[wp-hackers] Twitter API and Authentication
Lew Ayotte - Full Throttle Development
lew at fullthrottledevelopment.com
Tue May 11 14:11:33 UTC 2010
I think it would be much better if Twitter allowed users to generate a
simple API key (like Akismet) that users could use for any Twitter App
without requiring the user to submit a new app request.
Currently my application allows all authors to store their twitter
credentials in wordpress. Whenever a post is published it can tweet to all
the users (or just a single user) -- depending on how the admin has the
plugin setup. Requiring oAuth essentially kills my plugin. It will require
each user to create their own app in twitter. It may be easy for you and I
to do this, but I get tons of support requests from people who just didn't
type their user name in properly.
Further, it may be easy for me to create a portal that does the work for the
user, but not all plugin authors will have the resources to build such a
portal. And building a portal defeats the purpose of oAuth, they have to
pass their username/password to a third-party.
I'm not saying that the move to oAuth is bad, but I think it needs to be
implemented in a different way to support the developers who essentially
drive traffic to twitter.
Full Throttle Development, LLC
lew at fullthrottledevelopment.com
On Tue, May 11, 2010 at 9:43 AM, Marko Heijnen <mailing at markoheijnen.nl>wrote:
> That is true. For oAuth you need the API keys. It is less user-friendly but
> the effort for users is bigger.
> As user I always hated the Basic Authentication because of entering an
> password to an site.
> Requesting the API Keys is 5 minutes work and with some instructions every
> user can do it.
> What some plugins do is creating an shell (service) what connects to for
> example twitter.
> In the plugin you will put the username and password for connection to that
> The service will push your message to twitter.
> Op 11 mei 2010, om 15:32 heeft Lew Ayotte - Full Throttle Development het
> volgende geschreven:
> Is this still true?
>> If you're distributing your plugin for WordPress, you would want to ensure
>>> that it doesn't contain any OAuth consumer keys (API keys) or secrets
>>> the source code. You'd instruct implementors to come to
>>> create an application and give them a UI or
>>> configuration file to enter their consumer key and consumer secret in a
>>> place resistant to tampering.
>> It seems like that is the antithesis of user-friendly and would seem like
>> the opposite of what Twitter would want. I currently have over 13,000
>> downloads for my Twitter Post plugin. Many of those are updates, so let's
>> assume that 1/16 of those are legit users. Twitter really wants over 800
>> requests for the same app? And I'm not the only one with a Twitter Plugin
>> that allows you to post to twitter -- Twitter Tools has over 500,000
>> Lew Ayotte
>> Full Throttle Development, LLC
>> lew at fullthrottledevelopment.com
>> On Tue, May 11, 2010 at 8:53 AM, Lew Ayotte - Full Throttle Development <
>> lew at fullthrottledevelopment.com> wrote:
>> Well, thanks for the heads up... but this is going to be a pain the rear.
>>> Now I guess I'll start incorporating oAuth into my plugin.
>>> Lew Ayotte
>>> Full Throttle Development, LLC
>>> lew at fullthrottledevelopment.com
>>> On Mon, May 10, 2010 at 7:20 PM, Matt Harris <themattharris at twitter.com
>>> Hey Hackers,
>>>> Some of you may already know me through WordCamps, Barcamps and various
>>>> conferences but for those of you who don't, my name is Matt Harris and
>>>> just joined Twitter as a Developer Advocate.
>>>> I'm emailing this list to reach those of you who either write plugins
>>>> use Twitter, or develop websites for which a Twitter widget is used.
>>>> On the 30th June the Twitter REST API will stop supporting Basic
>>>> Authentication and instead switch to OAuth. This means
>>>> * all user authenticated requests to the API must be OAuth signed,
>>>> preferably using OAuth headers.
>>>> * calls not requiring authentication should ensure they do not send auth
>>>> headers of any kind as doing so will return an error
>>>> * basic auth will cease to function on the REST API
>>>> * the streaming API will still support basic auth but this is likely to
>>>> change later in the year
>>>> * the search API does not require auth so is not part of this project
>>>> * the public RSS/ATOM feeds do not require auth so are not part of this
>>>> So, if you have WordPress sites that publish to Twitter please check
>>>> are using OAuth and not Basic Authentication.
>>>> If you are a plugin developer, please update your plugin to use OAuth
>>>> remove and Basic Authentication code.
>>>> If you're plugin just consumes RSS/Atom feeds from Twitter you will be
>>>> unaffected by this change.
>>>> Information about OAuth and community code libraries can be found on
>>>> http://dev.twitter.com or, if you have any questions please ask in the
>>>> development talk Google group:
>>>> talk <http://groups.google.com/group/twitter-development-talk>. You can
>>>> find me on Twitter as @themattharris or at various events including
>>>> IO later this month.
>>>> Matt Harris
>>>> Developer Advocate, Twitter
>>>> wp-hackers mailing list
>>>> wp-hackers at lists.automattic.com
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
More information about the wp-hackers