Hi all,
Sorry for chiming in on this late by I have been working with
@mrtall on the OAuth code. Your first question about allowing OAuth
and Basic Auth to co-exist is one we've covered a few times in this
group but it's sort of buried in the documentation [1]. We plan to
keep Basic Auth available for six months after the public launch of
OAuth. The idea with this overlap period is so people have plenty of
time to migrate applications.
Your second question about the token lifetime is something the
spec [2] and the beginner's guide [3] touch on briefly but is left up
to us. During the closed beta period we have no expiration on access
tokens. This means that once a user approves your application it will
be allowed until the user explicitly revokes your access. This is one
of the many things we'll be soliciting feedback on during the closed
beta. That feedback may change things but I think that we will always
maintain a long time-to-live on those tokens. Re-authorizing
applications is confusing to users and is not in anyone's best interest.
Thanks;
— Matt Sanford / @mzsanford
[1] - http://apiwiki.twitter.com/FAQ#WhenwillTwittersupportOAuth
[2] - http://oauth.net/documentation/spec
[3] - http://www.hueniverse.com/hueniverse/2007/10/beginners-gui-1.html
On Feb 4, 2009, at 01:51 PM, Stuart wrote:
2009/2/4 Gustavo Melo <[email protected]>:
We need to understand how OAuth will affect ours app's...
Twitter authentication with username and password will totaly stop
work?
How many days we will have to change our app's?
And for me the most important question is, "OAuth before copmleted
authentication for user, return to my app some <Token Auth>"...
This Token
had some time o live right? What time is it? One day? One Week? One
Month?
This is really important for my app that was based on MO/SMS ! Once
the user
made the full process to authentication, i think will be better for
us
(developers) to receive a token with bigger time of life!
I don't speak for Twitter but from what I've heard so far...
Basic auth will continue to work for about 6 months so you'll have
plenty of time to change your apps to work with OAuth.
I would hope that OAuth tokens will last forever as they do with
Flickr for example. If not then it's going to be annoying for both
users and developers. Nobody has ever suggested they'll be time
limited.
-Stuart
--
http://stut.net/
