One solution, which I know won't win the popularity prize, is for Twitter to relax its XAuth restrictions and allow web apps to use full OAuth and/or XAuth, depending on what works best for them. In my case, I will still use full OAuth because it's so much better than dealing with Twitter credential issues. But, I will add a small link below the Twitter authorize button on my site that says something like, "Can't get to Twitter.com?" which then leads to a username- password entry form, and then triggers an XAuth authorization.
>unfortunately, this defeats the purpose of oauth :( >http://mehack.com/xauth-and-perhaps-the-need-for-socializing-ap -- >Raffi Krikorian >Twitter Platform Team >http://twitter.com/raffi But for a desktop client it doesn't really matter now does it? I'm still not buying it that oauth is going add any value for desktop clients with regards to password security. Basically you are now storing token in the desktop client instead of password. Same difference if you are worried about the end users pc getting hacked. Cheers, Dean -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en