One solution, which I know won't win the popularity prize, is
        Twitter to relax its XAuth restrictions and allow web apps to
use full
        OAuth and/or XAuth, depending on what works best for them.
        In my case, I will still use full OAuth because it's so much
        than dealing with Twitter credential issues. But, I will add a
        link below the Twitter authorize button on my site that says
        like, "Can't get to" which then leads to a
        password entry form, and then triggers an XAuth authorization.


>unfortunately, this defeats the purpose of oauth :(




>Raffi Krikorian
>Twitter Platform Team





But for a desktop client it doesn't really matter now does it?


I'm still not buying it that oauth is going add any value for desktop
clients with regards to password security. Basically you are now storing
token in the desktop client instead of password.


Same difference if you are worried about the end users pc getting









Subscription settings:

Reply via email to