Stupid Currency Tricks: Twitter OAuth Consumer

3/27/09 Update - Twitter announced today a new method that apparently allows one to follow someone in one-click from another website but it is a negligible step forward. It seems to take two clicks and doesn't return the follower back to where he came from as is done in this screencast with OAuth.

Twitter recently started rolling out OAuth support in a private beta for developers. Previously, as described in the Twitter Development Talk group, there was no way to automate a member of your website to follow your website's twitter account, for instance. Now, with OAuth, today's screencast shows that this can be done in a usable manner.

A common question about OAuth is "how do you designate what resource(s) a token is good for?" According to the OAuth spec Appendix B.9:

By itself, OAuth does not provide any method for scoping the access rights granted to a Consumer. A Consumer either has access to Protected Resources or it doesn’t. Many applications will, however, require greater granularity of access rights. For example, Service Providers may wish to make it possible to grant access to some Protected Resources but not others, or to grant only limited access (such as read-only access) to those Protected Resources.

When implementing OAuth, Service Providers should consider the types of access Users may wish to grant Consumers, and should provide mechanisms to do so. Service Providers should also take care to ensure that Users understand the access they are granting, as well as any risks that may be involved.

Feel free to check out the code. I'm not storing the access tokens in the database but since I'm only using OAuth for one purpose, I didn't see any good reason to.

Stupid Currency Tricks: Identica

In the last screencast, requests were posted to Twitter and members were automatically followed when they associated their Twitter ID with their OSCurrency account. In this episode, we see how minimal changes to the code allow us to do the same with Identi.ca instead of Twitter.

Besides all the advantages of being open source, Identi.ca also accepts OpenID. So does OSCurrency (since it is derived from Insoshi). Wouldn't it be great if microblogging messages could be routed like email messages?

Stupid Currency Tricks: Request Notifications with Twitter

Staying with the same theme as the previous screencasts, this one again shows how you don't have to navigate back to the portal site to participate.

Sometimes requests are very time sensitive so it's important to contact others ASAP about a need. This is a perfect application for Twitter or Identi.ca. When someone creates a request, either through the main website or through another site using the OsCurrency API, the request can immediately be sent out to Twitter.



To get this to work, jnunemaker's twitter gem was installed. It also has support for Identi.ca so I hope to be able to support that as well.

One could imagine that the currency system's twitter account could display its friend timeline within the currency portal, but that raises a privacy issue. If Jane with protected tweets follows the currency system's twitter account, that doesn't mean Jane wants everyone in the system seeing her tweets. Maybe Jane could just tell the currency system not to show her in the friend timeline to the rest of the members.