We’ve updated the Twitter backup service Tweetake.com, created in partnership with Nikki Pilkington, to use Twitter’s safe sign-in protocol. Tweetake users no longer have to enter their usernames and passwords, and as a consequence the service is both easier to use and more secure.
The “sign-in with Twitter” facility we have used is based on the OAuth protocol, a simple but robust approach which makes it much easier for applications such as Tweetake to provide services in a trustworthy manner. Users can check which applications they have granted access to and if needs be withdraw their permission at any time, through your account connections page on the Twitter site.
OAuth explained in brief
The OAuth protocol works because instead of an application needing to know the user’s password, instead it is given a key (a token) for each user to grant it access. Each token is unique to the application and user. So if two applications A1 and A2 are both granted permission by two users U1 and U2, Twitter will have issued four different unique tokens which represent the combinations A1+U1, A1+U2, A2+U1 and A2+U2 .
As well as the user token each application also has its own secret key that identifies it. When the application makes a request on a user’s behalf it sends its own secret key plus the user token. For the request to be granted, Twitter will first validate the application’s key and then check that the token string is a current one granting permission to the application from the given user. If all is well, the application is allowed to make the request.
If you’ve not used Tweetake before because you don’t like giving your Twitter password to strangers, why not try it out now? It’s always been the simplest way to backup your tweets, but now it’s much more secure as well.
Figure W do social networking apps for all kinds of purposes. Ring us on 07783 386951 or use our contact form to discuss your own brilliant ideas.