3/27/09 Update – Twitter announced today a new method that apparently allows one to follow someone in one-click from another website but it is a negligible step forward. It seems to take two clicks and doesn’t return the follower back to where he came from as is done in this screencast with OAuth.
Twitter recently started rolling out OAuth support in a private beta for developers. Previously, as described in the Twitter Development Talk group, there was no way to automate a member of your website to follow your website’s twitter account, for instance. Now, with OAuth, today’s screencast shows that this can be done in a usable manner.
A common question about OAuth is “how do you designate what resource(s) a token is good for?” According to the OAuth spec Appendix B.9:
By itself, OAuth does not provide any method for scoping the access rights granted to a Consumer. A Consumer either has access to Protected Resources or it doesn’t. Many applications will, however, require greater granularity of access rights. For example, Service Providers may wish to make it possible to grant access to some Protected Resources but not others, or to grant only limited access (such as read-only access) to those Protected Resources.
When implementing OAuth, Service Providers should consider the types of access Users may wish to grant Consumers, and should provide mechanisms to do so. Service Providers should also take care to ensure that Users understand the access they are granting, as well as any risks that may be involved.
Feel free to check out the code. I’m not storing the access tokens in the database but since I’m only using OAuth for one purpose, I didn’t see any good reason to.