Using javascript with the twitter API

Question

I'm interested in making a twitter client using Adobe Air, but I'm kinda stuck right now, as I can't figure out a better way to connect to the twitter REST API since it needs authentication.

Currently, the client sends a request to my server (a php script using curl) with the twitter username/password (unencrypted) in GET variables. The server then makes a request to twitter using those credentials and outputs the buffer, which gets sent back to the client, which then processes/displays it.

This obviously is a horrendous security hole, so does anyone know of a better (more secure) way of doing it?

FYI: I'm using jQuery.

Answer 1

There are a few Base64 Encoding tools out there. You can use one of them. You can add a header with the encoded username and password based on the Basic Auth specs

Here is a post that does exactly what you want. http://www.aswinanand.com/blog/2009/01/http-basic-authentication-using-ajax/. The base64 is encoded using this library from ostermiller.org

$.ajax({    
  'url': 'http://twitter.com/action/',
  'otherSettings': 'othervalues',
  'beforeSend': function(xhr) {
    xhr.setRequestHeader("Authorization", "Basic  " + 
                          encodeBase64(username + ":" + password));
  },
  sucess: function(result) {
   alert('done');
  }
});