<< Announcing the Lotus XPages Cup Competition | Home | Bob Balfe: plugin_customization.ini and Eclipse preferences >>

TwitNotes v2 and a little info on OAuthrViewPart

Ever since Twitter turned of support for basic authentication about a month ago TwitNotes hasn't been working. Unfortunately I've been head down with work and unable to put out a new release that uses OAuth so I (and others) have been TwitNotes less. Bummer! But between some travel and a little weekend/evening time I've had enough time to work on it. And believe it or not! Below is a real screenshot from real code of TwitNotes v.2 running in my Notes 8.5.2 client. Did I mention it was real? :-)

Of course the actions needs to be tweet aware (I'm afraid I cannot delete other peoples tweets) and there needs to be an input field for tweeting but the infrastructure is there already. It just needs to be hooked up. This will also be the first sidebar plugin to use my new abstract OAuthrViewPart class.

The abstract base class handles all the OAuth stuff for the developer. He/she simply extend the class, feed it an API secret and an API key and it will handle the rest incl. detecting if the initial OAuth handshake has been done, if network is available etc. before letting over control to the developer to show the "real"content. More information on the sidebar will follow in another post.

I'm planning to release the OAuthrViewPart as open source on OpenNTF.

As to TwitNotes v2 stay tuned - expect a beta out soon...



Avatar: Stephan H. WIssel

Re: TwitNotes v2 and a little info on OAuthrViewPart

Neat. have u checked the Expeditor documentation. The account API does have support for OAuth too (or was I peaking into the development version?)
Avatar: Mikkel Heisterberg

Re: TwitNotes v2 and a little info on OAuthrViewPart

Do you have any docs?
Avatar: Michael Nielsen

Re: TwitNotes v2 and a little info on OAuthrViewPart

<span lang="en" class="short_text" id="result_box"><span class="hps" title="Klik her for at få vist alternative oversættelser">Do you</span> <span class="hps" title="Klik her for at få vist alternative oversættelser">a comment</span> <span class="hps" title="Klik her for at få vist alternative oversættelser">on</span> <span class="hps" title="Klik her for at få vist alternative oversættelser">how</span> <span class="hps" title="Klik her for at få vist alternative oversættelser">you</span> <span class="hps" title="Klik her for at få vist alternative oversættelser">saved</span> <span class="hps" title="Klik her for at få vist alternative oversættelser">the secret</span> <span class="hps" title="Klik her for at få vist alternative oversættelser">key</span><span title="Klik her for at få vist alternative oversættelser" class=""> in your code.

I read Bobs article Great article on OAuth and how Twitter does it “wrong” today and the one by Ryan Compromising Twitter's OAuth security system.

</span></span><span lang="en" class="" id="result_box"><span class="hps" title="Klik her for at få vist alternative oversættelser">How</span> <span class="hps" title="Klik her for at få vist alternative oversættelser">long</span> <span class="hps" title="Klik her for at få vist alternative oversættelser">will</span> <span class="hps" title="Klik her for at få vist alternative oversættelser">it</span> <span class="hps" title="Klik her for at få vist alternative oversættelser">take</span> <span class="hps" title="Klik her for at få vist alternative oversættelser">with JD</span> <span class="hps" title="Klik her for at få vist alternative oversættelser">until I</span> <span class="hps" title="Klik her for at få vist alternative oversættelser">have</span> <span class="hps" title="Klik her for at få vist alternative oversættelser">the secret</span> <span class="hps" title="Klik her for at få vist alternative oversættelser">key</span><span title="Klik her for at få vist alternative oversættelser" class="">?</span></span>  - 5 minutes ?

<span lang="en" class="short_text" id="result_box"><span class="hps" title="Klik her for at få vist alternative oversættelser">How</span> <span class="hps" title="Klik her for at få vist alternative oversættelser">do I save</span> <span class="hps" title="Klik her for at få vist alternative oversættelser">the secret</span> <span class="hps" title="Klik her for at få vist alternative oversættelser">key</span> <span class="hps" title="Klik her for at få vist alternative oversættelser">best</span> <span class="hps" title="Klik her for at få vist alternative oversættelser">in</span> <span class="hps" title="Klik her for at få vist alternative oversættelser">java?</span></span>
Avatar: Mikkel Heisterberg

Re: TwitNotes v2 and a little info on OAuthrViewPart

One have to realist that there are two secrets. One for the user and one for the application. The concern is mainly around the application secret as it has to be compiled into the code. And it can't even be offuscated. And to answer your question is would probably take around 1 minute with Jad to find. For me the biggest concern is the app key as it being compromised and exploited will render the app unusable if locked out. An end user secret can be exploited and locked out without it ruining it for other users. The user secret is easier to hide and secure and is not a concern as I see it now.
Avatar: Torben Bang

Re: TwitNotes v2 and a little info on OAuthrViewPart

Hi Mikkel,

I found the OAuthrViewPart project on OpenNTF, but no releases were available. Are you still planning on releasing it as open source?

Regards,

Torben
Avatar: Mikkel Heisterberg

Re: TwitNotes v2 and a little info on OAuthrViewPart

Sure am. Last time I looked at it we had to make sure that no required libraries were encumbered. Once that has been squared away I'll upload the source to the SVN repository.

Add a comment Send a TrackBack