Monday, August 17, 2009 | 9:00 AM
Many of you may have seen Tweety (email@example.com) in action through either trying out the robot yourself or watching the Google Wave developer preview from Google I/O. The robot signs into your Twitter account and lets you fetch your Twitter timeline and post tweets from Google Wave. However, because Tweety was built as a quick demo for Google I/O, its initial authentication scheme involved passing a user's username and password in plain-text around Wave, which offered very little security.
We put together an OAuth library to extend the Java Robot API that allows for secure authentication using 3-legged OAuth. (See oauth.net for a detailed explanation of the authorization flow). Users log in directly to a service provider and are given an access token, which is stored in the Google App Engine datastore. We also changed Tweety to use OAuth.
The OAuth library is open source and packaged with the Java Robot API, so feel free to use it for your own robots!