{"id":303888,"date":"2010-02-10T12:35:00","date_gmt":"2010-02-10T17:35:00","guid":{"rendered":"http:\/\/www.readwriteweb.com\/archives\/tired_of_logging_in_to_twitter_seamless_app_integr.php"},"modified":"2010-02-10T12:35:00","modified_gmt":"2010-02-10T17:35:00","slug":"tired-of-logging-in-to-twitter-seamless-app-integration-on-the-way","status":"publish","type":"post","link":"https:\/\/mereja.media\/index\/303888","title":{"rendered":"Tired of Logging In to Twitter? Seamless App Integration On the Way"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" alt=\"twitterOAuth.jpg\" src=\"http:\/\/www.readwriteweb.com\/twitterOAuth.jpg\" width=\"150\" height=\"216\" hspace=\"5px\" vspace=\"5px\" \/>It&#8217;s been just about a year now since Twitter <a href=\"http:\/\/www.readwriteweb.com\/archives\/why_twitters_new_oauth_matters.php\">started using OAuth<\/a> as a solution for connecting with third-party applications, but to this day we still find situations where we are asked to enter our user name and password.<\/p>\n<div style=\"float: right; margin-left: 10px;\"><script type=\"text\/javascript\">tweetmeme_url = 'http:\/\/www.readwriteweb.com\/archives\/tired_of_logging_in_to_twitter_seamless_app_integr.php';tweetmeme_source = 'rww';<\/script><script type=\"text\/javascript\" src=\"http:\/\/tweetmeme.com\/i\/scripts\/button.js\"><\/script><\/div>\n<p>According to a <a href=\"http:\/\/mehack.com\/a-proposal-for-delegation-in-oauth-identity-v\">blog post<\/a> by a member of Twitter&#8217;s API\/Platform team, we may not need to worry about this particular nuisance, and potential security hole, much longer.<\/p>\n<p align=\"right\"><em>Sponsor<\/em><br \/><a href='http:\/\/d.ads.readwriteweb.com\/ck.php?n=18202&amp;cb=18202' ><img src='http:\/\/d.ads.readwriteweb.com\/avw.php?zoneid=14&amp;cb=18202&amp;n=18202' border='0' alt='' \/><\/a><\/p>\n<p>Raffi Krikorian, a <a href=\"http:\/\/www.linkedin.com\/in\/rkrikorian\">self-professed<\/a> &#8220;hacker, writer, and &#8230; tinkerer&#8221;, made some waves in the Twitter development arena late into last night with his blog post, which proposes a solution to a problem many developers have been keeping an eye on.<\/p>\n<p>&#8220;We really want to get people to switch over and stop using Basic Authentication when talking to our API in a production manner,&#8221; he writes. &#8220;Why?  Basic Authentication is, simply, horribly insecure.&#8221;<\/p>\n<p>Here&#8217;s the problem, as Krikorian describes it:<\/p>\n<blockquote><p>You&#8217;re an OAuth enabled Twitter client, and you&#8217;ve already authorized your user.  You user wants to use a media providing service like TwitPic. TwitPic, currently, asks for the username and password of your user so it can store the photo on behalf of the Twitter user. You don&#8217;t have that username and password, so how do you give the ability to TwitPic to verify the identity of your user?<\/p><\/blockquote>\n<p>Krikorian is proposing a solution he calls &#8220;OAuth identification delegation&#8221;, wherein the application your using, Tweetie in his example, passes along its OAuth authorization to TwitPic, which TwitPic can then use to verify its actions as authorized. Right now, using TwitPic requires you to enter your user name and password separately.<\/p>\n<p>For now, he says the idea is still in development, writing &#8220;once I think we&#8217;ve come upon the best solution, I&#8217;ll write this up more formally, as well as port it to OAuth <a href=\"http:\/\/wiki.oauth.net\/OAuth-WRAP\">WRAP<\/a>\/2.0 (where Twitter is headed).&#8221;<\/p>\n<p>Krikorian included a diagram of his solution and is soliciting feedback <a href=\"http:\/\/mehack.com\/a-proposal-for-delegation-in-oauth-identity-v-0\">on his blog<\/a>.<\/p>\n<p><a title=\"View OAuth Identity Veri\ufb01cation Delegation Example Work\ufb02ow v0.2 on Scribd\" href=\"http:\/\/www.scribd.com\/doc\/26649727\/OAuth-Identity-Verication-Delegation-Example-Workow-v0-2\" style=\"margin: 12px auto 6px auto; font-family: Helvetica,Arial,Sans-serif; font-style: normal; font-variant: normal; font-weight: normal; font-size: 14px; line-height: normal; font-size-adjust: none; font-stretch: normal; -x-system-font: none; display: block; text-decoration: underline;\">OAuth Identity Veri\ufb01cation Delegation Example Work\ufb02ow v0.2<\/a> <object id=\"doc_845196631880835\" name=\"doc_845196631880835\" height=\"500\" width=\"610\" type=\"application\/x-shockwave-flash\" data=\"http:\/\/d1.scribdassets.com\/ScribdViewer.swf\" style=\"outline:none;\" ><param name=\"movie\" value=\"http:\/\/d1.scribdassets.com\/ScribdViewer.swf\"><param name=\"wmode\" value=\"opaque\"><param name=\"bgcolor\" value=\"#ffffff\"><param name=\"allowFullScreen\" value=\"true\"><param name=\"allowScriptAccess\" value=\"always\"><param name=\"FlashVars\" value=\"document_id=26649727&#038;access_key=key-2kplc4x570kuu7oek6ja&#038;page=1&#038;viewMode=list\"><\/object><\/p>\n<p><strong><a href=\"http:\/\/www.readwriteweb.com\/archives\/tired_of_logging_in_to_twitter_seamless_app_integr.php#comments-open\">Discuss<\/a><\/strong><\/p>\n<p><a href=\"http:\/\/feedads.g.doubleclick.net\/~at\/I0EvrJlUSR3Kny7ZlOG5jPUWFr0\/0\/da\"><img decoding=\"async\" src=\"http:\/\/feedads.g.doubleclick.net\/~at\/I0EvrJlUSR3Kny7ZlOG5jPUWFr0\/0\/di\" border=\"0\" ismap=\"true\"><\/img><\/a><br \/>\n<a href=\"http:\/\/feedads.g.doubleclick.net\/~at\/I0EvrJlUSR3Kny7ZlOG5jPUWFr0\/1\/da\"><img decoding=\"async\" src=\"http:\/\/feedads.g.doubleclick.net\/~at\/I0EvrJlUSR3Kny7ZlOG5jPUWFr0\/1\/di\" border=\"0\" ismap=\"true\"><\/img><\/a><\/p>\n<div class=\"feedflare\">\n<a href=\"http:\/\/feeds.feedburner.com\/~ff\/readwriteweb?a=OYyXQYe1RBI:KPcKQp6UFV0:FFnlKYwJmN0\"><img decoding=\"async\" src=\"http:\/\/feeds.feedburner.com\/~ff\/readwriteweb?d=FFnlKYwJmN0\" border=\"0\"><\/img><\/a> <a href=\"http:\/\/feeds.feedburner.com\/~ff\/readwriteweb?a=OYyXQYe1RBI:KPcKQp6UFV0:Ij26kaj3iuU\"><img decoding=\"async\" src=\"http:\/\/feeds.feedburner.com\/~ff\/readwriteweb?d=Ij26kaj3iuU\" border=\"0\"><\/img><\/a> <a href=\"http:\/\/feeds.feedburner.com\/~ff\/readwriteweb?a=OYyXQYe1RBI:KPcKQp6UFV0:C2pbw5bZMiI\"><img decoding=\"async\" src=\"http:\/\/feeds.feedburner.com\/~ff\/readwriteweb?d=C2pbw5bZMiI\" border=\"0\"><\/img><\/a> <a href=\"http:\/\/feeds.feedburner.com\/~ff\/readwriteweb?a=OYyXQYe1RBI:KPcKQp6UFV0:yIl2AUoC8zA\"><img decoding=\"async\" src=\"http:\/\/feeds.feedburner.com\/~ff\/readwriteweb?d=yIl2AUoC8zA\" border=\"0\"><\/img><\/a> <a href=\"http:\/\/feeds.feedburner.com\/~ff\/readwriteweb?a=OYyXQYe1RBI:KPcKQp6UFV0:V_sGLiPBpWU\"><img decoding=\"async\" src=\"http:\/\/feeds.feedburner.com\/~ff\/readwriteweb?i=OYyXQYe1RBI:KPcKQp6UFV0:V_sGLiPBpWU\" border=\"0\"><\/img><\/a> <a href=\"http:\/\/feeds.feedburner.com\/~ff\/readwriteweb?a=OYyXQYe1RBI:KPcKQp6UFV0:gIN9vFwOqvQ\"><img decoding=\"async\" src=\"http:\/\/feeds.feedburner.com\/~ff\/readwriteweb?i=OYyXQYe1RBI:KPcKQp6UFV0:gIN9vFwOqvQ\" border=\"0\"><\/img><\/a> <a href=\"http:\/\/feeds.feedburner.com\/~ff\/readwriteweb?a=OYyXQYe1RBI:KPcKQp6UFV0:F7zBnMyn0Lo\"><img decoding=\"async\" src=\"http:\/\/feeds.feedburner.com\/~ff\/readwriteweb?i=OYyXQYe1RBI:KPcKQp6UFV0:F7zBnMyn0Lo\" border=\"0\"><\/img><\/a> <a href=\"http:\/\/feeds.feedburner.com\/~ff\/readwriteweb?a=OYyXQYe1RBI:KPcKQp6UFV0:OqabYuBsmOY\"><img decoding=\"async\" src=\"http:\/\/feeds.feedburner.com\/~ff\/readwriteweb?d=OqabYuBsmOY\" border=\"0\"><\/img><\/a>\n<\/div>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/feeds.feedburner.com\/~r\/readwriteweb\/~4\/OYyXQYe1RBI\" height=\"1\" width=\"1\"\/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>It&#8217;s been just about a year now since Twitter started using OAuth as a solution for connecting with third-party applications, but to this day we still find situations where we are asked to enter our user name and password. According to a blog post by a member of Twitter&#8217;s API\/Platform team, we may not need [&hellip;]<\/p>\n","protected":false},"author":596,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[],"class_list":["post-303888","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/posts\/303888","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/users\/596"}],"replies":[{"embeddable":true,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/comments?post=303888"}],"version-history":[{"count":0,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/posts\/303888\/revisions"}],"wp:attachment":[{"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/media?parent=303888"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/categories?post=303888"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/tags?post=303888"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}