> I've been lurking on this list for a while. It's a nice resource for > Twitter development. I'm currently working on my own desktop Twitter > app. However I have apparently missed something on this list. > > What exactly is wrong with an application (for Mac OS X in this case) > asking for a user's Twitter user name and password. Storing the > password in the OS X Keychain isn't hard at all and it is encrypted.
Ed and I were sort of making that argument earlier. > Have I really missed something important? Does this "fever" about > apps asking for passwords apply to desktop and web apps, or just web > apps? I'd really like to know whether or not my application would > suddenly become "evil" because it asked for an account password. And > yes, my app does inform the user that the password will be stored in > the Keychain and it uses HTTPS when talking to the Twitter servers. In my opinion (I don't work for twitter or speak for them), I think 3rd party webapps have the most to gain from going OAuth, and desktop apps probably have the least. This is why I'm hoping Basic Auth will persist, even if in a limited or deprecated sense. It's not much good to make a desktop app walk the OAuth workflow because frankly an evil client application can do many more usefully evil things than simply being naughty with an OAuth token, and in some situations might make it impossible for that app to operate in a useful sense. (Think of all the little Twitter bots that are basically curl and a shell script, but still do useful monitoring work.) However, it *is* much more useful to make a 3rd party standalone web app do it, and that's why Twitter is going to offer it. -- ------------------------------------ personal: http://www.cameronkaiser.com/ -- Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com -- We shoulda bought a squirrel. -- "Rat Race" --------------------------------
