You're failing to see the point. In the past, with basic auth, there was no need to "create any sort of account" from the third party app side. No need for a database, local accounts, nothing. A user could login as this wish, without issue, regardless as to whether or not they need to access the Twitter.com domain, ever. Removing this login method changes the entire flow, adds requirements for third party apps to now maintain their own, potentially, local database user accounts, etc, and still requires the user to access, even once, twitter.com. It just doesn't flow to say, hey, when you're home, do this, then come back later. Sure it may work, it's just "not eloquent", and has a negative impact on any existing userbase.
BTW, for your reference, yes, we have already been "web sensed" in many cases anyway for many users at their location. Of course, just so my "claim" rings true with you, please reference the following link, and I'll let you figure out which application applies: http://www.google.com/ig/directory?q=twitter (Note: that's installed userbase for iGoogle only, doesn't count gmail, standalone, wave, etc, that'd take it closer to 1,000,000). On Aug 14, 9:37 am, Ken <k...@cimas.ch> wrote: > Why is this an issue? > > A few months ago, someone from Twitter I believe suggested a pattern > such as this: > > User starts to create an account on your site > To enable the Twitter integration, you send them to Twitter.com *once* > where they allow your app. > You store their token and log the user in to your site with a > temporary password you generate, that they can change. You might > collect their email address this way. > From then on, they never have to go to Twitter.com. They can interact > with Twitter via your app, using your website, email, sms, etc. > > Of course, with the massive use of your site that you claim, it won't > be long before your site is listed by Websense and the various evil > governments mentioned above. > > On Aug 14, 1:04 am, TheGuru <jsort...@gmail.com> wrote: > > > Is there no one from Twitter proper who has a position regarding this? > > > On Aug 13, 2:12 pm, TheGuru <jsort...@gmail.com> wrote: > > > > Add that to the list of even more reasons why this is an issue. > > > > However, even stating oh well, tell them to use their cell phones, > > > obviously isn't a solution of any degree. Smart Phone penetration in > > > the US, for example, is still less than 20%... > > > > On Aug 13, 9:43 am, earth2marsh <ma...@earth2marsh.com> wrote: > > > > > At least "people at work" have the potential to use phones to access > > > > Twitter… > > > > > I'm worried about users like those in China behind The Great Firewall. > > > > Currently, they can interact with Twitter by using proxies and http > > > > basic auth. But OAuth requires access to twitter.com (or some sort of > > > > mediation). xAuth could be a solution, but there is already a shortage > > > > of clients that support alternate endpoints, and some of those use > > > > OAuth instead of xAuth (or neither). > > > > > When basic auth is shut off, who knows how many Chinese voices will > > > > fall silent… or in North Korea. Or in Iran. Or in …? > > > > > I'm interested in hearing what others think about this. > > > > > Marsh > > > > > On Aug 12, 10:31 pm, TheGuru <jsort...@gmail.com> wrote: > > > > > > I'm curious to post this question to see if Twitter has fully thought > > > > > out the impact of forcing OAuth onto their API applications. While it > > > > > may appear to be a more secure method preferred in principle by users, > > > > > the fact of the matter is that one of the main benefits of the API, is > > > > > the ability for third party twitter alternatives to be created, thus > > > > > allowing people to tweet during "business hours", when they normally > > > > > could not due to firewall / web sense restrictions, etc, that prevent > > > > > them from accessing the twitter.com domain. > > > > > > Via basic authentication, users would never have to visit twitter.com > > > > > to login and gain access to twitter functionality via api clients. By > > > > > shutting this down, you are now forcing ALL potential users to login > > > > > via twitter.com, many of which do not have access to this domain in > > > > > their workplace environment, thus excluding them from easily using > > > > > your service wholesale. > > > > > > This can / will, I suspect, have significant impact on twitter usage / > > > > > volume, unless I am missing something and there is an alternative the > > > > > does not require them to directly access the twitter.com domain to > > > > > grant access.
