Ever since Twitter turned of support for basic authentication about a month ago TwitNotes hasn’t been working. Unfortunately I’ve been head down with work and unable to put out a new release that uses OAuth so I (and others) have been TwitNotes less. Bummer! But between some travel and a little weekend/evening time I’ve had enough time to work on it. And believe it or not! Below is a real screenshot from real code of TwitNotes v.2 running in my Notes 8.5.2 client. Did I mention it was real? 🙂
Of course the actions needs to be tweet aware (I’m afraid I cannot delete other peoples tweets) and there needs to be an input field for tweeting but the infrastructure is there already. It just needs to be hooked up. This will also be the first sidebar plugin to use my new abstract OAuthrViewPart class.
The abstract base class handles all the OAuth stuff for the developer. He/she simply extend the class, feed it an API secret and an API key and it will handle the rest incl. detecting if the initial OAuth handshake has been done, if network is available etc. before letting over control to the developer to show the “real”content. More information on the sidebar will follow in another post.
I’m planning to release the OAuthrViewPart as open source on OpenNTF.
As to TwitNotes v2 stay tuned – expect a beta out soon…
Neat.
have u checked the Expeditor documentation. The account API does have support for OAuth too (or was I peaking into the development version?)
LikeLike
Do you have any docs?
LikeLike
<span lang=”en” class=”short_text” id=”result_box”><span class=”hps” title=”Klik her for at få vist alternative oversættelser”>Do you</span> <span class=”hps” title=”Klik her for at få vist alternative oversættelser”>a comment</span> <span class=”hps” title=”Klik her for at få vist alternative oversættelser”>on</span> <span class=”hps” title=”Klik her for at få vist alternative oversættelser”>how</span> <span class=”hps” title=”Klik her for at få vist alternative oversættelser”>you</span> <span class=”hps” title=”Klik her for at få vist alternative oversættelser”>saved</span> <span class=”hps” title=”Klik her for at få vist alternative oversættelser”>the secret</span> <span class=”hps” title=”Klik her for at få vist alternative oversættelser”>key</span><span title=”Klik her for at få vist alternative oversættelser” class=””> in your code.
I read Bobs article Great article on OAuth and how Twitter does it “wrong” today and the one by Ryan Compromising Twitter’s OAuth security system.
</span></span><span lang=”en” class=”” id=”result_box”><span class=”hps” title=”Klik her for at få vist alternative oversættelser”>How</span> <span class=”hps” title=”Klik her for at få vist alternative oversættelser”>long</span> <span class=”hps” title=”Klik her for at få vist alternative oversættelser”>will</span> <span class=”hps” title=”Klik her for at få vist alternative oversættelser”>it</span> <span class=”hps” title=”Klik her for at få vist alternative oversættelser”>take</span> <span class=”hps” title=”Klik her for at få vist alternative oversættelser”>with JD</span> <span class=”hps” title=”Klik her for at få vist alternative oversættelser”>until I</span> <span class=”hps” title=”Klik her for at få vist alternative oversættelser”>have</span> <span class=”hps” title=”Klik her for at få vist alternative oversættelser”>the secret</span> <span class=”hps” title=”Klik her for at få vist alternative oversættelser”>key</span><span title=”Klik her for at få vist alternative oversættelser” class=””>?</span></span> – 5 minutes ?
<span lang=”en” class=”short_text” id=”result_box”><span class=”hps” title=”Klik her for at få vist alternative oversættelser”>How</span> <span class=”hps” title=”Klik her for at få vist alternative oversættelser”>do I save</span> <span class=”hps” title=”Klik her for at få vist alternative oversættelser”>the secret</span> <span class=”hps” title=”Klik her for at få vist alternative oversættelser”>key</span> <span class=”hps” title=”Klik her for at få vist alternative oversættelser”>best</span> <span class=”hps” title=”Klik her for at få vist alternative oversættelser”>in</span> <span class=”hps” title=”Klik her for at få vist alternative oversættelser”>java?</span></span>
LikeLike
One have to realist that there are two secrets. One for the user and one for the application. The concern is mainly around the application secret as it has to be compiled into the code. And it can’t even be offuscated. And to answer your question is would probably take around 1 minute with Jad to find.
For me the biggest concern is the app key as it being compromised and exploited will render the app unusable if locked out. An end user secret can be exploited and locked out without it ruining it for other users.
The user secret is easier to hide and secure and is not a concern as I see it now.
LikeLike
Hi Mikkel,
I found the OAuthrViewPart project on OpenNTF, but no releases were available. Are you still planning on releasing it as open source?
Regards,
Torben
LikeLike
Sure am. Last time I looked at it we had to make sure that no required libraries were encumbered. Once that has been squared away I’ll upload the source to the SVN repository.
LikeLike