While that may be true in a more generic sense, I think that for most of us
on this mailinglist, the core functionality of our apps depends on Twitter
being up and available... So for me there's really little point in
authenticating users when Twitter is down and my app doesn't provide its
core functionality...

But anyways, this is all slightly OT.

The reality is, oAuth is Twitter's preferred authentication protocol, it
will soon be the only one, and it lacks delegation, ie. anyone who's
providing APIs to 3rd parties (twitpic, twitvid, yfrog, anyone!) are going
to be SOL once basic auth is deprecated unless Twitter provides some form or
oAuth delegation... And for those of us not providing basic autha and
already using oauth exclusively, we're already SOL, as we can't provide, nor
consume APIs that require basic authentication.

Time to re-start this discussion please...


On 11/30/09 5:43 PM, "Dewald Pretorius" <dpr...@gmail.com> wrote:

> I know some people will kick my shins over this, but I would not
> recommend using Twitter OAuth (or Facebook Connect for that matter) as
> the primary mechanism for logins to your own site.
> 
> Why would one expose your site to the stability, availability,
> temperament, and good graces of another service over which you have no
> control? If they are down, or for some reason they blocked you, your
> app is dead in the water (nobody can login), even if there is
> functionality that does not depend on API calls to the external
> service. You may have a lot of things cached so that your site can
> function even when Twitter OAuth is on the blink. That helps you
> nothing if you depend on Twitter OAuth for user logins to your site.
> 
> On Nov 30, 9:03 pm, Michael Steuer <mste...@gmail.com> wrote:
>> To all who are wondering about this - I raised this issue and some
>> suggestions a while back, got 1 response from Twitter, but when I asked the
>> dev community who else struggles with this, it was awfully silent (perhaps
>> people hoping Twitter would never deprecate basic auth)... See this thread:
>> 
>> http://groups.google.com/group/twitter-development-talk/browse_frm/th...
>> 5632554444efcb
>> 
>> On 11/30/09 4:48 PM, "Brian Morearty" <bmorea...@gmail.com> wrote:
>> 
>>> Thanks for asking. I was just wondering the same thing. :-)
>> 
>>> On Nov 30, 3:19 pm, "LeeS - @semel" <lse...@gmail.com> wrote:
>>>> Here's the situation:
>> 
>>>> My app lets users OAuth via Twitter as their login.  Simple and
>>>> standard.
>> 
>>>> Now, I've created an API for my app.  I want other apps, say Twitter
>>>> clients, to be able to use my app, as if they are one of my app's
>>>> users.  What's the best way to let the user authorize that app to use
>>>> my app?  Do I have to implement OAuth myself, and then have the user
>>>> OAuth twice, once into my app and once into Twitter via my app to let
>>>> my app access Twitter?  That's a lot of screens for the user to go
>>>> through.
>> 
>>>> I'm curious how you'd handle this, and if there's a simpler solution.
>> 
>>>> Lee


Reply via email to