Switch from basic authentication to OAuth before 2010-06-30

[GoogleCodeExporter]

On June 30, 2010, the @twitterapi team will be shutting off basic 
authentication on the Twitter API. All applications, by this date, need to 
switch to using OAuth. See:
http://countdowntooauth.com/

About OAuth see here:
http://dev.twitter.com/pages/auth

For the start, I've already registered AndTweet application at 
http://dev.twitter.com
and got some "Consumer key" and "Consumer secret" (I have to figure out: 
how they may be "secret" for the Open Source project...)

Original issue reported on code.google.com by yvo...@gmail.com on 17 May 2010 at 6:21

[GoogleCodeExporter]

Some links for implementation:
1. novoda's oauth_for_android at master - GitHub (with installable Android 
example!)
http://github.com/novoda/oauth_for_android
2. oauth-signpost - Simple OAuth message signing for Java
http://code.google.com/p/oauth-signpost/
Plus Twitter example:
http://code.google.com/p/oauth-signpost/wiki/TwitterAndSignpost
3. AndFollowerStat - Who is following me today? (Widget for Android)
http://code.google.com/p/android-followerstat/
4. OAuth implementations for different languages (very active...):
http://code.google.com/p/oauth/
5. The TweetPhoto Java library for Android is a set of drop in classes designed 
to 
allow developers to get up and running quickly with the TweetPhoto Photo 
Sharing API
- includes Android Java library
http://code.google.com/p/tweetphoto-api-java/
6. Some blog on the subject, using Java:
http://donpark.org/blog/2009/01/24/android-client-side-oauth
7. Official OAuth links:
http://oauth.net/code/

Original comment by yvo...@gmail.com on 18 May 2010 at 12:56

[GoogleCodeExporter]

Please read discussion on the subject: 
"How do we deal with application's "Consumer secret" in real life"
here:
http://groups.google.com/group/twitter-development-
talk/browse_thread/thread/6ae1dfcde3bd98c2/f1a026ae36324964

Original comment by yvo...@gmail.com on 19 May 2010 at 2:15

[GoogleCodeExporter]

Interesting. I think we might want to enable some kind of developer menu in the
settings where you can enter the application's keys. I have been out of the 
loop for
quite some time, so maybe one of you other guys can point us in the right 
direction
for detecting whether or not the application has been published by the main 
AndTweet
keys, or by a developer.

This way you could set the keys manually inside the app and have it use your
development twitter application keys.

Although, I wonder if this is truly necessary?

Original comment by torgny.b...@gmail.com on 19 May 2010 at 10:58

[GoogleCodeExporter]

@Torgny Please read the discussion:
http://groups.google.com/group/twitter-development-
talk/browse_thread/thread/6ae1dfcde3bd98c2
1) Keeping the secrets is necessary according to the Twitter rules
2) Each of us will register "his own" application for testing purposes, i.e. 
application with its own name and "secrets" known to one developer only
I propose all application to have name, starting with "AndTweet", 
e.g. "AndTweet-Bob" for the AndTweet copy compiled by some "Bob" :-)

>maybe one of you other guys can point us in the right direction
>for detecting whether or not the application has been published
>by the main AndTweet keys, or by a developer
I didn't dig very deep yet,
but from what I've read each tweet posted through the application will be
attributed with the name of registered application.
Only one set of keys allows you to compile application seen as "AndTweet"
(same for "AndTweet-Bob").

Original comment by yvo...@gmail.com on 20 May 2010 at 6:39

[GoogleCodeExporter]

Who wants to implement this? (I'm changing "owner" of this issue to the "empty 
string")

Original comment by yvo...@gmail.com on 20 May 2010 at 6:40

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

I have created the application under the @andtweet user.

Original comment by torgny.b...@gmail.com on 25 May 2010 at 1:34

[GoogleCodeExporter]

I found ready to use and working Android OAuth example:
http://github.com/brione/Brion-Learns-OAuth

See discussion at:
http://groups.google.com/group/signpost-users/browse_thread/thread/7e6548e5e3a8c
4b0

It works: I could login, see timeline and post tweet!

Original comment by yvo...@gmail.com on 7 Jun 2010 at 7:31

[GoogleCodeExporter]

Twitter will support basic authentication till 2010-08-16. Thanks God - I have 
time to update AndTweet http://dev.twitter.com/announcements

Original comment by yvo...@gmail.com on 24 Jun 2010 at 11:17

[GoogleCodeExporter]

Everything seems to work... but of couse much testing is needed.

BTW, as "not documented" feature you may play with switching between different 
accounts without re-authentication (change Username, authenticated, change 
again...). Some metadata is stored per user, but database is still single...

Original comment by yvo...@gmail.com on 8 Jul 2010 at 10:28

• Changed state: Fixed

[GoogleCodeExporter]

By the way, from now on the project in the repository won't compile because it 
needs
"keys" to be included during the compilation
(TWITTER_CONSUMER_KEY and TWITTER_CONSUMER_SECRET).
See the file:
http://code.google.com/p/andtweet/source/browse/src/com/xorcode/andtweet/net/OAu
thKeys.java

Original comment by yvo...@gmail.com on 9 Jul 2010 at 3:07

[GoogleCodeExporter]

TIP: If you want to go ahead quickly, please look at the screenshot and set 
your AndTweet exactly like I did.
See http://andtweet.googlecode.com/hg/res-src/AndTweet-yvolk_settings.png

Original comment by yvo...@gmail.com on 16 Jul 2010 at 1:06