> > Wrong. Basic Authentication will obviously ALWAYS be an option for > desktop clients, regardless of whether or not it is via API. > When are you going to turn off Basic Auth?
We would like to deprecate Basic Auth at some point to prevent security issues but no date has been set for that. We will not set a date for deprecation until several outstanding issues have been resolved. When we do set a date we plan to provide at least six months to transition. Can my application continue to use Basic Auth? There is no requirement to move to OAuth at this time. If/When a date is set for the deprecation of Basic Auth we will publish a notice on the API Development Talk. We will not set a date for deprecation until several outstanding issues have been resolved. When we do set a date we plan to provide at least six months to transition. Explain to me where it's obvious that basic auth will ALWAYS be an option for desktop clients. Furthermore, please explain to me what voodoo you employed while reading those statements to come to your conclusion. > I see, so then sites like mapmyrun and others that, for example, tweet > "Bob ran 10 miles today in 2 hours", "Bob ran 12 miles today in 1 > hour", and other templated text, are also in violation of the terms? > Or what about hootsuite where I can queue up 100 tweets with the exact > same text to fire off every hour, perhaps interspersed with a second > tweet? > Why on earth would people do that? Why on earth would you want to tweet the exact same text once an hour for 100 consecutive hours. What benefit could that POSSIBLY provide to the Twitter ecosystem? > > The bottom line is that this situation isn't as black and white as you > think, and Twitter's approach is wrong-headed. I disagree. I think it's pretty black and white. -- Internets. Serious business.