First of all I agree wholeheartedly with the philosophy of shifting control to users and Twitter. I disagree with the details of the implementation. (In particular using the browser as a crutch).
> Ah, but then your application would have the user's password. I can get the users password anyway. As a native app, I can do pretty much whatever I want. > The scheme you propose is a good intermediary step for a transition, > but not as a long term solution. Agree. As described before, I think the long-term solution is a blessed OS-provided authentication gateway to replace the "browser" in the OAuth equation. And there's no reason why it needs to be limited to a GUI. A command-line authentication gateway would be possible too. > > From the user's perspective, it's just as easy as OAuth. > Although much harder to revoke! Agree as well, I don't have a good solution to this (until the OS- provided auth gateway thing...) Loren
