We've got a project lined up to come up with an answer for OAuth app delegation problem. We haven't done a deep dive into what the approach might be yet so we don't have any ideas yet. Would be glad to have the conversation with those who are interested and have ideas.
On Thu, Nov 5, 2009 at 4:20 PM, Michael Steuer <mste...@gmail.com> wrote: > Does Twitter (or anyone else) have thoughts around the lack of delegation in > Oauth and the announced deprecation of basic authentication? Currently, to > enable an API that allows web services to interact with Twitter on its > behalf (e.g. TwitPic, yFrog, etc.) one has to rely on basic authentication > (the twitter client passing the user’s username & password to the web > services API), as delegation is not possible via Oauth... If a user > authenticates with my application via Oauth, there’s no way I can have a 3rd > party API do anything on behalf of that user... > > Similarly, if I want to develop an API to my Twitter web service, I would > have to develop that with basic authentication, but what’s the point: > > knowing that basic auth is going to be deprecated in the (near) future > so many apps are now based on oauth and wouldn’t be able to use my API > because they can’t authenticate > > I’m sure other devs have run into this. Does Twitter have any thoughts > around this? How do you expect to maintain a 3rd party app/API eco system > after basic auth deprecation? > > Looking forward to everyone’s feedback.. -- Marcel Molina Twitter Platform Team http://twitter.com/noradio