Why are you Twitter guys pushing xAuth so hard? Even for new desktop
clients? Instead of recommending a proper oAuth flow with PIN or such?
I understood its main purpose is to help legacy clients with
transition, and new clients should do proper oAuth.

One argument I have seen is that oAuth has usability problems. I would
like to see more substance around this statement beyond just
developers thinking out loud. I have implemented oAuth in @cremeapp
(ok, it uses in-app browser instead of separate, but otherwise it is
the proper PIN flow) and not a single person has complained. I see
from usage numbers that people breeze through the oAuth authentication
just fine. I was expecting worse, but it's fine. It comes down to
proper UI design and clarity of instructions.


On Apr 14, 1:15 am, Taylor Singletary <taylorsinglet...@twitter.com>
> Basic auto being turned off means just that..
> Desktop clients can implement xAuth as an alternative, where you do a
> one-time exchange of login and password for an OAuth access token and
> continue from there signing your requests and doing things in the
> OAuth way. You'd no longer, as a best practice and one that I would
> stress in the upmost even on a desktop client, store the login and
> password beyond the xAuth access token negotiation step. If the token
> were revoked you would then query for the login and password again and
> so on and so on and also and also.
> Obtaining permission to use xAuth for desktop clients is as easy as
> sending a well-identified and verbose note to a...@twitter.com.
> Basic auth had a good run. It's nearly time to say goodnight.
> Taylor
> On Tuesday, April 13, 2010, Dean Collins <d...@cognation.net> wrote:
> > Just so I understand this, applications running on the desktop will still 
> > work correct? Basic functionality is only being turned off for web apps 
> > correct? It's not like desktop apps will have to start using oauth.
> > Cheers,
> > Dean
> > -----Original Message-----
> > From: twitter-development-talk@googlegroups.com 
> > [mailto:twitter-development-t...@googlegroups.com] On Behalf Of Dewald 
> > Pretorius
> > Sent: Tuesday, April 13, 2010 7:31 PM
> > To: Twitter Development Talk
> > Subject: [twitter-dev] Re: Basic Auth Deprecation
> > Could you please announce the hard turn off date somewhere on one of
> > your Twitter blogs about a month ahead of time, so that we all have an
> > official source to point our users to when we explain to them why
> > we're converting everything over to OAuth?
> > On Apr 13, 8:19 pm, Raffi Krikorian <ra...@twitter.com> wrote:
> >> we have announced deprecation, and will hard turn off basic authentication
> >> in june.  the exact date has not been set, but i presume it will be later 
> >> in
> >> the month.
> >> Is Basic Auth going to be deprecated (as in hard switched-off) in
> >> > June, or are you in June going to announce depracation, with the hard
> >> > switch-off then coming a few months later?
> >> --
> >> Raffi Krikorian
> >> Twitter Platform Teamhttp://twitter.com/raffi
> > --
> > To unsubscribe, reply using "remove me" as the subject.
> --
> Taylor Singletary
> Developer Advocate, Twitterhttp://twitter.com/episod

Reply via email to