Raffi,

 

Twitter (corporate) are hardly in a position to start demanding the
rights to kill client apps at the moment.

 

But the sheep will head off to the slaughter without realizing whats
happening to them as they go. I think it's time for me to pass on
developing twitter apps. Anyone who wants to make me an offer for
www.MyPostButler.com <http://www.mypostbutler.com/>  can do so now
otherwise I'll be putting it up for sale on one of the auction sites by
Friday.

 

 

 

 

Cheers,

Dean

 

________________________________

From: twitter-development-talk@googlegroups.com
[mailto:twitter-development-t...@googlegroups.com] On Behalf Of Raffi
Krikorian
Sent: Wednesday, April 14, 2010 10:08 AM
To: twitter-development-talk@googlegroups.com
Subject: Re: [twitter-dev] Re: Basic Auth Deprecation

 

again - overly dramatic.  

 

everything i said above still stands - it provides transparency into the
traffic that applications generate (potentially audit trails for users,
better ways to squelch spammy apps, etc.), as well as provides some
security in that user's passwords are not being sent in the clear.

 

you can easily look for other examples of people using oauth for similar
situations - google is using oauth to allow applications access to mail,
etc.

        So basically you are saying Twitter wants a chokehold to block
apps they don't like which you don't currently have with basic auth. 

        Considering your recent purchase of a twitter client is that
really a message you want to be spreading at the moment?

        How about leaving it up to end users to make the decision about
which clients they do and don't use to access twitter. Restricting all
clients to oauth only is hardly going to give developers warm and fuzzy
feelings that with a single keystroke a client can be banned instantly
across the entire ecosystem.

         

        Or am I missing something?

         

         

         

         

        Cheers,

        Dean

         

        
________________________________


        From: twitter-development-talk@googlegroups.com
[mailto:twitter-development-t...@googlegroups.com] On Behalf Of Raffi
Krikorian
        Sent: Wednesday, April 14, 2010 8:59 AM
        To: twitter-development-talk@googlegroups.com
        Subject: Re: [twitter-dev] Re: Basic Auth Deprecation

         

        in my ideal world, nobody would have access to a user's password
except twitter.com -- oauth provides a framework so end applications are
not storing the actual password.  people are notoriously bad with using
the same password on lots of different sites.  additionally, oauth
provides twitter better visibility into the traffic coming into our
system, so we can better shape traffic needs, we can provide auditing
back to users on which applications are doing what actions on their
behalf, etc.

         

        On Wed, Apr 14, 2010 at 5:39 AM, Dean &#39;at&#39; Cognation dot
Net <d...@cognation.net> wrote:

        But why is oauth better than basic for a desktop client?
        
        i understand it for the webapps but on a desktop client whats
the
        point?
        
        Basically you are saying the desktop end user cant be trusted?
Sorry
        but that doesn't make any sense.
        
        
        
        Please explain.
        
        
        Cheers,
        Dean
        
        
        
        On Apr 14, 1:15 am, Taylor Singletary
<taylorsinglet...@twitter.com>
        wrote:

        > Basic auto being turned off means just that..
        >
        > Desktop clients can implement xAuth as an alternative, where
you do a
        > one-time exchange of login and password for an OAuth access
token and
        > continue from there signing your requests and doing things in
the
        > OAuth way. You'd no longer, as a best practice and one that I
would
        > stress in the upmost even on a desktop client, store the login
and
        > password beyond the xAuth access token negotiation step. If
the token
        > were revoked you would then query for the login and password
again and
        > so on and so on and also and also.
        >
        > Obtaining permission to use xAuth for desktop clients is as
easy as

        > sending a well-identified and verbose note to
a...@twitter.com.

        >
        > Basic auth had a good run. It's nearly time to say goodnight.
        >
        > Taylor
        >
        >
        >
        >
        >

        > On Tuesday, April 13, 2010, Dean Collins <d...@cognation.net>
wrote:
        > > Just so I understand this, applications running on the
desktop will still work correct? Basic functionality is only being
turned off for web apps correct? It's not like desktop apps will have to
start using oauth.
        >
        > > Cheers,
        >
        > > Dean
        >
        > > -----Original Message-----
        > > From: twitter-development-talk@googlegroups.com
[mailto:twitter-development-t...@googlegroups.com] On Behalf Of Dewald
Pretorius
        > > Sent: Tuesday, April 13, 2010 7:31 PM
        > > To: Twitter Development Talk
        > > Subject: [twitter-dev] Re: Basic Auth Deprecation
        >
        > > Could you please announce the hard turn off date somewhere
on one of
        > > your Twitter blogs about a month ahead of time, so that we
all have an
        > > official source to point our users to when we explain to
them why
        > > we're converting everything over to OAuth?
        >
        > > On Apr 13, 8:19 pm, Raffi Krikorian <ra...@twitter.com>
wrote:
        > >> we have announced deprecation, and will hard turn off basic
authentication
        > >> in june.  the exact date has not been set, but i presume it
will be later in
        > >> the month.
        >
        > >> Is Basic Auth going to be deprecated (as in hard
switched-off) in
        >
        > >> > June, or are you in June going to announce depracation,
with the hard
        > >> > switch-off then coming a few months later?
        >
        > >> --
        > >> Raffi Krikorian
        > >> Twitter Platform Teamhttp://twitter.com/raffi
        >
        > > --
        > > To unsubscribe, reply using "remove me" as the subject.
        >
        > --
        > Taylor Singletary

        > Developer Advocate, Twitterhttp://twitter.com/episod- Hide
quoted text -
        >
        > - Show quoted text -

        
        
        
        -- 
        Raffi Krikorian
        Twitter Platform Team
        http://twitter.com/raffi




-- 
Raffi Krikorian
Twitter Platform Team
http://twitter.com/raffi

Reply via email to