One solution, which I know won't win the popularity prize, is
for
        Twitter to relax its XAuth restrictions and allow web apps to
use full
        OAuth and/or XAuth, depending on what works best for them.
        
        In my case, I will still use full OAuth because it's so much
better
        than dealing with Twitter credential issues. But, I will add a
small
        link below the Twitter authorize button on my site that says
something
        like, "Can't get to Twitter.com?" which then leads to a
username-
        password entry form, and then triggers an XAuth authorization.

 

>unfortunately, this defeats the purpose of oauth :(

 

>http://mehack.com/xauth-and-perhaps-the-need-for-socializing-ap

 

-- 
>Raffi Krikorian
>Twitter Platform Team
>http://twitter.com/raffi

 

 

 

 

But for a desktop client it doesn't really matter now does it?

 

I'm still not buying it that oauth is going add any value for desktop
clients with regards to password security. Basically you are now storing
token in the desktop client instead of password.

 

Same difference if you are worried about the end users pc getting
hacked.

 

 

 

 

Cheers,

Dean

 

 



-- 
Subscription settings: 
http://groups.google.com/group/twitter-development-talk/subscribe?hl=en

Reply via email to