[wp-hackers] Twitter API and Authentication

Lew Ayotte - Full Throttle Development lew at fullthrottledevelopment.com
Tue May 11 13:32:57 UTC 2010


Is this still true?

If you're distributing your plugin for WordPress, you would want to ensure
> that it doesn't contain any OAuth consumer keys (API keys) or secrets
> within
> the source code. You'd instruct implementors to come to
> http://dev.twitter.com/apps<http://www.google.com/url?sa=D&q=http://dev.twitter.com/apps&usg=AFQjCNFzM1pM66_-v39mdHLco9PcbeOW8w>to create an application and give them a UI or
> configuration file to enter their consumer key and consumer secret in a
> safe
> place resistant to tampering.
>

http://groups.google.com/group/twitter-development-talk/browse_thread/thread/21bc0536e9bf0eab/20600060538f7075?lnk=gst&q=plugin#20600060538f7075

It seems like that is the antithesis of user-friendly and would seem like
the opposite of what Twitter would want. I currently have over 13,000
downloads for my Twitter Post plugin. Many of those are updates, so let's
assume that 1/16 of those are legit users. Twitter really wants over 800 app
requests for the same app? And I'm not the only one with a Twitter Plugin
that allows you to post to twitter -- Twitter Tools has over 500,000
downloads.

Lew

Lew Ayotte
Full Throttle Development, LLC
706.363.0688
478.246.4627
lew at fullthrottledevelopment.com
http://fullthrottledevelopment.com
http://twitter.com/full_throttle
http://twitter.com/lewayotte


On Tue, May 11, 2010 at 8:53 AM, Lew Ayotte - Full Throttle Development <
lew at fullthrottledevelopment.com> wrote:

> Well, thanks for the heads up... but this is going to be a pain the rear.
>
> Now I guess I'll start incorporating oAuth into my plugin.
>
> Lew Ayotte
> Full Throttle Development, LLC
> 706.363.0688
> 478.246.4627
> lew at fullthrottledevelopment.com
> http://fullthrottledevelopment.com
> http://twitter.com/full_throttle
> http://twitter.com/lewayotte
>
>
>
> On Mon, May 10, 2010 at 7:20 PM, Matt Harris <themattharris at twitter.com>wrote:
>
>> Hey Hackers,
>>
>> Some of you may already know me through WordCamps, Barcamps and various
>> conferences but for those of you who don't, my name is Matt Harris and
>> I've
>> just joined Twitter as a Developer Advocate.
>>
>> I'm emailing this list to reach those of you who either write plugins that
>> use Twitter, or develop websites for which a Twitter widget is used.
>>
>> On the 30th June the Twitter REST API will stop supporting Basic
>> Authentication and instead switch to OAuth. This means
>> * all user authenticated requests to the API must be OAuth signed,
>> preferably using OAuth headers.
>> * calls not requiring authentication should ensure they do not send auth
>> headers of any kind as doing so will return an error
>> * basic auth will cease to function on the REST API
>> * the streaming API will still support basic auth but this is likely to
>> change later in the year
>> * the search API does not require auth so is not part of this project
>> * the public RSS/ATOM feeds do not require auth so are not part of this
>> project
>>
>> So, if you have WordPress sites that publish to Twitter please check they
>> are using OAuth and not Basic Authentication.
>> If you are a plugin developer, please update your plugin to use OAuth and
>> remove and Basic Authentication code.
>> If you're plugin just consumes RSS/Atom feeds from Twitter you will be
>> unaffected by this change.
>>
>> Information about OAuth and community code libraries can be found on
>> http://dev.twitter.com or, if you have any questions please ask in the
>> Twitter
>> development talk Google group:
>> http://groups.google.<
>> http://groups.google.com/group/twitter-development-talk>
>> com/group/twitter-development-<
>> http://groups.google.com/group/twitter-development-talk>
>> talk <http://groups.google.com/group/twitter-development-talk>. You can
>> also
>> find me on Twitter as @themattharris or at various events including Google
>> IO later this month.
>>
>> Best,
>> Matt Harris
>> Developer Advocate, Twitter
>> http://twitter.com/themattharris
>> _______________________________________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>
>
>


More information about the wp-hackers mailing list