I like oAuth because for both Twitter and me as a developer, it associates the request with both the user and app. As a developer, I have a bunch of apps and I can go to twitter.com/oauth to see the number of users that have used each app. (One thing that I noticed - the number goes down sometimes??? Why is that?) Twitter can do things like block rogue apps, analyze popularity easily etc.
On Apr 14, 8:58 am, Raffi Krikorian <ra...@twitter.com> wrote: > in my ideal world, nobody would have access to a user's password except > twitter.com -- oauth provides a framework so end applications are not > storing the actual password. people are notoriously bad with using the same > password on lots of different sites. additionally, oauth provides twitter > better visibility into the traffic coming into our system, so we can better > shape traffic needs, we can provide auditing back to users on which > applications are doing what actions on their behalf, etc. > > On Wed, Apr 14, 2010 at 5:39 AM, Dean 'at' Cognation dot Net < > > > > > > d...@cognation.net> wrote: > > But why is oauth better than basic for a desktop client? > > > i understand it for the webapps but on a desktop client whats the > > point? > > > Basically you are saying the desktop end user cant be trusted? Sorry > > but that doesn't make any sense. > > > Please explain. > > > Cheers, > > Dean > > > On Apr 14, 1:15 am, Taylor Singletary <taylorsinglet...@twitter.com> > > wrote: > > > Basic auto being turned off means just that.. > > > > Desktop clients can implement xAuth as an alternative, where you do a > > > one-time exchange of login and password for an OAuth access token and > > > continue from there signing your requests and doing things in the > > > OAuth way. You'd no longer, as a best practice and one that I would > > > stress in the upmost even on a desktop client, store the login and > > > password beyond the xAuth access token negotiation step. If the token > > > were revoked you would then query for the login and password again and > > > so on and so on and also and also. > > > > Obtaining permission to use xAuth for desktop clients is as easy as > > > sending a well-identified and verbose note to a...@twitter.com. > > > > Basic auth had a good run. It's nearly time to say goodnight. > > > > Taylor > > > > On Tuesday, April 13, 2010, Dean Collins <d...@cognation.net> wrote: > > > > Just so I understand this, applications running on the desktop will > > still work correct? Basic functionality is only being turned off for web > > apps correct? It's not like desktop apps will have to start using oauth. > > > > > Cheers, > > > > > Dean > > > > > -----Original Message----- > > > > From: twitter-development-talk@googlegroups.com [mailto: > > twitter-development-t...@googlegroups.com] On Behalf Of Dewald Pretorius > > > > Sent: Tuesday, April 13, 2010 7:31 PM > > > > To: Twitter Development Talk > > > > Subject: [twitter-dev] Re: Basic Auth Deprecation > > > > > Could you please announce the hard turn off date somewhere on one of > > > > your Twitter blogs about a month ahead of time, so that we all have an > > > > official source to point our users to when we explain to them why > > > > we're converting everything over to OAuth? > > > > > On Apr 13, 8:19 pm, Raffi Krikorian <ra...@twitter.com> wrote: > > > >> we have announced deprecation, and will hard turn off basic > > authentication > > > >> in june. the exact date has not been set, but i presume it will be > > later in > > > >> the month. > > > > >> Is Basic Auth going to be deprecated (as in hard switched-off) in > > > > >> > June, or are you in June going to announce depracation, with the > > hard > > > >> > switch-off then coming a few months later? > > > > >> -- > > > >> Raffi Krikorian > > > >> Twitter Platform Teamhttp://twitter.com/raffi > > > > > -- > > > > To unsubscribe, reply using "remove me" as the subject. > > > > -- > > > Taylor Singletary > > > Developer Advocate, Twitterhttp://twitter.com/episod-Hide quoted text - > > > > - Show quoted text - > > -- > Raffi Krikorian > Twitter Platform Teamhttp://twitter.com/raffi
