ansaurus

Question

Answer 1

+2 A:

There are a few Base64 Encoding tools out there. You can use one of them. You can add a header with the encoded username and password based on the Basic Auth specs

Here is a post that does exactly what you want. http://www.aswinanand.com/blog/2009/01/http-basic-authentication-using-ajax/. The base64 is encoded using this library from ostermiller.org

$.ajax({    
  'url': 'http://twitter.com/action/',
  'otherSettings': 'othervalues',
  'beforeSend': function(xhr) {
    xhr.setRequestHeader("Authentication", "Basic  " + encodeBase64(username + ":" + password)
  },
  sucess: function(result) {
   alert('done');
  }
});

bendewey 2009-03-22 14:07:39

not that base64 would make things more secure ...

ax 2009-03-22 18:46:31

true, but last I checked. twitter only supports basic.

bendewey 2009-03-23 01:03:57

I still get a login prompt when using this technique in FF 3.6.11 - has something changed?

DEfusion 2010-10-26 22:04:34

I've found this question (http://stackoverflow.com/questions/86105/how-can-i-supress-the-browsers-authentication-dialog) that seems to suggest you can't avoid the browsers default login prompt if the details are incorrect.

DEfusion 2010-10-26 22:32:02

Answer 2

A:

I've been thinking about doing something similar with a PHP proxy server (the app requires more requests than are allowed without whitelisting so I'll need to route requests through a single IP).

My idea is that you only send the username/password combination once and then assign the user a temporary session id that is used for future requests. Sending the initial username/password securely is a little tricky, you could encrypt it with a salt but I don't know how easy AIR apps are to decompile. Another option could be SSL (but I'm still not entirely sure how that works).

Here's a step-by-step guide for the session id concept though:

User gives AIR app Twitter credentials.
Credentials encrypted and sent to the proxy server.
Authentication tested at the proxy.
- If successful a session is created and the id to use is returned.
  - Note that session contains an expiry date/time and can only be used by one IP.
- If unsuccessful an error is returned to the client.
Client stores session id and uses it in future requests in place of the username/password.
- E.g. request.php?action=get&data=friends_timeline&sessid=a3ajh83bah35nf
- Session expiry time extended on each update.
When user signs out of application a kill message is sent to the proxy and the session is nullified.

Ross 2009-03-22 14:11:49

Answer 3

A:

Hi,

you should take a look at Spaz. http://funkatron.com/spaz - it is an open source Twitter Client written in javascript for Air. The source is available at Google Code. http://code.google.com/p/spaz/

I have not looked that much at the source, but I can see some elements have been written in Flash/Flex. I am using the app however, and it just works.

Hope this is useful to you.

2009-03-23 14:32:19

Answer 4

A:

Ada is an Adobe Air Twitter client written in Javascript. You can download it to get an idea of what it does:

http://madan.org/ada

The code for Ada is on GitHub:

http://github.com/sfsam/ada/tree/master

Ada uses Base64. The nice thing about Ada is that the code base is really small so you should be able to figure it all out.

sam 2009-09-06 23:51:15

ansaurus

tags:

views:

answers:

Using javascript with the twitter API

related questions