Twitter’s OAuth
Earlier today I added Twitter’s OAuth authentication process to Jetrecord, making it possible to post your logged flights to Twitter in the same manner that you can post your location via Brightkite or photos via Twitpic, the difference being that Jetrecord doesn’t store your Twitter password.
The process was surprisingly easy, thanks to the Ruby tutorial on the Twitter API wiki and the documentation from the OAuth gem. No other gems were necessary, other than the dependencies of the OAuth gem. I’ve been using the Twitter4r gem to communicate replies and handle Jetrecord followers, but even that may be unnecessary in the future.
Some day I may post a more detailed writeup with code but I just wanted to report that it was possible.
Here’s one thing not covered in the tutorials which may trip you up but it’s worth getting into your app from the beginning. Make sure you include a workflow for revoking access. What happens if users cancel their accounts on your app or with Twitter or if they just want to revoke privileges from your app? In the world of data portability and transparency, it’s not enough to facilitate the setup process. You’ve got to make it easy to cancel, too.
Thankfully, Twitter makes it really easy on their end to revoke access. The burden is on us to match that ease of use.
Cheers!
Comments are closed.