Twitter’s OAuthpocalypse and the implementation of OAuth Echo

In: Announcements by: mathys

21 May 2010

June 30th is closing in fast, the date that Twitter will cut of it’s basic authentication and completes it’s move to OAuth. It will no longer be possible to login with a Twitter username/password into the API. OAuth will be the only way to authenticate your users. For non-web applications Twitter has released XAuth, a way to convert a username/password combination to OAuth tokens. All other apps are forced to switch to OAuth.

Because of this move, it will no longer be possible to authenticate users to the Mobypicture API by providing a Twitter username/password combo. Luckily Twitter’s head of platform Raffi Krikorian has thought of a way to provide delegated authentication, called OAuth Echo.

To re-state the problem:

You’re an OAuth enabled Twitter client, and you’ve already authorized your user. You user wants to use a media providing service like Mobypicture. Mobypicture, currently, asks for the username and password of your user so it can store the photo on behalf of the Twitter user. You don’t have that username and password, so how do you give the ability to Mobypicture to verify the identity of your user?

OAuth Echo was developed to solve this issue. The specs are no more than one page long and quite easy to implement on the client side. The client just gives Mobypicture the content of the Authorization header, which they normally would have send to Twitter to call ‘verify_credentials’. Mobypicture can then use that header to identify the given user on Twitter.

Raffi also provided some guidelines and best practices to make the implementation and migration as easy as possible. Mobypicture supports both sending the OAuth Echo parameters by headers or by POST variables.

If you need any help implementing OAuth Echo, please contact us on @mobypicture.

Beware! OAuth Echo currently only supports uploading to Mobypicture and not the use-case where Mobypicture also sends out the Tweet. We are working together with Twitter to solve this problem and will come up with a solution ASAP. Please follow @mobypicture, @raffi or check Raffi’s blog regularly for updates.

Comment Form

About Mobypicture Developers

Build your own applications on top of Mobypicture, like over 600 others have done before you using our extensive API.

You can find find out more about the usage of the Mobypicture API in the API Documentation. To use the API you have to get a developer key. This also allows you to promote your Mobypicture enabled app on the Mobypicture website.

Get a Mobypicture developer key

RSS Mobypicture product news

  • We won in court. Sort of. August 31, 2017
    This guy, Bram Gorissen took us to trial over a picture. He said he was sueing many blogs and platforms for supposed infringement of his copyright. He took a picture of a train in 2011, posted the picture on a popular Dutch forum, fok.nl. "As a courtesy to the owner of that platform" who is […]
  • Do you remember all of these? August 15, 2017
  • Supporting Bas support two great initiatives July 10, 2017
    I met Bas at the beginning of this year at an IPAN event. It was the first event where I spoke about Kinder.