Fair point, there do seem to be more twitter apps than say Flickr apps, but is this not just a case of tool maturity though?
It is hard to beat cron and curl, but tools like http://intridea.com/2009/3/23/twitter-auth-for-near-instant-twitter-apps will make it easier to get past the auth setup and on to making an interesting app. OAuth is still pretty young compared to basic auth, the tools will get better I think I still think that OAuth as a single framework for web and desktop is a desirable model to aim for. Migrating the current Basic Auth acquired users to OAuth tokens will be a challenge though. registering your OAuthness with twitter.com or responding to a particular API call could then start a token issuing process? On 26 Mar 2009, at 17:19, Ed Finkler wrote: > > Exactly how I feel Cameron. Use of HTTP Basic Auth has contributed > greatly to interesting, unexpected uses of the API, especially those > that involve automation. I absolutely feel that the availability of > OAuth is a Good Thing, and for many use cases it is practically > essential, but it is also unsuitable for some. > > OAuth as the only authentication scheme will create a much higher > barrier for simple exploration of the API. That will be disappointing > to me if it happens. > > -- > Ed Finkler > http://funkatron.com > Twitter:@funkatron > AIM: funka7ron > ICQ: 3922133 > XMPP:funkat...@gmail.com > > > On Mar 26, 1:10 pm, Cameron Kaiser <spec...@floodgap.com> wrote: >>>> My friend sent me this blog post [1] (I believe the author is on >>>> this >>>> list) and though I agree with it generally there is one sentence >>>> that >>>> really stood out to me "it's a fantastic solution to _authenticate >>>> other >>>> web apps_". After mulling this over I think that this sentence >>>> should >>>> have been the author's final conclusion. >>> Ideally Twitter would have implemented token based authentication >>> from >>> the start as Flickr did, which would have avoided this whole >>> migration >>> of authentication techniques. >> >>> However Twitter have said that OAuth is their preferred >>> authentication >>> approach for the future, to roughly quote Doug from Tuesday night's >>> Twitter Devnest meeting. Given that I feel it is much more confusing >>> to have one means of authenticating desktop applications and another >>> for web applications. >> >> I think it's hard to say "ideally." Ideally *from a security >> perspective*, >> sure, but it has been observed and said by many people, not merely >> yours >> truly, that Twitter's API would probably not have the wide >> utilization it >> does if they had insisted on a token based auth from the very >> beginning. >> >> How many scripts are out there that are basically curl and a cron >> job? A lot. >> Unless they can migrate turning off Basic Auth will shut them down, >> which >> may or may not be a bad thing, but it was so easy to implement that >> they >> became Twitter users. That does count for something. >> >> This again should not be construed as a vote of no confidence in >> OAuth >> because I'm converting TTYtter (a desktop app) to it too, and there >> are clear >> advantages for certain functional domains. But I think it needs to be >> pointed out that OAuth is not always *the* solution, nor always the >> best >> solution in a field of inferior ones. >> >> -- >> ------------------------------------ personal:http://www.cameronkaiser.com/-- >> Cameron Kaiser * Floodgap Systems *www.floodgap.com* >> ckai...@floodgap.com >> -- "I am Pentium of Borg. Division is futile. You will be >> approximated." ------
