> For an end user, OAuth is generally speaking much friendlier for pretty much > every application type, iPhone, desktop, or web.
>From my chair, OAuth is a fantastic solution to authenticate *other web apps*. OAuth anywhere else, desktop, iPhone, laundry machine, makes me want to chip away a hole in my skull with a dull screwdriver, jab a straw into my head, and drink my own brain matter. No, seriously. When I launch a desktop app, I want to type in my username and password. That's it. If I launch a Twitter client on my iPhone, I don't want to have to quit the frickin' app to authenticate in Safari, then go *back* to the app when I'm done. Sure I could bring up an embedded web view, but UIWebView is a flakey hunk of junk, and it's no more secure than letting the user type the password into a native field directly because I would *own the web view and can get at any info the users types in anyway*. Hell, it's not even any more secure on the desktop... I just install a key listener and wait for you to type in a password into your browser. Ok, I'm holding myself back from ranting. I guess my point is this: OAuth sucks hardcore for everything except other web apps. Oh, and Twitter guys: I can't thank you guys enough for keeping around basic auth. Thank you thank you thank you.
