I know it's a compromise. But, it does serve the needs of a very large
number of users.

Maybe you could monitor the authentication profile of a web app. If it
uses more XAuth than OAuth, then you know you need to contact the
owner. Or, you can set an automated percentage threshold, such as
"XAuth authentications from a particular consumer key cannot exceed
25% of all authentications from that key."

On Apr 26, 9:36 am, Raffi Krikorian <ra...@twitter.com> wrote:
> > One solution, which I know won't win the popularity prize, is for
> > Twitter to relax its XAuth restrictions and allow web apps to use full
> > OAuth and/or XAuth, depending on what works best for them.
> > In my case, I will still use full OAuth because it's so much better
> > than dealing with Twitter credential issues. But, I will add a small
> > link below the Twitter authorize button on my site that says something
> > like, "Can't get to Twitter.com?" which then leads to a username-
> > password entry form, and then triggers an XAuth authorization.
> unfortunately, this defeats the purpose of oauth :(
> http://mehack.com/xauth-and-perhaps-the-need-for-socializing-ap
> --
> Raffi Krikorian
> Twitter Platform Teamhttp://twitter.com/raffi
> --
> Subscription 
> settings:http://groups.google.com/group/twitter-development-talk/subscribe?hl=en

Reply via email to