On Wed, Apr 14, 2010 at 8:39 AM, Dean 'at' Cognation dot Net <d...@cognation.net> wrote: > But why is oauth better than basic for a desktop client? > > i understand it for the webapps but on a desktop client whats the > point? > > Basically you are saying the desktop end user cant be trusted? Sorry > but that doesn't make any sense. > > Please explain.
ARGH. Are you kidding me?! Here's a simple use case: "Change your Twitter password" If you are using only OAuth apps, they will be unaffected. If you are using Basic Auth apps, you will have to go around and update all of them OR risk being locked out of your Twitter account. I know; this just happened to me. More below… On Wed, Apr 14, 2010 at 9:28 AM, Dean Collins <d...@cognation.net> wrote: > > So basically you are saying Twitter wants a chokehold to block apps they > don’t like which you don’t currently have with basic auth. > > Considering your recent purchase of a twitter client is that really a > message you want to be spreading at the moment? > > How about leaving it up to end users to make the decision about which > clients they do and don’t use to access twitter. Restricting all clients to > oauth only is hardly going to give developers warm and fuzzy feelings that > with a single keystroke a client can be banned instantly across the entire > ecosystem. > > Or am I missing something? Dean, seriously, lay off the X-Files re-runs. They're making you sound paranoid. Twitter has been talking about this for ***at least*** 6 months, maybe 12. Bringing up the purchase of Tweetie only make it looks like you have an axe to grind. "Leave it to end users"? Because end users will do what developers will do: the laziest option available. Requiring users to repeatedly type Twitter passwords is going to lead most of them to a) use insecure passwords and b) not change them. Forcing developers who would otherwise be too lazy to implement OAuth to change will make it better for users and developers in the long run. I say this as someone whose ONLY method of interacting with the Twitter API is on the commandline, meaning that I am going to have to look at every single piece of code I've written, every little shell script (several dozen, at least) to see where I have to change things. And I don't make a dime from this, I'm providing a free service. As are — oh yeah — Twitter. Giving away your password is insecure. Twitter users have been extremely vulnerable to this. This will make Twitter accounts more secure. It's a good thing that requires extra work. Changing your password when using Basic Auth is a giant PITA. I know because I just did it across all my Twitter accounts and clients. And anyone who says that Twitter is "springing" this on people is either a liar or ignorant. TjL -- To unsubscribe, reply using "remove me" as the subject.
