again - overly dramatic. everything i said above still stands - it provides transparency into the traffic that applications generate (potentially audit trails for users, better ways to squelch spammy apps, etc.), as well as provides some security in that user's passwords are not being sent in the clear.
you can easily look for other examples of people using oauth for similar situations - google is using oauth to allow applications access to mail, etc. > So basically you are saying Twitter wants a chokehold to block apps they > don’t like which you don’t currently have with basic auth. > > Considering your recent purchase of a twitter client is that really a > message you want to be spreading at the moment? > > How about leaving it up to end users to make the decision about which > clients they do and don’t use to access twitter. Restricting all clients to > oauth only is hardly going to give developers warm and fuzzy feelings that > with a single keystroke a client can be banned instantly across the entire > ecosystem. > > > > Or am I missing something? > > > > > > > > > > Cheers, > > Dean > > > ------------------------------ > > *From:* twitter-development-talk@googlegroups.com [mailto: > twitter-development-t...@googlegroups.com] *On Behalf Of *Raffi Krikorian > *Sent:* Wednesday, April 14, 2010 8:59 AM > *To:* twitter-development-talk@googlegroups.com > *Subject:* Re: [twitter-dev] Re: Basic Auth Deprecation > > > > in my ideal world, nobody would have access to a user's password except > twitter.com -- oauth provides a framework so end applications are not > storing the actual password. people are notoriously bad with using the same > password on lots of different sites. additionally, oauth provides twitter > better visibility into the traffic coming into our system, so we can better > shape traffic needs, we can provide auditing back to users on which > applications are doing what actions on their behalf, etc. > > > > On Wed, Apr 14, 2010 at 5:39 AM, Dean 'at' Cognation dot Net < > d...@cognation.net> wrote: > > But why is oauth better than basic for a desktop client? > > i understand it for the webapps but on a desktop client whats the > point? > > Basically you are saying the desktop end user cant be trusted? Sorry > but that doesn't make any sense. > > > > Please explain. > > > Cheers, > Dean > > > > On Apr 14, 1:15 am, Taylor Singletary <taylorsinglet...@twitter.com> > wrote: > > > Basic auto being turned off means just that.. > > > > Desktop clients can implement xAuth as an alternative, where you do a > > one-time exchange of login and password for an OAuth access token and > > continue from there signing your requests and doing things in the > > OAuth way. You'd no longer, as a best practice and one that I would > > stress in the upmost even on a desktop client, store the login and > > password beyond the xAuth access token negotiation step. If the token > > were revoked you would then query for the login and password again and > > so on and so on and also and also. > > > > Obtaining permission to use xAuth for desktop clients is as easy as > > > sending a well-identified and verbose note to a...@twitter.com. > > > > > Basic auth had a good run. It's nearly time to say goodnight. > > > > Taylor > > > > > > > > > > > > > On Tuesday, April 13, 2010, Dean Collins <d...@cognation.net> wrote: > > > Just so I understand this, applications running on the desktop will > still work correct? Basic functionality is only being turned off for web > apps correct? It's not like desktop apps will have to start using oauth. > > > > > Cheers, > > > > > Dean > > > > > -----Original Message----- > > > From: twitter-development-talk@googlegroups.com [mailto: > twitter-development-t...@googlegroups.com] On Behalf Of Dewald Pretorius > > > Sent: Tuesday, April 13, 2010 7:31 PM > > > To: Twitter Development Talk > > > Subject: [twitter-dev] Re: Basic Auth Deprecation > > > > > Could you please announce the hard turn off date somewhere on one of > > > your Twitter blogs about a month ahead of time, so that we all have an > > > official source to point our users to when we explain to them why > > > we're converting everything over to OAuth? > > > > > On Apr 13, 8:19 pm, Raffi Krikorian <ra...@twitter.com> wrote: > > >> we have announced deprecation, and will hard turn off basic > authentication > > >> in june. the exact date has not been set, but i presume it will be > later in > > >> the month. > > > > >> Is Basic Auth going to be deprecated (as in hard switched-off) in > > > > >> > June, or are you in June going to announce depracation, with the > hard > > >> > switch-off then coming a few months later? > > > > >> -- > > >> Raffi Krikorian > > >> Twitter Platform Teamhttp://twitter.com/raffi > > > > > -- > > > To unsubscribe, reply using "remove me" as the subject. > > > > -- > > Taylor Singletary > > > Developer Advocate, Twitterhttp://twitter.com/episod- Hide quoted text - > > > > - Show quoted text - > > > > > -- > Raffi Krikorian > Twitter Platform Team > http://twitter.com/raffi > -- Raffi Krikorian Twitter Platform Team http://twitter.com/raffi
