Letting a mobile/desktop app grab an OAuth token using the user’s username/password is still helpful because then they can store the token instead of the username/password, which is a big deal when there’s no really secure way to store it. Also, if your mobile phone/laptop gets stolen, you can still log in via the Twitter website and revoke access from the apps installed on your phone/laptop. If the app just used basic auth then the only way to revoke access would be to change your password. But, whoever stole your phone/laptop could have changed your password first (if the app was using Basic auth), and you’re locked out of your account.
So, a way to log in with basic auth and grab a OAuth token would can still be useful. JDG wrote: But it completely subverts the point of OAuth, because it lets a third party have your password. Why even use OAuth in that case?
