Twitter 关闭基本身份验证 - OAuth 对某些任务来说是否太过分了? [英] Twitter Turning off Basic Auth - is OAuth overkill for some tasks?
问题描述
当您的服务接受第三方用户的 twitter 登录名/id 时,我可以看到 OAuth 的好处,但是对于一个简单的 twitter 机器人,它只是简单地发布到单个机器人 Twitter 帐户,OAuth 是否看起来有点过分?
I can see the benefit of OAuth when your service accepts third party user twitter login/id's, but for a simple twitter bot that simply post to a single bot twitter account, does OAuth seem like overkill?
在后者的情况下,为了发布到 twitter 的简单目的,让 OAuth 进行身份验证的资源消耗最少的 PHP 方式是什么.
In the case of the latter, what's the least resource-expendful PHP way to get OAuth to auth for the simple purpose of posting to twitter.
推荐答案
我同意你的观点 OAuth 是一种矫枉过正,这是 OAuth 的错误用例.OAuth 旨在授权第三方,因此其流程很复杂.但是,Basic Auth 确实不安全,您无法在不更改密码的情况下撤销访问权限.
I agree with you OAuth is an overkill and this is the wrong use case for OAuth. OAuth is designed to authorize third-party so its flow is complicated. However, Basic Auth is indeed insecure and there is not way you can revoke the access without changing password.
OAuth 不是为机器人设计的,它需要用户操作.在服务器代码中模拟整个流程太麻烦了.您可以在这里简单地使用示例,
OAuth is not designed for bot, it requires user action. It's just too much trouble to simulate the whole flow in the server code. You can simply use examples here,
http://github.com/abraham/twitteroauth
获得访问令牌和令牌秘密后,将它们保存在您的机器人中.在发布时,只需包含令牌并签署您的请求.
Once you get the access token and token secret, save them in your bot. At posting time, simply include the token and sign your request.
这篇关于Twitter 关闭基本身份验证 - OAuth 对某些任务来说是否太过分了?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
