Re: [twitter-dev] Re: Reinstate 'from app' for Basic Auth desktop apps until OAuth is fixed
I've been using OAuth for more than 3 months now, about 8 hours a day during the week while at work, using my own library and my own twitter client. I've never had an issue with stability. Now the desktop implementation is crappy(been posted about 50 billion times), but other than that, I've never run into issues with OAuth. Now I don't use search or streaming, though I don't even know if those use OAuth. Is there a specific stability issue? Ryan On Wed, Jan 13, 2010 at 4:32 PM, Dewald Pretorius dpr...@gmail.com wrote: Raffi, As I have noted before, the reliability of OAuth is an actual concern. Also the availability of that easy one-time migration method (getting the OAuth stuff when you have the username and password). Twitter OAuth is still in beta. Ryan said that migration to OAuth will become mandatory this year. That cannot be done until you move Twitter OAuth into stable production mode. If you do not have the necessary confidence in your OAuth implementation to do that, then you cannot force anyone to use it. On Jan 12, 3:01 am, Raffi Krikorian ra...@twitter.com wrote: As it stands, developers who have relatively new desktop apps are penalized by having updates from their app say 'from web'. Older Basic Auth desktop clients continue to enjoy a link back to the client web site with a 'from app' link. ... I understand Twitter is trying to force people to use OAuth, but that won't happen in a meaningful way until OAuth is reliable, has a truly usable workflow (PIN method isn't it), and can work well with other services (Twitpic, yfrog, etc). We aren't there yet. i'm trying to gather use cases around OAuth to help it make sense for more people to use it -- as it stands, we are not going to allow the source parameter to be set in new applications unless they come from OAuth. so, please help me out! is the reliability of OAuth an actual concern? do you have a suggestion as to what you would like to see other than the PIN workflow? additionally, we're actively working on a delegation method for integration with other services. -- Raffi Krikorian Twitter Platform Teamhttp://twitter.com/raffi
Re: [twitter-dev] Re: Reinstate 'from app' for Basic Auth desktop apps until OAuth is fixed
On Thu, Jan 14, 2010 at 10:52 AM, ryan alford ryanalford...@gmail.comwrote: I've been using OAuth for more than 3 months now, about 8 hours a day during the week while at work, using my own library and my own twitter client. I've never had an issue with stability. Now the desktop implementation is crappy(been posted about 50 billion times), but other than that, I've never run into issues with OAuth. Now I don't use search or streaming, though I don't even know if those use OAuth. Is there a specific stability issue? Ryan I've found it just as stable as the rest of the API. It's not perfect, but is generally pretty good. My main concern is that I'd like the mobile pages to be formatted for mobile devices. Oh - and the ability to delegate between apps. Sooo looking forward to that. Tim.
Re: [twitter-dev] Re: Reinstate 'from app' for Basic Auth desktop apps until OAuth is fixed
I agree. I believe OAuth for mobile and the delegation between apps are the biggest concerns that need to be addressed before the depreciation of basic oauth in June. Both of these have been beaten to a pulp. However, these issues certainly do not push OAuth into an unstable beta state that couldn't be used in production apps. Ryan Sent from my DROID On Jan 13, 2010 5:46 PM, Tim Haines tmhai...@gmail.com wrote: On Thu, Jan 14, 2010 at 10:52 AM, ryan alford ryanalford...@gmail.com wrote: I've been using O... I've found it just as stable as the rest of the API. It's not perfect, but is generally pretty good. My main concern is that I'd like the mobile pages to be formatted for mobile devices. Oh - and the ability to delegate between apps. Sooo looking forward to that. Tim.
Re: [twitter-dev] Re: Reinstate 'from app' for Basic Auth desktop apps until OAuth is fixed
On Tue, Jan 12, 2010 at 11:21 PM, Raffi Krikorian ra...@twitter.com wrote: If that is the reason for disallowing the source param, why is this policy not being applied uniformly? How would users of Tweetie, Twitterrific, etc. feel if all their updates now said 'from web'? How would the developers of those apps feel? those applications have been grandfathered in -- requiring oauth to set the source parameter applies to newer applications. -- Raffi Krikorian Twitter Platform Team http://twitter.com/raffi Not sure I agree with twitter discission to give the current applications a break, yet force new apps to conform. Come on its been like 6 months, pull the plug already and stop babying these old apps. So new apps should have to deal with the headaches, while these guys get to sit back and relax until things cool down?? Heh. the ability to forge the source parameter is too easy when simply using basic auth. That's a pretty lame excuse. Desktop apps using oauth are just as susceptible to this as basic apps. You must distribute your consumer credentials with the app. A hacker can strip these and use them for forging. So OAuth provides no protection there. Only safety to be had with oauth is with server based apps that can keep their credentials safe. Josh
Re: [twitter-dev] Re: Reinstate 'from app' for Basic Auth desktop apps until OAuth is fixed
What is the reason for no longer allowing the source parameter for Basic Auth desktop apps? the ability to forge the source parameter is too easy when simply using basic auth. -- Raffi Krikorian Twitter Platform Team http://twitter.com/raffi
Re: [twitter-dev] Re: Reinstate 'from app' for Basic Auth desktop apps until OAuth is fixed
If that is the reason for disallowing the source param, why is this policy not being applied uniformly? How would users of Tweetie, Twitterrific, etc. feel if all their updates now said 'from web'? How would the developers of those apps feel? those applications have been grandfathered in -- requiring oauth to set the source parameter applies to newer applications. -- Raffi Krikorian Twitter Platform Team http://twitter.com/raffi