[twitter-dev] countdown to OAuth / basic auth removal / OAuthcalypse
31 views
Skip to first unread message
Raffi Krikorian
Apr 24, 2010, 11:40:19 AM4/24/10
to twitter-ap...@googlegroups.com, twitter-deve...@googlegroups.com
hi all.
you're going to be hearing a lot from me over the next 9 weeks. our plan is to turn off basic authorization on the API by june 30, 2010 -- developers will have to switch over to OAuth by that time. between now and then, there will be a lot of information coming along with tips on how to use OAuth Echo, xAuth, etc. we really want to make this transition as easy as we can for everybody.
as always, please feel free to reach out to this group, or to @twitterapi directly. if you need help remembering the date - http://bit.ly/twcountdown.
Raffi Krikorian
Apr 24, 2010, 11:42:37 AM4/24/10
to twitter-ap...@googlegroups.com, twitter-deve...@googlegroups.com
sorry! i was just reminded about a point of clarification - streaming API will still support basic auth. this note only pertains to the REST API.
Dewald Pretorius
Apr 24, 2010, 11:44:04 AM4/24/10
to Twitter Development Talk
Raffi, that is super awesome. Thank you.
Any chance that you will have OAuth 2.0 in production before then?
On Apr 24, 12:40 pm, Raffi Krikorian <ra...@twitter.com> wrote:
> hi all.
>
> you're going to be hearing a lot from me over the next 9 weeks. our plan is
> to turn off basic authorization on the API by june 30, 2010 -- developers
> will have to switch over to OAuth by that time. between now and then, there
> will be a *lot* of information coming along with tips on how to use OAuth
> Subscription settings:http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Any chance that you will have OAuth 2.0 in production before then?
On Apr 24, 12:40 pm, Raffi Krikorian <ra...@twitter.com> wrote:
> hi all.
>
> you're going to be hearing a lot from me over the next 9 weeks. our plan is
> to turn off basic authorization on the API by june 30, 2010 -- developers
> will have to switch over to OAuth by that time. between now and then, there
> Echo, xAuth, etc. we really want to make this transition as easy as we can
> for everybody.
>
> as always, please feel free to reach out to this group, or to @twitterapi
> directly. if you need help remembering the date -http://bit.ly/twcountdown
> .
>
> --
> Raffi Krikorian
> Twitter Platform Teamhttp://twitter.com/raffi
>
> --
> for everybody.
>
> as always, please feel free to reach out to this group, or to @twitterapi
> directly. if you need help remembering the date -http://bit.ly/twcountdown
> .
>
> --
> Raffi Krikorian
> Twitter Platform Teamhttp://twitter.com/raffi
>
> Subscription settings:http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Raffi Krikorian
Apr 24, 2010, 11:49:46 AM4/24/10
to twitter-deve...@googlegroups.com
there is a really good chance - now that oauth 2.0 has been submitted as a draft http://tools.ietf.org/html/draft-hammer-oauth2-00, we are going to spend some time catching up our oauth 2.0 implementation. at that point, we'll evaluate letting it loose.
Thomas Woolway
Apr 24, 2010, 1:48:05 PM4/24/10
to twitter-deve...@googlegroups.com
Hi Raffi,
Great that we've got a date for basic auth deprecation, but is there any news/timescales on OAuth Echo? We've got nine weeks and counting to get the spec, get the service providers to implement it, build it into clients and get our user-bases to upgrade if they want to be able to upload photos post June 30th. That's easier if you're web based, but not a huge amount of time if you are desktop or mobile based.
Thanks,
Tom
Raffi Krikorian
Apr 24, 2010, 5:44:01 PM4/24/10
to twitter-deve...@googlegroups.com
hi tom!
i will be sending more info about it - we've been working with yfrog, tweetphoto, and twitpic to get their services migrated - they are either finished or are nearly there. if there are others that you would like the @twitterapi team involved with to help them get migrated over as well, then feel free to drop me an e-mail asking me.
John Meyer
Apr 24, 2010, 6:57:39 PM4/24/10
to twitter-deve...@googlegroups.com
On 4/24/2010 3:44 PM, Raffi Krikorian wrote:
> hi tom!
>
> i will be sending more info about it - we've been working with yfrog,
> tweetphoto, and twitpic to get their services migrated - they are either
> finished or are nearly there. if there are others that you would like
> the @twitterapi team involved with to help them get migrated over as
> well, then feel free to drop me an e-mail asking me.
Speaking on behalf of TwitterVB we use a lot of these services in our
> hi tom!
>
> i will be sending more info about it - we've been working with yfrog,
> tweetphoto, and twitpic to get their services migrated - they are either
> finished or are nearly there. if there are others that you would like
> the @twitterapi team involved with to help them get migrated over as
> well, then feel free to drop me an e-mail asking me.
dll, so if any of the api's change dramatically we'd really love to hear
about those changes.
Raffi Krikorian
Apr 24, 2010, 7:05:00 PM4/24/10
to twitter-deve...@googlegroups.com
if there any applications / service providers that you would like the @twitterapi team to talk to - let me know. or, have the application / service provider come to us.
i really want to make this transition as easy as possible.
John Meyer
Apr 24, 2010, 7:34:32 PM4/24/10
to twitter-deve...@googlegroups.com
On 4/24/2010 5:05 PM, Raffi Krikorian wrote:
> if there any applications / service providers that you would like the
> @twitterapi team to talk to - let me know. or, have the application /
> service provider come to us.
>
> i really want to make this transition as easy as possible.
I'll probably be contacting those services. Right now we have interfaces
> if there any applications / service providers that you would like the
> @twitterapi team to talk to - let me know. or, have the application /
> service provider come to us.
>
> i really want to make this transition as easy as possible.
for:
*TweetPhoto
*TwitPic
*yFrog
*FileSocial
*Twic.li
After I get my butt in gear and get xAuth support I'll probably next
work on encapsulating all of these services (currently TweetPhoto,
TwitPic and FileSocial are part of the main class) so that changes can
be more easily worked on.
Raffi Krikorian
Apr 24, 2010, 8:02:50 PM4/24/10
to twitter-deve...@googlegroups.com
first three are taken care of, just let me know if you need help coordinating with the others....
Abraham Williams
Apr 24, 2010, 8:06:30 PM4/24/10
to twitter-deve...@googlegroups.com
Awesome! I'm going to start planning a party... :-P
Abraham
--
Abraham Williams | Developer for hire | http://abrah.am
@abraham | http://projects.abrah.am | http://blog.abrah.am
This email is: [ ] shareable [x] ask first [ ] private.
Abraham Williams | Developer for hire | http://abrah.am
@abraham | http://projects.abrah.am | http://blog.abrah.am
This email is: [ ] shareable [x] ask first [ ] private.
Adrian
Apr 24, 2010, 11:44:41 PM4/24/10
to Twitter Development Talk
At this point, all I'm looking for is a way to upgrade this piece of
PHP code to take into account the new authentication model:
$ch = curl_init('http://twitter.com/statuses/update.xml');
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,
'status='.urlencode(trim($message)));
curl_setopt($ch, CURLOPT_USERPWD, $settings['twitter-username'].':'.
$settings['twitter-password']);
$response = curl_exec($ch);
$resp = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
On Apr 24, 6:40 pm, Raffi Krikorian <ra...@twitter.com> wrote:
> hi all.
>
> you're going to be hearing a lot from me over the next 9 weeks. our plan is
> to turn off basic authorization on the API by june 30, 2010 -- developers
> will have to switch over to OAuth by that time. between now and then, there
> will be a *lot* of information coming along with tips on how to use OAuth
PHP code to take into account the new authentication model:
$ch = curl_init('http://twitter.com/statuses/update.xml');
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,
'status='.urlencode(trim($message)));
curl_setopt($ch, CURLOPT_USERPWD, $settings['twitter-username'].':'.
$settings['twitter-password']);
$response = curl_exec($ch);
$resp = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
On Apr 24, 6:40 pm, Raffi Krikorian <ra...@twitter.com> wrote:
> hi all.
>
> you're going to be hearing a lot from me over the next 9 weeks. our plan is
> to turn off basic authorization on the API by june 30, 2010 -- developers
> will have to switch over to OAuth by that time. between now and then, there
> Echo, xAuth, etc. we really want to make this transition as easy as we can
> for everybody.
>
> as always, please feel free to reach out to this group, or to @twitterapi
> directly. if you need help remembering the date -http://bit.ly/twcountdown
> .
>
> --
> for everybody.
>
> as always, please feel free to reach out to this group, or to @twitterapi
> directly. if you need help remembering the date -http://bit.ly/twcountdown
> .
>
> --
Jaanus
Apr 25, 2010, 12:28:17 AM4/25/10
to Twitter Development Talk
Is there any kind of special involvement needed from you every time
someone wants to do OAuth Echo? I thought I'll make my own server for
my own app for some purpose. Judging by the spec you posted on your
blog a while ago (http://mehack.com/oauth-echo-delegation-in-identity-
verificatio), it does not look like some special Twitter involvement
is needed, as long as I implement all that's needed in my app and
server?
J
On Apr 24, 5:44 pm, Raffi Krikorian <ra...@twitter.com> wrote:
> hi tom!
>
> i will be sending more info about it - we've been working with yfrog,
> tweetphoto, and twitpic to get their services migrated - they are either
> finished or are nearly there. if there are others that you would like the
> @twitterapi team involved with to help them get migrated over as well, then
> feel free to drop me an e-mail asking me.
>
someone wants to do OAuth Echo? I thought I'll make my own server for
my own app for some purpose. Judging by the spec you posted on your
blog a while ago (http://mehack.com/oauth-echo-delegation-in-identity-
verificatio), it does not look like some special Twitter involvement
is needed, as long as I implement all that's needed in my app and
server?
J
On Apr 24, 5:44 pm, Raffi Krikorian <ra...@twitter.com> wrote:
> hi tom!
>
> i will be sending more info about it - we've been working with yfrog,
> tweetphoto, and twitpic to get their services migrated - they are either
> finished or are nearly there. if there are others that you would like the
> @twitterapi team involved with to help them get migrated over as well, then
> feel free to drop me an e-mail asking me.
>
> On Sat, Apr 24, 2010 at 10:48 AM, Thomas Woolway <tswool...@gmail.com>wrote:
>
>
>
>
>
> > Hi Raffi,
>
> > Great that we've got a date for basic auth deprecation, but is there any
> > news/timescales on OAuth Echo? We've got nine weeks and counting to get the
> > spec, get the service providers to implement it, build it into clients and
> > get our user-bases to upgrade if they want to be able to upload photos post
> > June 30th. That's easier if you're web based, but not a huge amount of time
> > if you are desktop or mobile based.
>
> > Thanks,
>
> > Tom
>
> > On Sat, Apr 24, 2010 at 4:49 PM, Raffi Krikorian <ra...@twitter.com>wrote:
>
> >> there is a really good chance - now that oauth 2.0 has been submitted as a
> >> drafthttp://tools.ietf.org/html/draft-hammer-oauth2-00, we are going to
>
>
>
>
>
> > Hi Raffi,
>
> > Great that we've got a date for basic auth deprecation, but is there any
> > news/timescales on OAuth Echo? We've got nine weeks and counting to get the
> > spec, get the service providers to implement it, build it into clients and
> > get our user-bases to upgrade if they want to be able to upload photos post
> > June 30th. That's easier if you're web based, but not a huge amount of time
> > if you are desktop or mobile based.
>
> > Thanks,
>
> > Tom
>
> > On Sat, Apr 24, 2010 at 4:49 PM, Raffi Krikorian <ra...@twitter.com>wrote:
>
> >> there is a really good chance - now that oauth 2.0 has been submitted as a
Raffi Krikorian
Apr 25, 2010, 1:30:03 PM4/25/10
to twitter-deve...@googlegroups.com
not at all. twitter.com is already setup completely for oauth echo. at this point, its just 3rd party providers, and end clients. the @twitterapi team is ready to help out any of those that need help.
Dima Brodsky
Apr 25, 2010, 2:36:26 PM4/25/10
to twitter-development-talk
Hey,
What's the timeline like, if you know, for the streaming api?
Thanks!
ttyl
Dima
--
Twitter API documentation and resources: http://apiwiki.twitter.com
API updates via Twitter: http://twitter.com/twitterapi
Change your membership to this group: http://groups.google.com/group/twitter-api-announce?hl=en
Raffi Krikorian
Apr 25, 2010, 2:51:36 PM4/25/10
to twitter-deve...@googlegroups.com
it will be a while longer before streaming is converted. we'll of course, keep you as updated as possible!
jaronbarends
Apr 25, 2010, 3:49:40 AM4/25/10
to Twitter Development Talk
I moved my web based app from basic auth to oAuth just last week. I
subsequently got several pleas from Chinese users to put the old
version back up, as they could no longer use my app, since access to
Twitter.com is blocked in China.
This issue has discussed in this group before here:
https://groups.google.com/group/twitter-development-talk/browse_thread/thread/39b8b326d8b679c6
Being a frontend developer, I may have misunderstood the outcome of
that discussion (I certainly hope so). But from Raffi's last comment
there ("understood, but, right now, not in the plan. web apps will
have to use the standard oauth workflow.") I understand that web app
users in countries like China where twitter is blocked will simply no
longer be able to use Twitter via the web.
Have I understood this correctly? If not, how can I make sure users in
blocked countries can still use my web app? If my users can no longer
use my app, what do you suggest I recommend them?
Jaron
On Apr 24, 5:40 pm, Raffi Krikorian <ra...@twitter.com> wrote:
> hi all.
>
> you're going to be hearing a lot from me over the next 9 weeks. our plan is
> to turn off basic authorization on the API by june 30, 2010 -- developers
> will have to switch over to OAuth by that time. between now and then, there
> will be a *lot* of information coming along with tips on how to use OAuth
subsequently got several pleas from Chinese users to put the old
version back up, as they could no longer use my app, since access to
Twitter.com is blocked in China.
This issue has discussed in this group before here:
https://groups.google.com/group/twitter-development-talk/browse_thread/thread/39b8b326d8b679c6
Being a frontend developer, I may have misunderstood the outcome of
that discussion (I certainly hope so). But from Raffi's last comment
there ("understood, but, right now, not in the plan. web apps will
have to use the standard oauth workflow.") I understand that web app
users in countries like China where twitter is blocked will simply no
longer be able to use Twitter via the web.
Have I understood this correctly? If not, how can I make sure users in
blocked countries can still use my web app? If my users can no longer
use my app, what do you suggest I recommend them?
Jaron
On Apr 24, 5:40 pm, Raffi Krikorian <ra...@twitter.com> wrote:
> hi all.
>
> you're going to be hearing a lot from me over the next 9 weeks. our plan is
> to turn off basic authorization on the API by june 30, 2010 -- developers
> will have to switch over to OAuth by that time. between now and then, there
> Echo, xAuth, etc. we really want to make this transition as easy as we can
> for everybody.
>
> as always, please feel free to reach out to this group, or to @twitterapi
> directly. if you need help remembering the date -http://bit.ly/twcountdown
> .
>
> --
> for everybody.
>
> as always, please feel free to reach out to this group, or to @twitterapi
> directly. if you need help remembering the date -http://bit.ly/twcountdown
> .
>
> --
Craig Hockenberry
Apr 25, 2010, 4:22:22 PM4/25/10
to Twitter Development Talk
Hi Raffi!
Is there a delay/verification after a new app is created? I just
created a new app and am seeing problems getting the OAuth token with
a xAuth HTTP request that looks like this:
xAuth consumer key = N3fq77IdBT4qfglbcb4njg, consumer secret =
REDACTED
xAuth URL = https://api.twitter.com/oauth/access_token
xAuth HTTP method = POST, shouldHandleCookies = NO, cachePolicy =
NSURLRequestReloadIgnoringCacheData
xAuth HTTP headers = {
"Content-Length" = 78;
"Content-Type" = "application/x-www-form-urlencoded";
}
xAuth HTTP body =
x_auth_mode=client_auth&x_auth_username=REDACTED&x_auth_password=REDACTED
I get back a status code of 0 and a response of "Failed to validate
oauth signature and token".
For an older application with different consumer information (key =
5CAYV1DR5uwhVRJDBrepw) but the same username and password), I get back
a code of 200 and an empty response.
If there is indeed a delay for this information to propagate, you need
to let people know...
-ch
On Apr 24, 8:40 am, Raffi Krikorian <ra...@twitter.com> wrote:
> hi all.
>
> you're going to be hearing a lot from me over the next 9 weeks. our plan is
> to turn off basic authorization on the API by june 30, 2010 -- developers
> will have to switch over to OAuth by that time. between now and then, there
> will be a *lot* of information coming along with tips on how to use OAuth
Is there a delay/verification after a new app is created? I just
created a new app and am seeing problems getting the OAuth token with
a xAuth HTTP request that looks like this:
xAuth consumer key = N3fq77IdBT4qfglbcb4njg, consumer secret =
REDACTED
xAuth URL = https://api.twitter.com/oauth/access_token
xAuth HTTP method = POST, shouldHandleCookies = NO, cachePolicy =
NSURLRequestReloadIgnoringCacheData
xAuth HTTP headers = {
"Content-Length" = 78;
"Content-Type" = "application/x-www-form-urlencoded";
}
xAuth HTTP body =
x_auth_mode=client_auth&x_auth_username=REDACTED&x_auth_password=REDACTED
I get back a status code of 0 and a response of "Failed to validate
oauth signature and token".
For an older application with different consumer information (key =
5CAYV1DR5uwhVRJDBrepw) but the same username and password), I get back
a code of 200 and an empty response.
If there is indeed a delay for this information to propagate, you need
to let people know...
-ch
On Apr 24, 8:40 am, Raffi Krikorian <ra...@twitter.com> wrote:
> hi all.
>
> you're going to be hearing a lot from me over the next 9 weeks. our plan is
> to turn off basic authorization on the API by june 30, 2010 -- developers
> will have to switch over to OAuth by that time. between now and then, there
> Echo, xAuth, etc. we really want to make this transition as easy as we can
> for everybody.
>
> as always, please feel free to reach out to this group, or to @twitterapi
> directly. if you need help remembering the date -http://bit.ly/twcountdown
> .
>
> --
> for everybody.
>
> as always, please feel free to reach out to this group, or to @twitterapi
> directly. if you need help remembering the date -http://bit.ly/twcountdown
> .
>
> --
Marco Kaiser
Apr 25, 2010, 4:26:28 PM4/25/10
to twitter-deve...@googlegroups.com
Did you whitelist your app for xAuth?
> to turn...
> Twitter Platform Teamhttp://twitter.com/raffi
>
> --
> Subscription settings:http://groups.google....
Raffi Krikorian
Apr 25, 2010, 4:29:41 PM4/25/10
to twitter-deve...@googlegroups.com
hi craig.
have you gotten access to xAuth? applications are not, by default, given access to xAuth - if you e-mail a...@twitter.com with
- your client token; and
- a description of your application
then we can grant it access.
Dean Collins
Apr 25, 2010, 4:36:54 PM4/25/10
to twitter-deve...@googlegroups.com
Jaron,
Why not use oAuth on a desktop client as well as the web client?
This way your Chinese users can still use the app? We are thinking of enabling oauth for MyPostButler in the same format but haven't decided if it's worth the effort until we get the all clear from twitter they wont kill the application once we move to oauth..
Cheers,
Dean
Why not use oAuth on a desktop client as well as the web client?
This way your Chinese users can still use the app? We are thinking of enabling oauth for MyPostButler in the same format but haven't decided if it's worth the effort until we get the all clear from twitter they wont kill the application once we move to oauth..
Cheers,
Dean
Craig Hockenberry
Apr 25, 2010, 4:39:09 PM4/25/10
to Twitter Development Talk
No, I didn't ask for access. I guess that's the bug: there's no place
during the signup process that tells you that you need to go through a
manual process to get xAuth access...
-ch
On Apr 25, 1:29 pm, Raffi Krikorian <ra...@twitter.com> wrote:
> hi craig.
>
> have you gotten access to xAuth? applications are not, by default, given
> access to xAuth - if you e-mail a...@twitter.com with
>
> - your client token; and
> - a description of your application
during the signup process that tells you that you need to go through a
manual process to get xAuth access...
-ch
On Apr 25, 1:29 pm, Raffi Krikorian <ra...@twitter.com> wrote:
> hi craig.
>
> have you gotten access to xAuth? applications are not, by default, given
> access to xAuth - if you e-mail a...@twitter.com with
>
> - a description of your application
>
> then we can grant it access.
>
> On Sun, Apr 25, 2010 at 1:22 PM, Craig Hockenberry <
>
>
>
>
>
> craig.hockenbe...@gmail.com> wrote:
> > Hi Raffi!
>
> > Is there a delay/verification after a new app is created? I just
> > created a new app and am seeing problems getting the OAuth token with
> > a xAuth HTTP request that looks like this:
>
> > xAuth consumer key = N3fq77IdBT4qfglbcb4njg, consumer secret =
> > REDACTED
> > xAuth URL =https://api.twitter.com/oauth/access_token
> then we can grant it access.
>
> On Sun, Apr 25, 2010 at 1:22 PM, Craig Hockenberry <
>
>
>
>
>
> craig.hockenbe...@gmail.com> wrote:
> > Hi Raffi!
>
> > Is there a delay/verification after a new app is created? I just
> > created a new app and am seeing problems getting the OAuth token with
> > a xAuth HTTP request that looks like this:
>
> > xAuth consumer key = N3fq77IdBT4qfglbcb4njg, consumer secret =
> > REDACTED
Abraham Williams
Apr 25, 2010, 4:40:39 PM4/25/10
to twitter-deve...@googlegroups.com
It is specified on the XAuth documentation.
Dewald Pretorius
Apr 25, 2010, 9:52:55 PM4/25/10
to Twitter Development Talk
Raffi,
We really need a resolution for this issue before Basic Auth is
deprecated.
It sounds as if Twitter is telling developers of web apps that they
cannot provide service to Chinese users, and other users behind
firewalls that block access to twitter.com. But that can't be right,
can it?
On Apr 25, 4:49 am, jaronbarends <jaronbare...@gmail.com> wrote:
> I moved my web based app from basic auth to oAuth just last week. I
> subsequently got several pleas from Chinese users to put the old
> version back up, as they could no longer use my app, since access to
> Twitter.com is blocked in China.
>
> This issue has discussed in this group before here:https://groups.google.com/group/twitter-development-talk/browse_threa...
We really need a resolution for this issue before Basic Auth is
deprecated.
It sounds as if Twitter is telling developers of web apps that they
cannot provide service to Chinese users, and other users behind
firewalls that block access to twitter.com. But that can't be right,
can it?
On Apr 25, 4:49 am, jaronbarends <jaronbare...@gmail.com> wrote:
> I moved my web based app from basic auth to oAuth just last week. I
> subsequently got several pleas from Chinese users to put the old
> version back up, as they could no longer use my app, since access to
> Twitter.com is blocked in China.
>
Abraham Williams
Apr 25, 2010, 10:04:38 PM4/25/10
to twitter-deve...@googlegroups.com
It is not twitter telling you it is China.
--
Little androids dreaming of Nexus Ones compiled this text.
On Apr 25, 2010 6:53 PM, "Dewald Pretorius" <dpr...@gmail.com> wrote:
Raffi,
We really need a resolution for this issue before Basic Auth is
deprecated.
It sounds as if Twitter is telling developers of web apps that they
cannot provide service to Chinese users, and other users behind
firewalls that block access to twitter.com. But that can't be right,
can it?
On Apr 25, 4:49 am, jaronbarends <jaronbare...@gmail.com> wrote:
> I moved my web based app from ba...
> This issue has discussed in this group before here:https://groups.google.com/group/twitter-development-talk/browse_threa...
>
> Being a frontend developer, I may have misunderstood the outcome of
> that discussion (I certain...
Ron B
Apr 25, 2010, 10:54:54 PM4/25/10
to Twitter Development Talk
China's policy didn't just recently change, Twitter's did. So it is
Twitter telling us that we may not be able to support China and other
firewall blocked countries any longer. It is, after all, within
Twitter's power to continue to support Basic Auth. It is their
conscious decision not to, despite the significant negative
ramifications being brought to their attention.
In an earlier comment from Twitter: " twitter.com is trying to drive
people to understand and discover what's going on in the world." No
one in the world needs to "understand and discover what's going on"
more than the people of these communist-block countries that otherwise
see only what their governments allow them to see. It is unfortunate
that Twitter plans to turn their back on them. Then again, what's a
billion people here or there?...
Twitter telling us that we may not be able to support China and other
firewall blocked countries any longer. It is, after all, within
Twitter's power to continue to support Basic Auth. It is their
conscious decision not to, despite the significant negative
ramifications being brought to their attention.
In an earlier comment from Twitter: " twitter.com is trying to drive
people to understand and discover what's going on in the world." No
one in the world needs to "understand and discover what's going on"
more than the people of these communist-block countries that otherwise
see only what their governments allow them to see. It is unfortunate
that Twitter plans to turn their back on them. Then again, what's a
billion people here or there?...
Raffi Krikorian
Apr 25, 2010, 11:34:05 PM4/25/10
to twitter-deve...@googlegroups.com
before this gets out of hand - i, personally, am very sensitive to these issues. i've been spending some brain power trying to come up with a solution. if people have suggestions, then please feel free to reach out to me personally and off list.
Dewald Pretorius
Apr 26, 2010, 8:25:39 AM4/26/10
to Twitter Development Talk
Raffi,
One solution, which I know won't win the popularity prize, is for
Twitter to relax its XAuth restrictions and allow web apps to use full
OAuth and/or XAuth, depending on what works best for them.
In my case, I will still use full OAuth because it's so much better
than dealing with Twitter credential issues. But, I will add a small
link below the Twitter authorize button on my site that says something
like, "Can't get to Twitter.com?" which then leads to a username-
password entry form, and then triggers an XAuth authorization.
One solution, which I know won't win the popularity prize, is for
Twitter to relax its XAuth restrictions and allow web apps to use full
OAuth and/or XAuth, depending on what works best for them.
In my case, I will still use full OAuth because it's so much better
than dealing with Twitter credential issues. But, I will add a small
link below the Twitter authorize button on my site that says something
like, "Can't get to Twitter.com?" which then leads to a username-
password entry form, and then triggers an XAuth authorization.
Raffi Krikorian
Apr 26, 2010, 8:36:09 AM4/26/10
to twitter-deve...@googlegroups.com
One solution, which I know won't win the popularity prize, is for
Twitter to relax its XAuth restrictions and allow web apps to use full
OAuth and/or XAuth, depending on what works best for them.
In my case, I will still use full OAuth because it's so much better
than dealing with Twitter credential issues. But, I will add a small
link below the Twitter authorize button on my site that says something
like, "Can't get to Twitter.com?" which then leads to a username-
password entry form, and then triggers an XAuth authorization.
unfortunately, this defeats the purpose of oauth :(
Dewald Pretorius
Apr 26, 2010, 8:43:04 AM4/26/10
to Twitter Development Talk
I know it's a compromise. But, it does serve the needs of a very large
number of users.
Maybe you could monitor the authentication profile of a web app. If it
uses more XAuth than OAuth, then you know you need to contact the
owner. Or, you can set an automated percentage threshold, such as
"XAuth authentications from a particular consumer key cannot exceed
25% of all authentications from that key."
number of users.
Maybe you could monitor the authentication profile of a web app. If it
uses more XAuth than OAuth, then you know you need to contact the
owner. Or, you can set an automated percentage threshold, such as
"XAuth authentications from a particular consumer key cannot exceed
25% of all authentications from that key."
Dewald Pretorius
Apr 26, 2010, 8:48:46 AM4/26/10
to Twitter Development Talk
In fact, you could set a threshold per consumer key that you can vary.
In other words, you can then allow a higher percentage XAuth (even
100%) to an app that caters largely to a Chinese market. And 0% or 10%
to an app that caters largely to the USA market.
In other words, you can then allow a higher percentage XAuth (even
100%) to an app that caters largely to a Chinese market. And 0% or 10%
to an app that caters largely to the USA market.
Dean Collins
Apr 26, 2010, 9:32:57 AM4/26/10
to twitter-deve...@googlegroups.com
But for a desktop client it doesn’t really matter now does it?
I’m still not buying it that oauth is going add any value for desktop clients with regards to password security. Basically you are now storing token in the desktop client instead of password.
Same difference if you are worried about the end users pc getting hacked.
Cheers,
Dean
jaronbarends
Apr 26, 2010, 10:43:21 AM4/26/10
to Twitter Development Talk
@raffi thanks for your replies. I didn't mean to start a discussion
about Twitter's policy here (although I can imagine some people would
like to discuss it elsewhere). I'm mostly interested in finding a
solution.
@dean: I'm not sure I understand your suggestion about using oAuth for
both the desktop and the web app. Did you mean letting the users allow
access through the desktop app, then storing the username/token
combination in a central database and using that database for the web
app too? That wouldn't work for me since I do not have a desktop app,
end I do not store anything in a database...
about Twitter's policy here (although I can imagine some people would
like to discuss it elsewhere). I'm mostly interested in finding a
solution.
@dean: I'm not sure I understand your suggestion about using oAuth for
both the desktop and the web app. Did you mean letting the users allow
access through the desktop app, then storing the username/token
combination in a central database and using that database for the web
app too? That wouldn't work for me since I do not have a desktop app,
end I do not store anything in a database...
John Meyer
Apr 26, 2010, 10:48:29 AM4/26/10
to twitter-deve...@googlegroups.com
On 4/26/2010 8:43 AM, jaronbarends wrote:
> @raffi thanks for your replies. I didn't mean to start a discussion
> about Twitter's policy here (although I can imagine some people would
> like to discuss it elsewhere). I'm mostly interested in finding a
> solution.
>
> @dean: I'm not sure I understand your suggestion about using oAuth for
> both the desktop and the web app. Did you mean letting the users allow
> access through the desktop app, then storing the username/token
> combination in a central database and using that database for the web
> app too? That wouldn't work for me since I do not have a desktop app,
> end I do not store anything in a database...
no I think he meant that you can use the oAuth for EITHER the desktop or
> @raffi thanks for your replies. I didn't mean to start a discussion
> about Twitter's policy here (although I can imagine some people would
> like to discuss it elsewhere). I'm mostly interested in finding a
> solution.
>
> @dean: I'm not sure I understand your suggestion about using oAuth for
> both the desktop and the web app. Did you mean letting the users allow
> access through the desktop app, then storing the username/token
> combination in a central database and using that database for the web
> app too? That wouldn't work for me since I do not have a desktop app,
> end I do not store anything in a database...
the web. You wouldn't even need to store the username; just the token
and the token_secret. And the database can be anything from an actual
RDBMS to a text file stored on the server (although with the fact that
almost every web host that you pay for provides at least MySQL and the
fact that text files are notoriously insecure you should be thinking
about upgrading).
Dean Collins
Apr 26, 2010, 11:09:38 AM4/26/10
to twitter-deve...@googlegroups.com
-----Original Message-----
From: twitter-deve...@googlegroups.com
[mailto:twitter-deve...@googlegroups.com] On Behalf Of John
Meyer
Sent: Monday, April 26, 2010 10:48 AM
To: twitter-deve...@googlegroups.com
Subject: Re: [twitter-dev] Re: countdown to OAuth / basic auth removal /
OAuthcalypse
You're still thinking webapps instead of desktop (yes I realize I'm in
the minority here).
Cheers,
Dean
John Meyer
Apr 26, 2010, 11:27:45 AM4/26/10
to twitter-deve...@googlegroups.com
monkeyninja
Apr 26, 2010, 2:08:46 PM4/26/10
to Twitter Development Talk
Hi Raffi,
Not sure if I am following this correctly or not, but basically I have
been developing a plugin for Textpattern for a while that uses basic
authorisation to update a Twitter feed based on the username/password
set for the plugin. Does this change mean that the user would now be
temporarily passed back to Twitter before they would be authorised? I
am hoping this isn't the case as it would make the plugin somewhat
useless to the people using it.
On Apr 24, 4:40 pm, Raffi Krikorian <ra...@twitter.com> wrote:
> hi all.
>
> you're going to be hearing a lot from me over the next 9 weeks. our plan is
> to turn off basic authorization on the API by june 30, 2010 -- developers
> will have to switch over to OAuth by that time. between now and then, there
> will be a *lot* of information coming along with tips on how to use OAuth
> Echo, xAuth, etc. we really want to make this transition as easy as we can
> for everybody.
>
> as always, please feel free to reach out to this group, or to @twitterapi
> directly. if you need help remembering the date -http://bit.ly/twcountdown
> .
>
Not sure if I am following this correctly or not, but basically I have
been developing a plugin for Textpattern for a while that uses basic
authorisation to update a Twitter feed based on the username/password
set for the plugin. Does this change mean that the user would now be
temporarily passed back to Twitter before they would be authorised? I
am hoping this isn't the case as it would make the plugin somewhat
useless to the people using it.
On Apr 24, 4:40 pm, Raffi Krikorian <ra...@twitter.com> wrote:
> hi all.
>
> you're going to be hearing a lot from me over the next 9 weeks. our plan is
> to turn off basic authorization on the API by june 30, 2010 -- developers
> will have to switch over to OAuth by that time. between now and then, there
> will be a *lot* of information coming along with tips on how to use OAuth
> Echo, xAuth, etc. we really want to make this transition as easy as we can
> for everybody.
>
> as always, please feel free to reach out to this group, or to @twitterapi
> directly. if you need help remembering the date -http://bit.ly/twcountdown
> .
>
Raffi Krikorian
Apr 26, 2010, 2:15:00 PM4/26/10
to twitter-deve...@googlegroups.com
i don't know very much about textpattern, however, might @anywhere be a solution for this?
Craig Hockenberry
Apr 26, 2010, 2:30:25 PM4/26/10
to Twitter Development Talk
It's not in this documentation, which is the first thing I found:
<http://dev.twitter.com/pages/auth>
-ch
<http://dev.twitter.com/pages/auth>
-ch
Raffi Krikorian
Apr 26, 2010, 2:34:43 PM4/26/10
to twitter-deve...@googlegroups.com
taylor mentioned to me (in passing) that he would be updating that page ASAP.
monkeyninja
Apr 26, 2010, 3:43:30 PM4/26/10
to Twitter Development Talk
Thanks for getting back to me. I don't believe @anywhere is of use to
me. My plugin is for updating a site's Twitter account when a new
article is published (Textpattern is a CMS). The site's administrator
would have knowledge of the username/password for the relevant Twitter
account (that are stored by the site); however, other editors/staff
using it would not necessarily have access to this information. For
the majority of deployments of this plugin it is just not possible for
this information to be realistically shared. I am not looking for a
way for site visitors to update their individual Twitter accounts,
just the site to update its related Twitter account. Does this make
sense and is it still doable with the coming changes?
me. My plugin is for updating a site's Twitter account when a new
article is published (Textpattern is a CMS). The site's administrator
would have knowledge of the username/password for the relevant Twitter
account (that are stored by the site); however, other editors/staff
using it would not necessarily have access to this information. For
the majority of deployments of this plugin it is just not possible for
this information to be realistically shared. I am not looking for a
way for site visitors to update their individual Twitter accounts,
just the site to update its related Twitter account. Does this make
sense and is it still doable with the coming changes?
Jaanus
Apr 26, 2010, 7:52:49 PM4/26/10
to Twitter Development Talk
> I'm still not buying it that oauth is going add any value for desktop
> clients with regards to password security. Basically you are now storing
> token in the desktop client instead of password.
The added security is that either your malicious app, or, say some
> clients with regards to password security. Basically you are now storing
> token in the desktop client instead of password.
trojan in the user's computer, cannot grab the token and get full user
privileges. If you store password, they can log on, change the
password and email on the account, and cause all other sorts of
trouble. with oAuth, the damage is limited to one user/app
combination, they cannot grab the token and change, say, the user's
email address on file. (Looks like the user's email address is not
exposed anywhere in the API, and that's a good thing.) The user can
clearly see what apps have permission to act on their behalf, and can
revoke access app-by-app, instead of having to change the password in
all apps.
A more practical example of improved security is that in the past, I
have myself had instances where I have changed my twitter password,
but forgot to change it in apps using basic auth. And apps are
implemented crappily (OTHER people's apps, but never yours, right? ;)
and do not check response when signing in and keep hammering the API
with wrong password. End result - my account is locked out due to what
looks like bruteforce hacking, and I need to go and reset it. Doable,
but annoying.
There are other benefits, but these two are very obvious and
practical. Deprecating Basic Auth in favor of OAuth will be painful
for both Twitter and lazy/bad developers (if you are a good developer,
OAuth won't really bother you at all), but I commend Twitter for doing
this.
J
Dave Sherohman
Apr 27, 2010, 3:11:29 AM4/27/10
to twitter-deve...@googlegroups.com
On Mon, Apr 26, 2010 at 11:09:38AM -0400, Dean Collins wrote:
> Yeh but John, who is going to install MySQL for a desktop client?
1) John was responding to someone who said a database "wouldn't work for
> Yeh but John, who is going to install MySQL for a desktop client?
[him] since I do not have a desktop app, end I do not store anything in
a database". If he doesn't have a desktop app, then he's talking about
a web app and, as John said, pretty much every web host out there gives
you MySQL, no installation required.
2) MySQL isn't the only RDBMS out there... If I were writing a desktop
app which needed to handle significant amounts of data, I'd use SQLite.
The SQLite libraries in every language I'm aware of aren't just
interfaces to the database, but rather contain the entire database
engine, so there's no external application to install. This is a well-
proven approach, with Firefox probably being the biggest-name
application using an embedded SQLite database engine to handle its data.
http://en.wikipedia.org/wiki/SQLite
--
Dave Sherohman
M. Edward (Ed) Borasky
Apr 27, 2010, 3:22:34 AM4/27/10
to twitter-deve...@googlegroups.com, Dave Sherohman
On 04/27/2010 12:11 AM, Dave Sherohman wrote:
> On Mon, Apr 26, 2010 at 11:09:38AM -0400, Dean Collins wrote:
>> Yeh but John, who is going to install MySQL for a desktop client?
>
> 1) John was responding to someone who said a database "wouldn't work for
> [him] since I do not have a desktop app, end I do not store anything in
> a database". If he doesn't have a desktop app, then he's talking about
> a web app and, as John said, pretty much every web host out there gives
> you MySQL, no installation required.
>
> 2) MySQL isn't the only RDBMS out there... If I were writing a desktop
> app which needed to handle significant amounts of data, I'd use SQLite.
> The SQLite libraries in every language I'm aware of aren't just
> interfaces to the database, but rather contain the entire database
> engine, so there's no external application to install. This is a well-
> proven approach, with Firefox probably being the biggest-name
> application using an embedded SQLite database engine to handle its data.
>
> http://en.wikipedia.org/wiki/SQLite
>
>
Fortunately, SQLite is small enough that having dozens of applications,
> On Mon, Apr 26, 2010 at 11:09:38AM -0400, Dean Collins wrote:
>> Yeh but John, who is going to install MySQL for a desktop client?
>
> 1) John was responding to someone who said a database "wouldn't work for
> [him] since I do not have a desktop app, end I do not store anything in
> a database". If he doesn't have a desktop app, then he's talking about
> a web app and, as John said, pretty much every web host out there gives
> you MySQL, no installation required.
>
> 2) MySQL isn't the only RDBMS out there... If I were writing a desktop
> app which needed to handle significant amounts of data, I'd use SQLite.
> The SQLite libraries in every language I'm aware of aren't just
> interfaces to the database, but rather contain the entire database
> engine, so there's no external application to install. This is a well-
> proven approach, with Firefox probably being the biggest-name
> application using an embedded SQLite database engine to handle its data.
>
> http://en.wikipedia.org/wiki/SQLite
>
>
each with its own embedded binary of SQLite, doesn't run you out of RAM. ;-)
--
M. Edward (Ed) Borasky
borasky-research.net/m-edward-ed-borasky
"A mathematician is a device for turning coffee into theorems." ~ Paul Erdős
jaronbarends
Apr 27, 2010, 6:32:06 AM4/27/10
to Twitter Development Talk
@Dave
Thanks for your suggestion. I do indeed have a mysql, but haven't seen
the need to implement it in my app (http://twimply.com) since it
basicly only offers an alternative web interface for using twitter.
The only mentioned using a database as a possible solution: creating a
desktop app that let's my users allow permission through xAuth, Then I
would have to access the the same database from the web app, and re-
use those tokens. Another problem with that is that the tokens will be
bound to the desktop app, and not to the web app. So to make that
work, Twitter would have to make it possible to link the tokens of a
desktop app and a web app.
For me this is purely hypothetical, since I do not have the skills nor
the resources to create a desktop app.
jarón
Thanks for your suggestion. I do indeed have a mysql, but haven't seen
the need to implement it in my app (http://twimply.com) since it
basicly only offers an alternative web interface for using twitter.
The only mentioned using a database as a possible solution: creating a
desktop app that let's my users allow permission through xAuth, Then I
would have to access the the same database from the web app, and re-
use those tokens. Another problem with that is that the tokens will be
bound to the desktop app, and not to the web app. So to make that
work, Twitter would have to make it possible to link the tokens of a
desktop app and a web app.
For me this is purely hypothetical, since I do not have the skills nor
the resources to create a desktop app.
jarón
John Meyer
Apr 27, 2010, 7:56:28 AM4/27/10
to twitter-deve...@googlegroups.com
On 4/27/2010 4:32 AM, jaronbarends wrote:
> @Dave
>
> Thanks for your suggestion. I do indeed have a mysql, but haven't seen
> the need to implement it in my app (http://twimply.com) since it
> basicly only offers an alternative web interface for using twitter.
>
> The only mentioned using a database as a possible solution: creating a
> desktop app that let's my users allow permission through xAuth, Then I
> would have to access the the same database from the web app, and re-
> use those tokens. Another problem with that is that the tokens will be
> bound to the desktop app, and not to the web app. So to make that
> work, Twitter would have to make it possible to link the tokens of a
> desktop app and a web app.
>
> For me this is purely hypothetical, since I do not have the skills nor
> the resources to create a desktop app.
>
> jarón
>
First off all you really need is Visual Basic/Studio Express, and that's
> @Dave
>
> Thanks for your suggestion. I do indeed have a mysql, but haven't seen
> the need to implement it in my app (http://twimply.com) since it
> basicly only offers an alternative web interface for using twitter.
>
> The only mentioned using a database as a possible solution: creating a
> desktop app that let's my users allow permission through xAuth, Then I
> would have to access the the same database from the web app, and re-
> use those tokens. Another problem with that is that the tokens will be
> bound to the desktop app, and not to the web app. So to make that
> work, Twitter would have to make it possible to link the tokens of a
> desktop app and a web app.
>
> For me this is purely hypothetical, since I do not have the skills nor
> the resources to create a desktop app.
>
> jarón
>
free.
Second, you may not be able to directly do that, but what you could do
is have your desktop app use an API exposed from your web site, which
would use one set of tokens that the users already uses from the web
site directly. Catch the drift.
Eoin
Apr 27, 2010, 7:52:28 AM4/27/10
to Twitter Development Talk
Hi,
This is probably a basic question - but what is the best option if you
have written an integration for a web-based application that is
installed on multiple sites?
The URL is going to change per installation (and won't be publicly
accessible), and I would really like to minimise the impact to the
application's administrators and users.
thanks,
Eoin
On Apr 24, 4:40 pm, Raffi Krikorian <ra...@twitter.com> wrote:
> hi all.
>
> you're going to be hearing a lot from me over the next 9 weeks. our plan is
> to turn off basic authorization on the API by june 30, 2010 -- developers
> will have to switch over to OAuth by that time. between now and then, there
> will be a *lot* of information coming along with tips on how to use OAuth
> Echo, xAuth, etc. we really want to make this transition as easy as we can
> for everybody.
>
> as always, please feel free to reach out to this group, or to @twitterapi
> directly. if you need help remembering the date -http://bit.ly/twcountdown
This is probably a basic question - but what is the best option if you
have written an integration for a web-based application that is
installed on multiple sites?
The URL is going to change per installation (and won't be publicly
accessible), and I would really like to minimise the impact to the
application's administrators and users.
thanks,
Eoin
On Apr 24, 4:40 pm, Raffi Krikorian <ra...@twitter.com> wrote:
> hi all.
>
> you're going to be hearing a lot from me over the next 9 weeks. our plan is
> to turn off basic authorization on the API by june 30, 2010 -- developers
> will have to switch over to OAuth by that time. between now and then, there
> will be a *lot* of information coming along with tips on how to use OAuth
> Echo, xAuth, etc. we really want to make this transition as easy as we can
> for everybody.
>
> as always, please feel free to reach out to this group, or to @twitterapi
John Meyer
Apr 27, 2010, 9:13:24 AM4/27/10
to twitter-deve...@googlegroups.com
On 4/27/2010 5:52 AM, Eoin wrote:
> Hi,
>
> This is probably a basic question - but what is the best option if you
> have written an integration for a web-based application that is
> installed on multiple sites?
>
> The URL is going to change per installation (and won't be publicly
> accessible), and I would really like to minimise the impact to the
> application's administrators and users.
>
> thanks,
>
> Eoin
If the app stores twitter usernames/passwords in combo, one solution may
> Hi,
>
> This is probably a basic question - but what is the best option if you
> have written an integration for a web-based application that is
> installed on multiple sites?
>
> The URL is going to change per installation (and won't be publicly
> accessible), and I would really like to minimise the impact to the
> application's administrators and users.
>
> thanks,
>
> Eoin
be to use xAuth and run a batch job to convert. Once you've converted
over to tokens, ditch the passwords and you're done.
Lil Peck
Apr 27, 2010, 1:36:19 PM4/27/10
to twitter-deve...@googlegroups.com
Jason Wong
Apr 28, 2010, 12:05:32 PM4/28/10
to twitter-deve...@googlegroups.com
Raffi, does the discontinuation of basic authorization on the API also
effect the Streaming API or just the REST API?
Thanks,
Jason.
Raffi Krikorian wrote:
Thanks,
Jason.
Raffi Krikorian wrote:
hi all.
you're going to be hearing a lot from me over the next 9 weeks. our plan is to turn off basic authorization on the API by june 30, 2010 -- developers will have to switch over to OAuth by that time. between now and then, there will be a lot of information coming along with tips on how to use OAuth Echo, xAuth, etc. we really want to make this transition as easy as we can for everybody.
as always, please feel free to reach out to this group, or to @twitterapi directly. if you need help remembering the date - http://bit.ly/twcountdown.
--
John Kalucki
Apr 28, 2010, 12:24:52 PM4/28/10
to twitter-deve...@googlegroups.com
Eventually the Streaming API will be all oAuth as well, but on a
different, yet to be determined, schedule.
User Streams will launch with oAuth. The preview will switch over to oAuth soon.
-John
different, yet to be determined, schedule.
User Streams will launch with oAuth. The preview will switch over to oAuth soon.
-John
Raffi Krikorian
Apr 28, 2010, 12:47:56 PM4/28/10
to twitter-deve...@googlegroups.com
Jason Wong
Apr 28, 2010, 3:32:31 PM4/28/10
to twitter-deve...@googlegroups.com
I guess to be more specific, will we still be able to use the Streaming
API with basic auth after June 30th if there is no oAuth implementation
for it?
API with basic auth after June 30th if there is no oAuth implementation
for it?
Raffi Krikorian
Apr 28, 2010, 3:54:26 PM4/28/10
to twitter-deve...@googlegroups.com
yes.
Sheng Luo
May 5, 2010, 8:12:19 PM5/5/10
to Twitter Development Talk
Hi guys,
I'm a developer from China who wanted to get the xAuth access for a
web-based application the other day, but was rejected due to Twitter's
policy. Brain replied to my ticket and said that I could join the
discussion here. So let's get back to the topic a little bit and see
if there's a solution for the Chinese users to continue using Twitter,
if Twitter is not going to change its policy?
On Apr 26, 10:54 am, Ron B <rbther...@gmail.com> wrote:
> China'spolicy didn't just recently change, Twitter's did. So it is
> Twitter telling us that we may not be able to supportChinaand other
I'm a developer from China who wanted to get the xAuth access for a
web-based application the other day, but was rejected due to Twitter's
policy. Brain replied to my ticket and said that I could join the
discussion here. So let's get back to the topic a little bit and see
if there's a solution for the Chinese users to continue using Twitter,
if Twitter is not going to change its policy?
On Apr 26, 10:54 am, Ron B <rbther...@gmail.com> wrote:
> China'spolicy didn't just recently change, Twitter's did. So it is
> Twitter telling us that we may not be able to supportChinaand other
> firewall blocked countries any longer. It is, after all, within
> Twitter's power to continue to support Basic Auth. It is their
> conscious decision not to, despite the significant negative
> ramifications being brought to their attention.
>
> In an earlier comment from Twitter: " twitter.com is trying to drive
> people to understand and discover what's going on in the world." No
> one in the world needs to "understand and discover what's going on"
> more than the people of these communist-block countries that otherwise
> see only what their governments allow them to see. It is unfortunate
> that Twitter plans to turn their back on them. Then again, what's a
> billion people here or there?...
>
> Twitter's power to continue to support Basic Auth. It is their
> conscious decision not to, despite the significant negative
> ramifications being brought to their attention.
>
> In an earlier comment from Twitter: " twitter.com is trying to drive
> people to understand and discover what's going on in the world." No
> one in the world needs to "understand and discover what's going on"
> more than the people of these communist-block countries that otherwise
> see only what their governments allow them to see. It is unfortunate
> that Twitter plans to turn their back on them. Then again, what's a
> billion people here or there?...
>
> On Apr 25, 9:04 pm, Abraham Williams <4bra...@gmail.com> wrote:
>
> > It is not twitter telling you it isChina.
>
> > --
> > Little androids dreaming of Nexus Ones compiled this text.
>
> > On Apr 25, 2010 6:53 PM, "Dewald Pretorius" <dpr...@gmail.com> wrote:
>
> > Raffi,
>
> > We really need a resolution for this issue before Basic Auth is
> > deprecated.
>
> > It sounds as if Twitter is telling developers of web apps that they
> > cannot provide service to Chinese users, and other users behind
> > firewalls that block access to twitter.com. But that can't be right,
> > can it?
>
> > On Apr 25, 4:49 am, jaronbarends <jaronbare...@gmail.com> wrote:> I moved my web based app from ba...
> > > This issue has discussed in this group before here:
>
> >https://groups.google.com/group/twitter-development-talk/browse_threa...
>
> > > Being a frontend developer, I may have misunderstood the outcome of
> > > that discussion (I certain...
>
>
> > It is not twitter telling you it isChina.
>
> > --
> > Little androids dreaming of Nexus Ones compiled this text.
>
> > On Apr 25, 2010 6:53 PM, "Dewald Pretorius" <dpr...@gmail.com> wrote:
>
> > Raffi,
>
> > We really need a resolution for this issue before Basic Auth is
> > deprecated.
>
> > It sounds as if Twitter is telling developers of web apps that they
> > cannot provide service to Chinese users, and other users behind
> > firewalls that block access to twitter.com. But that can't be right,
> > can it?
>
> > On Apr 25, 4:49 am, jaronbarends <jaronbare...@gmail.com> wrote:> I moved my web based app from ba...
> > > This issue has discussed in this group before here:
>
> >https://groups.google.com/group/twitter-development-talk/browse_threa...
>
> > > Being a frontend developer, I may have misunderstood the outcome of
> > > that discussion (I certain...
>
Reply all
Reply to author
Forward
0 new messages