Letting a mobile/desktop app grab an OAuth token using the user’s
username/password is still helpful because then they can store the token
instead of the username/password, which is a big deal when there’s no really
secure way to store it. Also, if your mobile phone/laptop gets stolen, you can
still log in via the Twitter website and revoke access from the apps installed
on your phone/laptop. If the app just used basic auth then the only way to
revoke access would be to change your password. But, whoever stole your
phone/laptop could have changed your password first (if the app was using Basic
auth), and you’re locked out of your account.
So, a way to log in with basic auth and grab a OAuth token would can still be
But it completely subverts the point of OAuth, because it lets a third party
have your password. Why even use OAuth in that case?