Another advantage is that if a third party application's database is breached, all of the stored usernames and passwords would be exposed. If the third party application was using oauth, the access token and secret pairs are only useable if the consumer key/secret pair are found and these can be easily reset.
On May 18, 2:56 pm, Adam Ness <adam.n...@gmail.com> wrote: > The advantage to the end user of oAuth is that the client application > doesn't need the user's password anymore, the user's passwords are exchanged > ONLY with twitter, and cannot be sniffed/stored/whatever by the client > application. There is a very strong security advantage. > > On Mon, May 18, 2009 at 7:30 AM, H.Hiro(Maraigue) > <marai...@mail.goo.ne.jp>wrote: > > > > > > > Hello, > > > I COULD NOT UNDERSTAND why Twitter so much encourages OAuth, in spite > > of costing API users. > > > I read the section "What Does OAuth Give Me? (a.k.a. Why Bother?)" of > > this article: > >http://apiwiki.twitter.com/OAuth+Example+-+Ruby, > > but I could not find what is the advantage of using OAuth *for client- > > software makers* . > > > Client softwares must know end-users'(i.e. account holders') login > > names and passwords, so I think there aren't more advantage of using > > OAuth than basic-auth.
