let's step back. oAuth is the general framework that we want everybody to use. applications no longer have to store usernames and passwords, which is "a good thing".
normally, to get access tokens, applications send users through the oAuth workflow -- this means they bring up a webpage on twitter.com, enter username/password there, and then the oAuth tokens are handed back to the application. xAuth is a method for which to exchange usernames and passwords for those tokens, without send the user through the workflow. this is for two reasons: 1. mobile/desktop application authors have complained that it makes their UX fugly when they bring up a web browser (i'll hold my opinions on this); and 2. web applications that have been storing usernames and passwords need a method to "bulk convert" all their users over to oauth tokens. after that bulk conversion, web applications can send new users through the oAuth web workflow. does that clear things up? On Mon, Apr 26, 2010 at 3:46 PM, John Meyer <john.l.me...@gmail.com> wrote: > On 4/26/2010 4:23 PM, Raffi Krikorian wrote: > >> honestly, i wouldn't plan on it. the "spirit" of oAuth is that the >> user's credentials never even pass through a web application. >> > > Now I'm confused. Is xAuth going to be a method unto itself of > authenticating for the long-term, or is this the way that you are trying to > transition Basic users to oAuth through xAuth before Basic is shut down? If > it's the latter, I don't know why you would even bother if oAuth is simpler > than xAuth in the first place. > > > > > -- > Subscription settings: > http://groups.google.com/group/twitter-development-talk/subscribe?hl=en > -- Raffi Krikorian Twitter Platform Team http://twitter.com/raffi
