Proposal to add OAuth to picpost API

Twitter has proposed a solution for this problem, so this article is no longer necessary.

I'd like to propose a way to support OAuth in picpost API calls, e.g. on yfrog.com and img.ly, however for this to work the site itself has to support OAuth (so twitpic has to start OAuth support for this to work)

(this idea started as a reply to my question to the img.ly guys about this, so it is worded as a reply)

I have looked a bit further into the problem and I think that chaining OAuth is not necessary to support using the API with OAuth.

For this to work, you will have to exchange the password for the API call with an oauth_access_token that the user has previously created by logging into twitter (assume that the parameter is called oauth when the user wants to use OAuth and password when he wants to use a password).
The API web server has the respective secret so that it can access twitter with the oauth protocol and the access token by itself is useless on any other site that doesn't know the secrets.  

This will even work for third party apps that register their own application with twitter, however this requires the consumer key secret to be stored on your server as well, otherwise you cannot create a signed request to twitter.


I have written a sample application as a POC, if anybody is interested, I can put it up on google code.


Comments