> Leveling the playing field is "elephant in the room" easy:
> Immediately ignore the source parameter on all Basic Auth calls. Right
> now. It's a 5-second coding job.
Twitter has announced plans (see @ev's announcement in Dec.) to do almost
exactly that come June. Not quite instant gratification, but June is sooner
than you think.
But two big questions remain:
1. Will Twitter add OAuth additions that allow for alternative credential
exchange? (in plain English: username/password on desktop) Raffi has hinted
at this previously (source: details ), but few details have emerged.
2. Will Twitter overlook less-than-perfect implementations that improve UX?
(i.e. screen scraping the PIN, internal browsers, etc.) So far these practices
seem to be flying under the radar in a few clients, but will that change when
the big guys enter the game?
We'll know the answers in June. It should be fun to watch and make for some
lively forum threads. Bring popcorn and stand clear of the flames. ;-)