Read Raffi's post from a few hours ago entitled "What's up with OAuth?"
where he describes xAuth. Also, look at the OAuth WRAP draft
specification, which defines something very similar to xAuth. In the
(near) future, Twitter-approved applications will be able to get OAuth
authorized with just the user's username and password, without forcing
the user to visit the Twitter website. After they are authorized, they
can proxy their requests like before. The proxies will undoubtedly need
to be modified, but the modifications will not be too bad.
Basically, a API proxy script works as a middleman between twitter and
twitter client, little like man-in-the-middle attack.It's possible to
do this if the authentication is made in HTTP basic auth.But there is
no way to do the same thing with OAuth. The base string of an OAuth
request contains the domain of the HTTP request, so all client
developers modify their code if they want to suite the need of API
This is really a disaster for all Chinese twitter users.