeline on WHEN the beta will open up to others? We'd like to
build some twitter functionality into our app, but I'd rather use the
oauth system vs storing usernames/passwords.

Thanks,
Duane

Matt Sanford

unread,
Mar 6, 2009, 5:26:32 PM3/6/09
to twitter-deve...@googlegroups.com
Hi there,

     Once I know, you'll know. I have seen a lot of technical feedback but almost zero feedback form end users about the flow. That's one of the things we have to judge before the closed beta is over, so if you have the type of feedback send it to me off list. I'm busy trying to collect that to see when we can finish this closed beta. When I know, you'll know.

— Matt

Dominik Schwind

unread,
Mar 7, 2009, 5:25:34 AM3/7/09
to twitter-deve...@googlegroups.com
Hi,

I'd be willing to "end user test" OAuth apps, if I only knew where to find them.
Is there a list somewhere? A thread in the group here that I missed?

On Fri, Mar 6, 2009 at 11:26 PM, Matt Sanford <ma...@twitter.com> wrote:
> Hi there,
>      Once I know, you'll know. I have seen a lot of technical feedback but
> almost zero feedback form end users about the flow. That's one of the things
> we have to judge before the closed beta is over, so if you have the type of
> feedback send it to me off list. I'm busy trying to collect that to see when
> we can finish this closed beta. When I know, you'll know.
> — Matt

--
Dominik Schwind
www.lostfocus.de

Other ways to contact me on
www.dominikschwind.com

Reply all
Reply to author
Forward
0 new messages