Hey Alex, Another thing I was thinking about was specifically for AIR-based apps (and I guess, to a larger degree, any desktop app) with regards to the consumer secret.
If that's included in the desktop app, especially in a SWF for AIR apps, it's basically open to the world. So another app could use the consumer secret. Based on your response, I'm assuming that any new desktop client should implement oAuth as the only means of auth since the switch will definitely happen at some point. Thanks, Aral On Feb 17, 8:46 pm, Alex Payne <[email protected]> wrote: > Eventually, once we've got user experience solutions that work for the > 80% case, we'll be moving off of Basic Auth entirely. But not before > desktop app developers are happy. It's going to take some > experimenting, but I'm sure that we can find some good solutions > between the smart folks in this community and those in the greater > OAuth/web standards community. > > OAuth doesn't prevent evil folks from shipping Twitter apps that might > be trojans, but it does allow us here at the Mother Ship to revoke > their ability to talk to the Twitter API. That means less spam/"SEO" > tools, and a short time-to-live for applications that are discovered > to be malicious. <snip>
