So, what happen if this third party expose to others app this generated key? They will acess your account too? If this key can be just used for one app (maybe lock for one IP) the user will need generated always a new key for one app? (Go to twitter page, log in, acess New Keys, generate a new key, and give to the app)
On Thu, Feb 5, 2009 at 10:37 AM, Ninjamonk <[email protected]> wrote: > > Have you guys considered maybe tweaking the basic auth system to > something like what friendfeed has. > > Each user could be given a third party system generated key to use > instead of a password and then basic auth could still be used and not > tired to the system password. > > If the user felt their account had been compromised by an app they > could just generate a new code and also this would protect the users > account from hijacking. > > I know you don't want to have 2 different systems for auth but this > could be used for legacy apps and for use cases like funkatron > mentioned earlier in the thread. > > Cheers > > -- ---------------------------------- Analista Desenvolvedor www.espacodj.com
