We're currently waiting on our User Experience team to put the final
touches on a BETA release of our OAuth support.  It's going to have
bugs, to be sure, but we should have it out there soon.

On Mon, Nov 24, 2008 at 12:53, Stut <[EMAIL PROTECTED]> wrote:
>
> On 24 Nov 2008, at 15:13, fastest963 wrote:
>>
>> A better alternative would be to just create an API key for
>> every user. Instead of entering username/password, they would enter
>> their secret API key?
>
> This is far less secure than OAuth and is actually not much better than
> requiring a username and password.
>
> One of the core benefits of OAuth is the ability to be very specific
> regarding what each authorised application is allowed to do, on a per
> application basis. It also allows you to selectively revoke the permissions
> of any specific application without needing to ask or even tell the
> application about it. To do this with the API key system you effectively
> need to re-authorise every app you use when you want to block just one of
> them. No real difference between this and having to change your password.
>
> I would much prefer that the guys (and gals) at Twitter concentrate on
> getting OAuth properly implemented (which is harder than it sounds) than
> their attention gets diverted by developers too impatient to wait for the
> right solution to the problem.
>
> -Stut
>
> --
> http://stut.net/
>



-- 
Alex Payne - API Lead, Twitter, Inc.
http://twitter.com/al3x

Reply via email to