Hi, I was generally sceptical about it, but from an application management point of view I no longer have to manage the users account (from the point of view of expired passwords etc - this was a major hassle for me, if a users password expires, they are not making use of my services), the other point, is that there is a perception of greater security by the general public so users are more willing to use your apps - obviously, there is still risk, I could for instance still post adverts to your twitter stream, however 1) you would now know it was my app that did it and 2) as an app developer I can't change your account settings (email and passwords etc) anymore - which I could have done if I was so inclind if I had your username and password.
There is also the ability in the future for Twitter to monitor apps better and provide stats back to the users and developers on these apps, since they are all now registered, for instance you know exactly if Twollo did the friendship/create request that might look suspect or if it was another app. In the past you could get an application key but that didn't help because not all apps would need the key. My original concerns werent oauth per-se, but the authentication process that I and alot of other twitter developers implement, that is using Twitter as an authentication provider, however the Twitter team have done a lot of good work to make this process very smooth. I for one now welcome our oauth overlords. Paul. 2009/5/18 Andrew Badera <[email protected]> > > The advantage is in user and service security ... I'd think that was > obvious. What is your problem with it? What "costs" do you see? OAuth > is easy. > > Thanks- > - Andy Badera > - [email protected] > - Google me: http://www.google.com/search?q=andrew+badera > - This email is: [ ] bloggable [x] ask first [ ] private > > > > On Mon, May 18, 2009 at 10:30 AM, H.Hiro(Maraigue) > <[email protected]> wrote: > > > > Hello, > > > > I COULD NOT UNDERSTAND why Twitter so much encourages OAuth, in spite > > of costing API users. > > > > I read the section "What Does OAuth Give Me? (a.k.a. Why Bother?)" of > > this article: > > http://apiwiki.twitter.com/OAuth+Example+-+Ruby , > > but I could not find what is the advantage of using OAuth *for client- > > software makers* . > > > > Client softwares must know end-users'(i.e. account holders') login > > names and passwords, so I think there aren't more advantage of using > > OAuth than basic-auth. > > >
