in my ideal world, nobody would have access to a user's password except twitter.com -- oauth provides a framework so end applications are not storing the actual password. people are notoriously bad with using the same password on lots of different sites. additionally, oauth provides twitter better visibility into the traffic coming into our system, so we can better shape traffic needs, we can provide auditing back to users on which applications are doing what actions on their behalf, etc.
On Wed, Apr 14, 2010 at 5:39 AM, Dean 'at' Cognation dot Net < d...@cognation.net> wrote: > But why is oauth better than basic for a desktop client? > > i understand it for the webapps but on a desktop client whats the > point? > > Basically you are saying the desktop end user cant be trusted? Sorry > but that doesn't make any sense. > > > > Please explain. > > > Cheers, > Dean > > > > On Apr 14, 1:15 am, Taylor Singletary <taylorsinglet...@twitter.com> > wrote: > > Basic auto being turned off means just that.. > > > > Desktop clients can implement xAuth as an alternative, where you do a > > one-time exchange of login and password for an OAuth access token and > > continue from there signing your requests and doing things in the > > OAuth way. You'd no longer, as a best practice and one that I would > > stress in the upmost even on a desktop client, store the login and > > password beyond the xAuth access token negotiation step. If the token > > were revoked you would then query for the login and password again and > > so on and so on and also and also. > > > > Obtaining permission to use xAuth for desktop clients is as easy as > > sending a well-identified and verbose note to a...@twitter.com. > > > > Basic auth had a good run. It's nearly time to say goodnight. > > > > Taylor > > > > > > > > > > > > On Tuesday, April 13, 2010, Dean Collins <d...@cognation.net> wrote: > > > Just so I understand this, applications running on the desktop will > still work correct? Basic functionality is only being turned off for web > apps correct? It's not like desktop apps will have to start using oauth. > > > > > Cheers, > > > > > Dean > > > > > -----Original Message----- > > > From: twitter-development-talk@googlegroups.com [mailto: > twitter-development-t...@googlegroups.com] On Behalf Of Dewald Pretorius > > > Sent: Tuesday, April 13, 2010 7:31 PM > > > To: Twitter Development Talk > > > Subject: [twitter-dev] Re: Basic Auth Deprecation > > > > > Could you please announce the hard turn off date somewhere on one of > > > your Twitter blogs about a month ahead of time, so that we all have an > > > official source to point our users to when we explain to them why > > > we're converting everything over to OAuth? > > > > > On Apr 13, 8:19 pm, Raffi Krikorian <ra...@twitter.com> wrote: > > >> we have announced deprecation, and will hard turn off basic > authentication > > >> in june. the exact date has not been set, but i presume it will be > later in > > >> the month. > > > > >> Is Basic Auth going to be deprecated (as in hard switched-off) in > > > > >> > June, or are you in June going to announce depracation, with the > hard > > >> > switch-off then coming a few months later? > > > > >> -- > > >> Raffi Krikorian > > >> Twitter Platform Teamhttp://twitter.com/raffi > > > > > -- > > > To unsubscribe, reply using "remove me" as the subject. > > > > -- > > Taylor Singletary > > Developer Advocate, Twitterhttp://twitter.com/episod- Hide quoted text - > > > > - Show quoted text - > -- Raffi Krikorian Twitter Platform Team http://twitter.com/raffi
