Bug #9533
Migrate from Basic Auth to OAuth
| Status: | Resolved | Start date: | 2010-08-31 | ||
|---|---|---|---|---|---|
| Priority: | Should have | Due date: | |||
| Assignee: | Alex Kellner | % Done: | 80% |
||
| Category: | - | ||||
| Target version: | - | ||||
| Votes: | 0 |
Description
ATM the extension uses Basic Auth by providing username+password as curlopt.
Basic Auth is deprecated and was announced by twitter.com to be turned off in August 2010. A transition to oauth is recommended.
Ressources:
OAuth FAQ: http://dev.twitter.com/pages/oauth_faq
Basic Auth to OAuth transition: http://dev.twitter.com/pages/basic_to_oauth
OAuth libs in PHP: http://dev.twitter.com/pages/oauth_libraries#php
History
Updated by Steffen Müller over 1 year ago
This issue is now critical.
Since today (1.9.2010) the extension returns the error "Basic authentication is not supported". So twitter.com did in fact turn it off.
Updated by Maarten Mandemaker over 1 year ago
Steffen Müller wrote:
This issue is now critical. Since today (1.9.2010) the extension returns the error "Basic authentication is not supported". So twitter.com did in fact turn it off.
Just spend 2 hours trying to figure out why the feeds don't work :)
Updated by Alex Kellner over 1 year ago
- Status changed from New to Accepted
- % Done changed from 0 to 80
Did a lot of research and coding work and I think OAuth is not the right way.
A quick solution is to read the xml and parse it.
Updated by Alex Kellner over 1 year ago
- Status changed from Accepted to Resolved
- Assignee set to Alex Kellner
Resolved in 0.5.2
Updated by Steffen Müller over 1 year ago
Why not OAuth? How comes your decision?
Will it still be possible to show the timeline of private twitter accounts? IMHO authentication is mandatory to do that.
Updated by Alex Kellner over 1 year ago
Hi Steffen,
No, not at the moment.
The process with oauth is: You will be redirected to twitter and you have to accept that wt_twitter has full access to your account (every visitor!).
See an example:
http://testumgebung.einpraegsam.net/fileadmin/test.php
That is a little bit too much...
If you see a better solution, write me an email.
Cheers, Alex
Updated by Steffen Müller over 1 year ago
OAuth dialog with twitter could be served in a backend module, so the visitor does not get bugged. The twitter auth dialog is neccessary only once for each username.
But I agree this is much more effort than just parsing public xml.
Please do not close this bug, since OAuth could anyway be integrated later. Maybe someone else provides code or sponsorship. What do you think?
Just set the status from "resolved" to "new" or "needs feedback" so others see it properly.
Updated by Alex Kellner over 1 year ago
I opened a new Feature Request - see #9570