It seems to me that Twitter themselves have said (or at least heavily
implied) that Basic Auth will GO AWAY in the future. Therefore,
OAuth
will be the ONLY hammer to use when driving nails.
Now, if that stance has changed and Basic Auth will be available
forever more, then I am more than happy not to waste my time building
OAuth into all of my scripts (I really have better things to do), and
Mr. @funkatron will win the day. So far there has been no indication
of this, so I am preparing (as well as other devs) for the
forthcoming
(unannounced as of yet) flag day when The Basic Auth In The Sky Mad
Scientist Switch Gate is flipped off by Al3x and Matt wearing lab
coats and big goggles while laughing maniacally with Jacob's Ladders
sparking madly behind them (I want video of this).
It's not because we *want* to, it's because we *have* to.
I'm going to trump Dossy here and give his requisite "love the bomb"
speech, blah blah blah... done.
Now, let's look at it from another perspective really quick. It
could
be the case that Twitter decides to leave Basic Auth on forever along
side OAuth. It may be that in the twitter app ecosystem (web or
desktop/iphone), that apps that use Basic Auth will be shunned by
users and ultimately fail b/c everyone is so ga-ga over OAuth finally
being the "solution" for Twitter user security/protection (it's not
really, but the illusion is all people want to believe). Thus, apps
that want to survive may be forced by peer-pressure to implement
OAuth
to gain user adoption.
The opposite may happen, as has been suggested, that since Basic Auth
is so easy for both devs and users alike, that it may still reign
supreme as the preferred authentication method, and instead the OAuth
apps will be shunned for being too user unfriendly.
Who knows what would really happen? It might be a fun experiment to
find out, but it's ultimately up to Twitter. Right now the plan laid
out before us is "OAuth or Nothing", so that's what we're all
planning
for.
-Chad
On Fri, Mar 27, 2009 at 1:31 PM, Joshua Perry <j...@6bit.com> wrote:
Thats exactly what I am saying, just because OAuth is the hammer
that the
Twitter developers are providing to solve the third party
delegation problem
doesn't make every problem a "nail", and I don't understand why
everyone is
jumping on board trying to shoehorn OAuth into every
authentication scheme.
If we as users of the API don't want to subject the users of our
applications, or ourselves when writing personal scripts, to OAuth
machinations for no reason then we should let the Twitter
developers know.
Just blindly jumping on the bandwagon is going to give them the
impression
that everything is great.
Use OAuth where it was meant and designed to be used, in the realm
of third
party delegation and revocation, and leave it there.
Steve Brunton wrote:
On Fri, Mar 27, 2009 at 12:33 PM, Joshua Perry <j...@6bit.com>
wrote:
Seriously guys, whats the point in implementing OAuth for stuff
like this?
Why do you need to "delegate" access rights to your scripts, your
scripts
_are_ you, acting as a proxy to the Twitter API as you.
If Basic Auth is going to go away at some point in time; well, then
we'll have to have this to actually authenticate and authorize the
scripts unless some other means becomes available. If Basic Auth is
never ever ever ever ever going to go away then you are correct we
don't need to worry about doing such delegation to our scripts. I
posed the same question earlier and never saw a response or a
suggestion that there might be an alternate plan in the works for
those of us that do backend internal work of such things, so I'm
currently planning the OAuth route.
-steve