RE: [coldbox:8422] Re: New changes to twitter Authentication

I haven’t looked at the Twitter appender, but I did just did a Twitter integration so I might be able to help out.

I used a Java library called Twitter4J because many of the CF libraries out there are out of date.

I’m not sure what Twitter used back then, but now it uses OAuth and the application that wants access must be registered and have a developer key. Then it redirects the user to a URL on Twitter’s server where the user logs in and accepts the app. Then a call-back URL gets hit in the originating application and an access code and access token is given for the app to store.

I’m not sure how the appender would manage all that one-time authentication flow, or if there is an alternative. I assume a developer key would be required for everyone who wanted to use the twitter appender.

Thanks

~Brad

Would it be possible to create a special script/app that’s distributed with ColdBox that a developer would use to do the OAuth authentication process? Here’s kind of how I’m envisioning that this process might work:

  1. User wants to use twitter log appender in their app so they load http://localhost/coldbox/twitterauth.cfm in their browser.
  2. This twitterauth app uses a central twitter developer key registered to for a “ColdBox Twitter Auth” app.
  3. They grant access to this app to access their twitter account.
  4. After twitter redirects back to the ColdBox app, it displays on screen the access code and token returned to it from twitter.
  5. The user then copy and pastes those values into appropriate parameter settings in their application’s appender configuration settings.
  6. The appender now has the necessary code and token to interact with the twitter API.
    I’m not too familiar with the details of OAuth, so maybe there’s a flaw in my logic here, but it seems like that could work. Essentially this would mean that everyone using the twitter appender would be “sharing” the twitter developer key. I don’t know if that’s bad or not or against the terms of service. Thoughts?

You will not be able to share keys, my understanding is that the key will be tied to the account for authentication.

It is very possible, I know people who use the twitter4J for authentication for sending automatic tweets. The downside is a developer wishing to distribute their application will need to make sure they don’t spread this key accidentally.

Regards,

Andrew Scott

http://www.andyscott.id.au/

You will not be able to share keys, my understanding is that the key will be tied to the account for authentication.

It is very possible, I know people who use the twitter4J for authentication for sending automatic tweets. The downside is a developer wishing to distribute their application will need to make sure they don’t spread this key accidentally.

Regards,

Andrew Scott

http://www.andyscott.id.au/

No I was wrong, I wasn’t thinking about as an Application. That would be possible to share the key.

Regards,

Andrew Scott

http://www.andyscott.id.au/