Login without direct access to twitter.com

[GoogleCodeExporter]

What would you like dabr to do?

I (and I'm sure many others) use dabr.co.uk at work etc to circumvent content 
filtering that blocks twitter.com (and others).  This has worked fine up until 
the introduction of OAuth and removal of standard authentication.  Clicking on 
the 'Sign in with Twitter' button now directly calls twitter.com and hits the 
content filter.

How would you prefer dabr to do it?

Is there any way to do OAuth authentication without explicitly opening 
twitter.com?

I fully appreciate this is a distraction from core functionality, but I'm sure 
there are _plenty_ of dabr.co.uk users in the same boat!

Original issue reported on code.google.com by ro...@macleary.com on 25 Aug 2010 at 11:32

[GoogleCodeExporter]

I would be interested in this as well.  My work block twitter.com and I loved 
dabr before the OAuth

Original comment by mapsg...@gmail.com on 25 Aug 2010 at 12:05

[GoogleCodeExporter]

I'm aware that Dabr has fans in the workplace, in schools and generally behind 
content filtering. Unfortunately, the change to OAuth is a decision by Twitter 
that we can't avoid without introducing some insecure concepts to the login.

If a method arises that makes this possible then we'll be sure to add it.

Original comment by david.carrington on 25 Aug 2010 at 12:57

• Changed state: WontFix

[GoogleCodeExporter]

Thanks David, I thought that might have been the answer but you never know 
until you try :-P

Original comment by ro...@macleary.com on 25 Aug 2010 at 1:05

[GoogleCodeExporter]

tried using a proxy? once you get the oauth, you won't need it

Original comment by ldoug...@gmail.com on 25 Aug 2010 at 2:15

[GoogleCodeExporter]

I read that Yegle had done a patch which got around OAuth.  Is that in his 
branch version (downloaded but got 401s and 'Login credentials incorrect') or 
is that available elsewhere?

Original comment by ro...@macleary.com on 25 Aug 2010 at 2:35

[GoogleCodeExporter]

I've changed my mind. This is such a crucial feature of Dabr that it's worth 
making drastic changes for :)

I'm not a fan of the OAuth "patch" method as it's fairly insecure. Instead I've 
come up with the following process that I intend to add (at some point, no 
timescale given):

1) Log in to Dabr from your PC at home (or whatever device can use OAuth)
2) Assign yourself a PIN/password, which Dabr saves along with your OAuth 
details
3) You can log in later from your phone using your username and Dabr 
PIN/password and it just grabs your OAuth details from storage on the server.

Benefits:
* Dabr still never gets to see your Twitter password
* Everyone behind a school/work/general firewall can carry on using Dabr
* It's entirely secure even on Dabr mirrors

Original comment by david.carrington on 25 Aug 2010 at 3:49

• Changed state: Accepted
• Added labels: Priority-High
• Removed labels: Priority-Low

[GoogleCodeExporter]

That's the spirit!

You're standing up for those trapped beneath the jackboot of oppression, and 
also people in Iran, China etc :-P

Original comment by ro...@macleary.com on 25 Aug 2010 at 3:59

[GoogleCodeExporter]

David, great! I'll thank you for that feature forever!!! ;)

Original comment by gabriel....@gmail.com on 25 Aug 2010 at 3:59

[GoogleCodeExporter]

I've coded a solution for this but it will have to wait until tomorrow for 
release.

Original comment by david.carrington on 25 Aug 2010 at 8:10

[GoogleCodeExporter]

This issue was closed by revision r337.

Original comment by david.carrington on 26 Aug 2010 at 5:35

• Changed state: Fixed

[GoogleCodeExporter]

Very elegant solution David, thanks again!

Original comment by ro...@macleary.com on 27 Aug 2010 at 8:09