> Sorry for chiming in on this late by I have been working with > @mrtall on the OAuth code. Your first question about allowing OAuth > and Basic Auth to co-exist is one we've covered a few times in this > group but it's sort of buried in the documentation [1]. We plan to > keep Basic Auth available for six months after the public launch of > OAuth. The idea with this overlap period is so people have plenty of > time to migrate applications.
I'm still (softly) repeating the hope that this will be extended, even if the Basic Auth API remains deprecated and static. An OAuth workflow is constrained for desktop apps, and for apps that aren't or can't use a web browser (in my case, text-mode twitter clients; other cases include all those little curl scripts posting monitoring information, task status, etc.), OAuth won't work at all. I fully support OAuth, but where appropriate. I think Ed Finkler said it best when he said the breadth of Twitter applications currently extant wouldn't exist were it not for a low barrier to entry. OAuth makes sense in many places, but it doesn't make sense everywhere, and I hope alternate methods of authentication remain possible even if they are intentionally limited to steer preferred traffic to an OAuth workflow. Otherwise I suspect the ecosystem "outside the browser" will be greatly reduced. -- ------------------------------------ personal: http://www.cameronkaiser.com/ -- Cameron Kaiser * Floodgap Systems * www.floodgap.com * [email protected] -- Critics are the unpaid guardians of my soul. -- E. Stanley Jones -----------
