We're currently waiting on our User Experience team to put the final touches on a BETA release of our OAuth support. It's going to have bugs, to be sure, but we should have it out there soon.
On Mon, Nov 24, 2008 at 12:53, Stut <[EMAIL PROTECTED]> wrote: > > On 24 Nov 2008, at 15:13, fastest963 wrote: >> >> A better alternative would be to just create an API key for >> every user. Instead of entering username/password, they would enter >> their secret API key? > > This is far less secure than OAuth and is actually not much better than > requiring a username and password. > > One of the core benefits of OAuth is the ability to be very specific > regarding what each authorised application is allowed to do, on a per > application basis. It also allows you to selectively revoke the permissions > of any specific application without needing to ask or even tell the > application about it. To do this with the API key system you effectively > need to re-authorise every app you use when you want to block just one of > them. No real difference between this and having to change your password. > > I would much prefer that the guys (and gals) at Twitter concentrate on > getting OAuth properly implemented (which is harder than it sounds) than > their attention gets diverted by developers too impatient to wait for the > right solution to the problem. > > -Stut > > -- > http://stut.net/ > -- Alex Payne - API Lead, Twitter, Inc. http://twitter.com/al3x
