Version 2.6.0.254

Update Twitter capabilities to handle twitter.com’s retirement of Basic Authentication in favor of OAuth.

Twitter is migrating to a new authentication method called OAuth. This is a clever algorithm that allows bits of user data (pictures, videos, tweets, etc) to be shared between sites and applications without having to share usernames and passwords.

Unfortunately, this is all a bit too much for the stoker. The big roadblock is implementing the SSL support used by the algorithm. SSL is the technology used to make sure all your online purchases are secure.

The solution I’ve found is to use a service provided by www.supertweet.net called MyAuth API Proxy. This acts as a middle man between the Stoker and Twitter.

So previously, basic authentication was used by the Stoker to send tweets:

Now twitter is requiring OAuth. The fat arrow is an attempt to show a more robust connection between the client and twitter.

The solution is the middleman www.supertweet.net.

A quick how-to

  • Go to twitter.com and logon with your Stoker only account (you are using your dedicated stoker account, right?). Keep the tab open.
  • In a new tab, go to www.supertweet.net click on “Sign in with Twitter”
  • This will redirect you to twitter.com and you will be presented with a Deny/Allow page. Allow.
  • This will then redirect you back to supertweet.net. Click on “Activate”.
  • Choose a new password. DO NOT USE YOUR TWITTER PASSWORD!
    • Although the Stoker is dependent on supertweet.net for OAuth, one of the main ideas for OAuth is never having to give other sites your twitter.com password. In the spirit of that idea, you should choose a separate password for this
  • Open up the twitter page on the stoker (http://the_stoker_ip_address/twitter.html)
  • Enter the new password into the password field. Click Save Changes.
  • Done.

Disabling/de-authorizing/deactivating

  • Disable twitter on the Stoker
  • AND/OR Disable the account on supertweet.com by clicking “Make Inactive”
  • AND/OR Disable the authorization on twitter.com by going to “Settings” and then “Connections” and then “Revoke Access” for MyAuth API Proxy

A couple of notes

During this whole process, you should have only used your true twitter password once to log onto twitter.com. This is the whole point. So now, not even the Stoker knows the twitter password. The system works.

The one gotcha is that we are now dependent on supertweet.net to honor our privacy and not do anything malicious with the regular temperature updates. Sounds stupid, I know. I mean, it’s all public anyway. But just something to consider.

Version 2.6.0.254