Here's an idea: let's reverse engineer the top desktop and mobile
Twitter apps and use their oAuth keys to... Oh, wait, my bad: the top
desktop/mobile apps _don't_ use oAuth and boy will they take a UX
beating when they start.
But one day... :)
oAuth for desktop and mobile: making security through obscurity fun
Sent from my iPhone
On 2 Feb 2010, at 07:55, Dave Sherohman <d...@fishtwits.com> wrote:
On Mon, Feb 01, 2010 at 08:29:18PM +0000, Aral Balkan wrote:
I would really love to have a comment on from you guys for the blog
writing: is Twitter actively discouraging the creation of new
I'm not Raffi. I don't even work for Twitter. But I am very
that the purpose of their policy regarding source params has nothing
do with penalizing anyone or actively discouraging the creation of new
I _really_ hope you can reconsider this as I see no logic
The logic is very simple:
OAuth provides Twitter with the ability to identify the sending
Basic Auth does not.
Therefore, Basic Auth source params are easily forged, allowing apps
trivially impersonate each other, which is clearly undesirable.
(Unfortunately, this logic is not watertight, in that desktop/mobile
apps are vulnerable to having their OAuth keys extracted from them, in
which case they could still be impersonated, but that's the reasoning
I've seen given previously for the policy.)