World: r3wp

As opposed to R, as I'd previously stated : (

Crud indeed.

Many thanks for the protocol!

I'll include it in Syllable Server on the next release

Re. Twitter, you'll need a consumer key/secret (register an app at 
http://dev.twitter.com/) to get it working.

Current theory is that I have to double url-encode my post params 
when signing.  Sheesh.

R2 or R3?

R2.

Same principles should apply to R3 (after all, you're only adding 
a header to each request), but I don't know the R3 HTTP scheme that 
well.

So, you can tweet using OAuth ?

If so, that's pretty cool

Chris, the current http protocol does support custom headers with 
get like this 

read URL [ header [ Cookie: "authtoken=anotherfoo" ]]

The 'header is an undocumented feature

Basic authentication is being turned off on twitter end of this month!

Is someone going to register Rebol/View as an application?

for OAuth

The answer is...

Yesss!!

And thanks for the 'header tip - it works, and so this implementation 
works with the built-in HTTP scheme : )

The obvious caveat is that it doesn't work over SSL, that I'm afraid 
is an exercise for those using /Command or Stunnel.

SSL is available for everyone

with the latest View

Huh, so it is...

I'm hoping my changes or a variation of them will be rolled into 
the built in http scheme :)

I missed that.  So...  Works with SSL as well - cool!

I switched out the URL and it still works : )

Yes - need to be able to use 'put and 'delete for sure.

http://rebol.wik.is/Code_Samples/Tweet.r

Need a little example like this one :)

I know, it's a pain you can't use it without API keys...

I may change the third argument to a filename that automatically 
loads and saves user info.  At the moment, it asks for a block.

Note that if you view the tweets on Twitter itself, it links back 
to my page (where it says 'Client for REBOL') - http://twitter.com/rgrebol

So, what's missing?

And can your oauth work be used for google ?

Should be somewhat compatible.  There's two main parts: the header 
and the handshake.

I've tried to separate as much as my code as is possible, but it 
may not be generic enough...

The header is used to sign request parameters, including the parameters 
of the OAuth header.

The handshake is a multi-step process to get a user's credentials: 
request a temporary token, send the user to the site, user comes 
back and enters a code, request a permanent token.

That's all there is to it : )

Yeah ... I looked at this before and decided it was a little tricky 
:)

A more generic implementation may be a protocol that wraps around 
http(s).

read/custom oauth://[chris-:-api-:-twitter-:-com]/ [post a: 1 b: 2 c: 3]

sounds like a good idea :)

Doable, I think.  Need to have a way to store user info over sessions.

system/user ?

I think that's fine if it's for your own purposes...

as opposed to ?

Well, even for twitter, I maintain an account for my soccer team 
- so I have an app key/secret and two user key/secrets.

Then for google, you'd need an app key/secret and a user key/secret.

So you'd need to store by domain and user.

I see ...

api.twitter.com
 [
    "rgrebol" [
         key/secret/other metadata
    ]
]

docs.google.com
 [...]