> > Could you explain how "OAuth Echo" works with OAuth WRAP/2.0? >
working on it -- expect to see another update on oauth echo on mehack tomorrow. > Would it be possible for you to skip the OAuth 1.0a version of Echo and > just deploy the WRAP/2.0 version? Otherwise, clients are going to get stuck > with having to implement BOTH versions, as some delegators will surely > implement only the OAuth 1.0a version, while others only implement the WRAP > version. Similarly, delegators will probably feel pressure to support both > versions, as some clients will only implement one or the other. > its definitely something that we've considered. i think, in reality, we're going to have to support both types as we don't yet have any notion on when/if we would deprecate oauth 1.0a -- in addition, not having oauth echo implemented for 1.0a, when we're pushing towards basic auth deprecation in june... all in all, this seems too complicated to not have in our 1.0a implementation. > xAuth vs. the WRAP username/password profile is not such a big problem > because client implements can just keep using Basic Auth until you support > the WRAP username/password profile, and skip xAuth completely (unless they > need to take advantage of the higher rate limits for xAuth). > the same goes with xAuth. -- Raffi Krikorian Twitter Platform Team http://twitter.com/raffi