On Jan 2, 11:06 am, "Jesse Stay" <[email protected]> wrote: > > It's true, OAuth doesn't really solve this problem, but the general public > thinks it does.
Actually, it does. With OAuth you can turn off a particular token, blocking a *specific* application (i.e. Twply). It doesn't prevent bad actors from behaving badly, but it does given provide a pathway to give users more control over third-party access to their account. I'm not really sure why Twply needed a user's Twitter credentials in the first place (but boy, they sure are easy to ask for!), but I imagine it helps with getting private @replies (which search alone won't give you). In that case, Twitter could make it possible, like Flickr does, to enable a third-party app to request certain permissions -- in this case, a user's reply stream -- and nothing more. So I disagree that OAuth doesn't solve this problem. At the bare minimum it minimizes the scope of the inconvenience of needing to change your Twitter password (and then changing it in all the other Twitter apps that you use). Chris
