I like oAuth because for both Twitter and me as a developer, it
associates the request with both the user and app. As a developer, I
have a bunch of apps and I can go to twitter.com/oauth to see the
number of users that have used each app. (One thing that I noticed -
the number goes down sometimes??? Why is that?) Twitter can do things
like block rogue apps, analyze popularity easily etc.
On Apr 14, 8:58 am, Raffi Krikorian <ra...@twitter.com> wrote:
> in my ideal world, nobody would have access to a user's password except
> twitter.com -- oauth provides a framework so end applications are not
> storing the actual password. people are notoriously bad with using the same
> password on lots of different sites. additionally, oauth provides twitter
> better visibility into the traffic coming into our system, so we can better
> shape traffic needs, we can provide auditing back to users on which
> applications are doing what actions on their behalf, etc.
> On Wed, Apr 14, 2010 at 5:39 AM, Dean 'at' Cognation dot Net <
> d...@cognation.net> wrote:
> > But why is oauth better than basic for a desktop client?
> > i understand it for the webapps but on a desktop client whats the
> > point?
> > Basically you are saying the desktop end user cant be trusted? Sorry
> > but that doesn't make any sense.
> > Please explain.
> > Cheers,
> > Dean
> > On Apr 14, 1:15 am, Taylor Singletary <taylorsinglet...@twitter.com>
> > wrote:
> > > Basic auto being turned off means just that..
> > > Desktop clients can implement xAuth as an alternative, where you do a
> > > one-time exchange of login and password for an OAuth access token and
> > > continue from there signing your requests and doing things in the
> > > OAuth way. You'd no longer, as a best practice and one that I would
> > > stress in the upmost even on a desktop client, store the login and
> > > password beyond the xAuth access token negotiation step. If the token
> > > were revoked you would then query for the login and password again and
> > > so on and so on and also and also.
> > > Obtaining permission to use xAuth for desktop clients is as easy as
> > > sending a well-identified and verbose note to a...@twitter.com.
> > > Basic auth had a good run. It's nearly time to say goodnight.
> > > Taylor
> > > On Tuesday, April 13, 2010, Dean Collins <d...@cognation.net> wrote:
> > > > Just so I understand this, applications running on the desktop will
> > still work correct? Basic functionality is only being turned off for web
> > apps correct? It's not like desktop apps will have to start using oauth.
> > > > Cheers,
> > > > Dean
> > > > -----Original Message-----
> > > > From: firstname.lastname@example.org [mailto:
> > twitter-development-t...@googlegroups.com] On Behalf Of Dewald Pretorius
> > > > Sent: Tuesday, April 13, 2010 7:31 PM
> > > > To: Twitter Development Talk
> > > > Subject: [twitter-dev] Re: Basic Auth Deprecation
> > > > Could you please announce the hard turn off date somewhere on one of
> > > > your Twitter blogs about a month ahead of time, so that we all have an
> > > > official source to point our users to when we explain to them why
> > > > we're converting everything over to OAuth?
> > > > On Apr 13, 8:19 pm, Raffi Krikorian <ra...@twitter.com> wrote:
> > > >> we have announced deprecation, and will hard turn off basic
> > authentication
> > > >> in june. the exact date has not been set, but i presume it will be
> > later in
> > > >> the month.
> > > >> Is Basic Auth going to be deprecated (as in hard switched-off) in
> > > >> > June, or are you in June going to announce depracation, with the
> > hard
> > > >> > switch-off then coming a few months later?
> > > >> --
> > > >> Raffi Krikorian
> > > >> Twitter Platform Teamhttp://twitter.com/raffi
> > > > --
> > > > To unsubscribe, reply using "remove me" as the subject.
> > > --
> > > Taylor Singletary
> > > Developer Advocate, Twitterhttp://twitter.com/episod-Hide quoted text -
> > > - Show quoted text -
> Raffi Krikorian
> Twitter Platform Teamhttp://twitter.com/raffi