I know some people will kick my shins over this, but I would not
recommend using Twitter OAuth (or Facebook Connect for that matter) as
the primary mechanism for logins to your own site.

Why would one expose your site to the stability, availability,
temperament, and good graces of another service over which you have no
control? If they are down, or for some reason they blocked you, your
app is dead in the water (nobody can login), even if there is
functionality that does not depend on API calls to the external
service. You may have a lot of things cached so that your site can
function even when Twitter OAuth is on the blink. That helps you
nothing if you depend on Twitter OAuth for user logins to your site.

On Nov 30, 9:03 pm, Michael Steuer <mste...@gmail.com> wrote:
> To all who are wondering about this - I raised this issue and some
> suggestions a while back, got 1 response from Twitter, but when I asked the
> dev community who else struggles with this, it was awfully silent (perhaps
> people hoping Twitter would never deprecate basic auth)... See this thread:
> http://groups.google.com/group/twitter-development-talk/browse_frm/th...
> 5632554444efcb
> On 11/30/09 4:48 PM, "Brian Morearty" <bmorea...@gmail.com> wrote:
> > Thanks for asking. I was just wondering the same thing. :-)
> > On Nov 30, 3:19 pm, "LeeS - @semel" <lse...@gmail.com> wrote:
> >> Here's the situation:
> >> My app lets users OAuth via Twitter as their login.  Simple and
> >> standard.
> >> Now, I've created an API for my app.  I want other apps, say Twitter
> >> clients, to be able to use my app, as if they are one of my app's
> >> users.  What's the best way to let the user authorize that app to use
> >> my app?  Do I have to implement OAuth myself, and then have the user
> >> OAuth twice, once into my app and once into Twitter via my app to let
> >> my app access Twitter?  That's a lot of screens for the user to go
> >> through.
> >> I'm curious how you'd handle this, and if there's a simpler solution.
> >> Lee

Reply via email to