[wp-hackers] Twitter API and Authentication

Marko Heijnen mailing at markoheijnen.nl
Tue May 11 13:43:45 UTC 2010


That is true. For oAuth you need the API keys. It is less user- 
friendly but the effort for users is bigger.
As user I always hated the Basic Authentication because of entering an  
password to an site.
Requesting the API Keys is 5 minutes work and with some instructions  
every user can do it.

What some plugins do is creating an shell (service) what connects to  
for example twitter.
In the plugin you will put the username and password for connection to  
that service.
The service will push your message to twitter.


Op 11 mei 2010, om 15:32 heeft Lew Ayotte - Full Throttle Development  
het volgende geschreven:

> Is this still true?
>
> If you're distributing your plugin for WordPress, you would want to  
> ensure
>> that it doesn't contain any OAuth consumer keys (API keys) or secrets
>> within
>> the source code. You'd instruct implementors to come to
>> http://dev.twitter.com/apps<http://www.google.com/url?sa=D&q=http://dev.twitter.com/apps&usg=AFQjCNFzM1pM66_-v39mdHLco9PcbeOW8w 
>> >to create an application and give them a UI or
>> configuration file to enter their consumer key and consumer secret  
>> in a
>> safe
>> place resistant to tampering.
>>
>
> http://groups.google.com/group/twitter-development-talk/browse_thread/thread/21bc0536e9bf0eab/20600060538f7075?lnk=gst&q=plugin#20600060538f7075
>
> It seems like that is the antithesis of user-friendly and would seem  
> like
> the opposite of what Twitter would want. I currently have over 13,000
> downloads for my Twitter Post plugin. Many of those are updates, so  
> let's
> assume that 1/16 of those are legit users. Twitter really wants over  
> 800 app
> requests for the same app? And I'm not the only one with a Twitter  
> Plugin
> that allows you to post to twitter -- Twitter Tools has over 500,000
> downloads.
>
> Lew
>
> Lew Ayotte
> Full Throttle Development, LLC
> 706.363.0688
> 478.246.4627
> lew at fullthrottledevelopment.com
> http://fullthrottledevelopment.com
> http://twitter.com/full_throttle
> http://twitter.com/lewayotte
>
>
> On Tue, May 11, 2010 at 8:53 AM, Lew Ayotte - Full Throttle  
> Development <
> lew at fullthrottledevelopment.com> wrote:
>
>> Well, thanks for the heads up... but this is going to be a pain the  
>> rear.
>>
>> Now I guess I'll start incorporating oAuth into my plugin.
>>
>> Lew Ayotte
>> Full Throttle Development, LLC
>> 706.363.0688
>> 478.246.4627
>> lew at fullthrottledevelopment.com
>> http://fullthrottledevelopment.com
>> http://twitter.com/full_throttle
>> http://twitter.com/lewayotte
>>
>>
>>
>> On Mon, May 10, 2010 at 7:20 PM, Matt Harris <themattharris at twitter.com 
>> >wrote:
>>
>>> Hey Hackers,
>>>
>>> Some of you may already know me through WordCamps, Barcamps and  
>>> various
>>> conferences but for those of you who don't, my name is Matt Harris  
>>> and
>>> I've
>>> just joined Twitter as a Developer Advocate.
>>>
>>> I'm emailing this list to reach those of you who either write  
>>> plugins that
>>> use Twitter, or develop websites for which a Twitter widget is used.
>>>
>>> On the 30th June the Twitter REST API will stop supporting Basic
>>> Authentication and instead switch to OAuth. This means
>>> * all user authenticated requests to the API must be OAuth signed,
>>> preferably using OAuth headers.
>>> * calls not requiring authentication should ensure they do not  
>>> send auth
>>> headers of any kind as doing so will return an error
>>> * basic auth will cease to function on the REST API
>>> * the streaming API will still support basic auth but this is  
>>> likely to
>>> change later in the year
>>> * the search API does not require auth so is not part of this  
>>> project
>>> * the public RSS/ATOM feeds do not require auth so are not part of  
>>> this
>>> project
>>>
>>> So, if you have WordPress sites that publish to Twitter please  
>>> check they
>>> are using OAuth and not Basic Authentication.
>>> If you are a plugin developer, please update your plugin to use  
>>> OAuth and
>>> remove and Basic Authentication code.
>>> If you're plugin just consumes RSS/Atom feeds from Twitter you  
>>> will be
>>> unaffected by this change.
>>>
>>> Information about OAuth and community code libraries can be found on
>>> http://dev.twitter.com or, if you have any questions please ask in  
>>> the
>>> Twitter
>>> development talk Google group:
>>> http://groups.google.<
>>> http://groups.google.com/group/twitter-development-talk>
>>> com/group/twitter-development-<
>>> http://groups.google.com/group/twitter-development-talk>
>>> talk <http://groups.google.com/group/twitter-development-talk>.  
>>> You can
>>> also
>>> find me on Twitter as @themattharris or at various events  
>>> including Google
>>> IO later this month.
>>>
>>> Best,
>>> Matt Harris
>>> Developer Advocate, Twitter
>>> http://twitter.com/themattharris
>>> _______________________________________________
>>> wp-hackers mailing list
>>> wp-hackers at lists.automattic.com
>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>>
>>
>>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers



More information about the wp-hackers mailing list