On 4/26/2010 4:55 PM, Raffi Krikorian wrote:
let's step back.

oAuth is the general framework that we want everybody to use.
  applications no longer have to store usernames and passwords, which is
"a good thing".

normally, to get access tokens, applications send users through the
oAuth workflow -- this means they bring up a webpage on twitter.com
<http://twitter.com>, enter username/password there, and then the oAuth
tokens are handed back to the application.

xAuth is a method for which to exchange usernames and passwords for
those tokens, without send the user through the workflow.  this is for
two reasons: 1. mobile/desktop application authors have complained that
it makes their UX fugly when they bring up a web browser (i'll hold my
opinions on this); and 2. web applications that have been storing
usernames and passwords need a method to "bulk convert" all their users
over to oauth tokens.  after that bulk conversion, web applications can
send new users through the oAuth web workflow.

does that clear things up?

Ah, I get it. It's sort of like a batch converter. Still, requiring an oAuth signature _before_ you cocnvert seems a bit like putting the cart ahead of the horse. And first you mention mobile/desktop applications, then you say that "after the bulk conversion, web applications can send new users. . .," What happened to the desktop/mobile apps?

Subscription settings: 

Reply via email to