[wp-hackers] Twitter API and Authentication
Lew Ayotte - Full Throttle Development
lew at fullthrottledevelopment.com
Tue May 11 13:32:57 UTC 2010
Is this still true?
If you're distributing your plugin for WordPress, you would want to ensure
> that it doesn't contain any OAuth consumer keys (API keys) or secrets
> the source code. You'd instruct implementors to come to
> http://dev.twitter.com/apps<http://www.google.com/url?sa=D&q=http://dev.twitter.com/apps&usg=AFQjCNFzM1pM66_-v39mdHLco9PcbeOW8w>to create an application and give them a UI or
> configuration file to enter their consumer key and consumer secret in a
> place resistant to tampering.
It seems like that is the antithesis of user-friendly and would seem like
the opposite of what Twitter would want. I currently have over 13,000
downloads for my Twitter Post plugin. Many of those are updates, so let's
assume that 1/16 of those are legit users. Twitter really wants over 800 app
requests for the same app? And I'm not the only one with a Twitter Plugin
that allows you to post to twitter -- Twitter Tools has over 500,000
Full Throttle Development, LLC
lew at fullthrottledevelopment.com
On Tue, May 11, 2010 at 8:53 AM, Lew Ayotte - Full Throttle Development <
lew at fullthrottledevelopment.com> wrote:
> Well, thanks for the heads up... but this is going to be a pain the rear.
> Now I guess I'll start incorporating oAuth into my plugin.
> Lew Ayotte
> Full Throttle Development, LLC
> lew at fullthrottledevelopment.com
> On Mon, May 10, 2010 at 7:20 PM, Matt Harris <themattharris at twitter.com>wrote:
>> Hey Hackers,
>> Some of you may already know me through WordCamps, Barcamps and various
>> conferences but for those of you who don't, my name is Matt Harris and
>> just joined Twitter as a Developer Advocate.
>> I'm emailing this list to reach those of you who either write plugins that
>> use Twitter, or develop websites for which a Twitter widget is used.
>> On the 30th June the Twitter REST API will stop supporting Basic
>> Authentication and instead switch to OAuth. This means
>> * all user authenticated requests to the API must be OAuth signed,
>> preferably using OAuth headers.
>> * calls not requiring authentication should ensure they do not send auth
>> headers of any kind as doing so will return an error
>> * basic auth will cease to function on the REST API
>> * the streaming API will still support basic auth but this is likely to
>> change later in the year
>> * the search API does not require auth so is not part of this project
>> * the public RSS/ATOM feeds do not require auth so are not part of this
>> So, if you have WordPress sites that publish to Twitter please check they
>> are using OAuth and not Basic Authentication.
>> If you are a plugin developer, please update your plugin to use OAuth and
>> remove and Basic Authentication code.
>> If you're plugin just consumes RSS/Atom feeds from Twitter you will be
>> unaffected by this change.
>> Information about OAuth and community code libraries can be found on
>> http://dev.twitter.com or, if you have any questions please ask in the
>> development talk Google group:
>> talk <http://groups.google.com/group/twitter-development-talk>. You can
>> find me on Twitter as @themattharris or at various events including Google
>> IO later this month.
>> Matt Harris
>> Developer Advocate, Twitter
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
More information about the wp-hackers