How does the favorites widget not require OAuth?


We are looking to show our favorites on our website, but we want a very custom look - nothing like the widget that twitter offers for favorites. We can pull favorites ourselves, but that requires OAuth and we’d have to cache the favs locally, etc. etc.

I’m just wondering how the widget can pull them via JS in realtime without OAuth. Or is it that is has the an auth token embedded in it and it’s just obfuscated by the minification of the JS that it calls (doubtful) or even that it is called from a js file that originates on twitter’s server? Or in some other way has elevated access due to being Twitter’s official script.

At the end of the day, I don’t need to know how it works, but I’d love to be able to do something similar without just forcing a messy CSS overwriting of what the widget spits out.



I just answered my own question by finishing looking through my google results. Although I don’t think it’s exactly what twitter does, it solves the problem.

I found it here:

closed #3