Bill, The majority of our developers find OAuth sufficient because they are writing a Web applications. We are pleased that the deprecation of the source parameter lowered our support load and continues to drive adoption of our preferred authentication scheme.
There are of course other cases where developers find the current implementation's beta status or browser requirement concerning. I have yet to reject a source parameter request that provides a valid argument explaining why OAuth does not meet the application's needs. Thanks, Doug Williams Twitter API Support http://twitter.com/dougw On Wed, Apr 22, 2009 at 6:50 PM, Bill Robertson <billrobertso...@gmail.com>wrote: > > I respectfully disagree. (I would colorfully disagree, but you seem > pretty beat up right now and you don't deserve any guff) I think > developers of smaller apps see that little tag-line as a good source > of advertising, and it seems inaccessible now if you're new (right? > wrong?). You can only get it if you use OAuth, but OAuth is now > disabled? > > Anyway, just my $0.02. Prioritize it like everything else you need to > do (i.e. it's the 37th #1 thing on your list.) > > Good luck. > > On Apr 22, 7:58 pm, Alex Payne <a...@twitter.com> wrote: > > We don't consider source registration a "key feature". It's an > > incentive we provide to our developers. We wanted to encourage new > > developers to look into OAuth. It won't be in beta forever, after all. > > > > We have to balance the reality of testing a new technology in our > > stack with encouraging that technology's adoption. OAuth will provide > > the Twitter developer community with a number of benefits, and that's > > the direction in which we want to move, even while there are kinks to > > work out. > > > > > > > > On Wed, Apr 22, 2009 at 15:37, bwannon <bwan...@gmail.com> wrote: > > > > > If beta for you guys means "still in testing, not suitable for > > > production use", then why depreciate key features from basic auth like > > > source registration before you have a production ready release? > > > > > On Apr 22, 3:27 pm, Alex Payne <a...@twitter.com> wrote: > > >>http://blog.twitter.com/2009/04/whats-deal-with-oauth.html > > > > >> In short: there's a security issue with OAuth, and the major OAuth > > >> providers are working together to patch the vulnerability before > > >> information about the issue is publicly released. That information > > >> will be available athttp://oauth.net/atmidnight, PST. > > > > >> In cooperation with this consortium of other OAuth providers > > >> (including Yahoo!, Google, Netflix, etc.), we agreed not to disclose > > >> the nature of the vulnerability, nor even that a vulnerability > > >> existed, until all members of the group agreed to do so. I apologize > > >> for what must have seemed unnecessarily tight-lipped communication > > >> around this issue, but please understand that we and the other > > >> companies involved are trying to mitigate the impact of this > > >> vulnerability as much as possible. > > > > >> Please also note that our OAuth support is in beta, albeit public > > >> beta. We have not suggested to developers that they rely solely on > > >> OAuth until our support of the standard leaves beta. I know that some > > >> companies practice a policy of "perpetual beta", but at Twitter, we do > > >> not. For us, "beta" really means "still in testing, not suitable for > > >> production use". > > > > >> Thanks for your patience and understanding. > > > > >> -- > > >> Alex Payne - API Lead, Twitter, Inc.http://twitter.com/al3x > > > > -- > > Alex Payne - API Lead, Twitter, Inc.http://twitter.com/al3x >
