> We'll certainly be doing our utmost to incentivize developers to move
> to OAuth. The next major version of the API will be OAuth-only, for
> example.
This is where I get antsy, and maybe Chris can point out some ways to deal
with this, but from my perspective as a desktop client author OAuth is a
lot of hurt without a lot of benefit to me the developer (other than "it's
the only way in so love it or lump it"), and I think even the user's benefits
are nebulous. If you don't trust an application, you shouldn't be running it.
Isn't that where Trojan horses come in?
But let's say that there is (a) good reason for a desktop application to use
OAuth as its primary method; now I have a technical question. The way I'm
reading
http://oauth.net/core/1.0/
is that I go and get a request token (A.2), but I need to redirect a user to
a service provider's login page (ouch) for her to authorize that token (A.3),
then provide a callback URL (double ouch) (A.3). At best this is turning my
application into not only a Twitter client, but also a web server (to accept
the callback). At worst this isn't possible because the Service provider
*can't* call me back due to network restrictions on the desktop machine.
Also, since TTYtter is text based, I *really* don't want to be opening up a
browser to get logins (or if I do, I want it to be Lynx, and fat chance I bet).
Clearly OAuth is the way to go for standalone web sites talking to Twitter,
but I get nervous about hearing OAuth will be the only method of access while
trying to work through the issues unique to a desktop client. I would
appreciate hearing from someone knowledgeable about the best way to overcome
these issues, or if there is a special way that I missed where an application
can authenticate itself by just asking the user for their OAuth credentials
and proxy everything to the service provider, which would also suck, but less,
from a developer standpoint. (But that would also probably defeat the purpose
of OAuth.)
--
------------------------------------ personal: http://www.cameronkaiser.com/ --
Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com
-- Blanket statements are always wrong. ---------------------------------------
