short answer: oauth is for delegated authentication; I'm using direct
authentication of my own account. Both are valid use cases, so in my
opinion the source parameter should continue to work for the second
use case (I can't find a good reason to only support it for delegated

Besides; all the examples you mention are for delegated
authentication; it would be weird to have a headless system that is
working as a service implement an oauth scheme.


On Sep 14, 12:09 pm, Andrew Badera <and...@badera.us> wrote:
> With all the freely available examples, and all the freely available
> documentation and support available through oauth.net, what's stopping
> you from cranking out an OAuth client implementation in <2 hours?
> OAuth helps prevent, or at least make obvious for the time being,
> spammers. HTTP Basic Auth has no value here.
> ∞ Andy Badera
> ∞ +1 518-641-1280
> ∞ This email is: [ ] bloggable [x] ask first [ ] private
> ∞ Google me:http://www.google.com/search?q=andrew%20badera
> On Mon, Sep 14, 2009 at 1:48 AM, Ivo <i...@epointment.com> wrote:
> > Hi,
> > the developer wiki mentions that the source parameter is no longer
> > recommended, because using oauth, twitter can already know the source
> > of messages.
> > However, there are a few use case scenario's that are limited if
> > source is only available through oauth.
> > Oauth is all about delegated authentication. It's about the user
> > granting access to his resources to a service.
> > There are services out there that do not use the user's credentials at
> > all, but use their own account. E.g. I built flackr.net, and it logs
> > in with its own @flackr account to follow its own timeline and
> > aggregate news on a website. I don't need user's credentials at all
> > for that. The Flackr backend is autonomous and runs on a server that
> > has no web frontend, it just fetches data and processes it. It does
> > send out tweets when it has aggregated something interesting.
> > If I were to use oauth in this scenario I would have to build in full
> > oauth support in my backend script, only to login once with my own
> > account to grant myself access.  Since this is not about delegated
> > access, I don't need oauth and can authenticate against twitter
> > directly.
> > This is a perfectly good use case scenario, and the source parameter
> > would have to stay in order to support this use case scenario while
> > still providing a different source.

Reply via email to