Why is this an issue?

A few months ago, someone from Twitter I believe suggested a pattern
such as this:

User starts to create an account on your site
To enable the Twitter integration, you send them to Twitter.com *once*
where they allow your app.
You store their token and log the user in to your site with a
temporary password you generate, that they can change. You might
collect their email address this way.
>From then on, they never have to go to Twitter.com. They can interact
with Twitter via your app, using your website, email, sms, etc.

Of course, with the massive use of your site that you claim, it won't
be long before your site is listed by Websense and the various evil
governments mentioned above.

On Aug 14, 1:04 am, TheGuru <jsort...@gmail.com> wrote:
> Is there no one from Twitter proper who has a position regarding this?
>
> On Aug 13, 2:12 pm, TheGuru <jsort...@gmail.com> wrote:
>
> > Add that to the list of even more reasons why this is an issue.
>
> > However, even stating oh well, tell them to use their cell phones,
> > obviously isn't a solution of any degree.  Smart Phone penetration in
> > the US, for example, is still less than 20%...
>
> > On Aug 13, 9:43 am, earth2marsh <ma...@earth2marsh.com> wrote:
>
> > > At least "people at work" have the potential to use phones to access
> > > Twitter…
>
> > > I'm worried about users like those in China behind The Great Firewall.
> > > Currently, they can interact with Twitter by using proxies and http
> > > basic auth. But OAuth requires access to twitter.com (or some sort of
> > > mediation). xAuth could be a solution, but there is already a shortage
> > > of clients that support alternate endpoints, and some of those use
> > > OAuth instead of xAuth (or neither).
>
> > > When basic auth is shut off, who knows how many Chinese voices will
> > > fall silent… or in North Korea. Or in Iran. Or in …?
>
> > > I'm interested in hearing what others think about this.
>
> > > Marsh
>
> > > On Aug 12, 10:31 pm, TheGuru <jsort...@gmail.com> wrote:
>
> > > > I'm curious to post this question to see if Twitter has fully thought
> > > > out the impact of forcing OAuth onto their API applications.  While it
> > > > may appear to be a more secure method preferred in principle by users,
> > > > the fact of the matter is that one of the main benefits of the API, is
> > > > the ability for third party twitter alternatives to be created, thus
> > > > allowing people to tweet during "business hours", when they normally
> > > > could not due to firewall / web sense restrictions, etc, that prevent
> > > > them from accessing the twitter.com domain.
>
> > > > Via basic authentication, users would never have to visit twitter.com
> > > > to login and gain access to twitter functionality via api clients.  By
> > > > shutting this down, you are now forcing ALL potential users to login
> > > > via twitter.com, many of which do not have access to this domain in
> > > > their workplace environment, thus excluding them from easily using
> > > > your service wholesale.
>
> > > > This can / will, I suspect, have significant impact on twitter usage /
> > > > volume, unless I am missing something and there is an alternative the
> > > > does not require them to directly access the twitter.com domain to
> > > > grant access.
>
>

Reply via email to