Code review comment for lp:~the-dod/sahana-eden/twitter-oauth

Revision history for this message
The Dod (the-dod) wrote :

First - I'd like to add one more resubmission - I've used jr.method to see whether we're in ["create","delete"] or we should make pin.readable False. Looks neater, and saves API calls to twitter too ;)

OAuth:

We can't register a global app for all sahana instances in the world (although it would work), because if you distribute these credentials, they can be used for hanky panky in your name, but it's easy (and requires no human verification) to register a twitter app:

you just login to twitter as @YourOrg or @YourOrgTech (better use an account of a real person or org that tweets "normal" tweets, so that twitter doesn't falsely-detect you as malware), and register an app at http://twitter.com/apps -form would look like
http://zzzen.com/sahana-twitter-app-reg.jpg

[ The "via" link is a vanity thing. Cool for publicizing the org or a specific event/campaign/etc. See "2 turntables..." link at http://twitter.com/TheRealDod/status/14221966738 ]

Once app is registered and credentials are in 000_config, site's operator (not necessarily the tech who did the 000_config) logs in to twitter as @YourOrgSahanaBot (this can be a virgin account that represents the sahana instance).

From twitter settings operator then click the "from twitter" link in the update form and gets something like
http://zzzen.com/sahana-oauth-request.jpg
After clicking allow, twitter returns a PIN for the form, and the rest of the OAuth happens at onvalidate.

« Back to merge proposal