Simple answer: because people in china can't even get to *once*.


On 8/14/10 4:37 PM, Ken wrote:
> Why is this an issue?
> A few months ago, someone from Twitter I believe suggested a pattern
> such as this:
> User starts to create an account on your site
> To enable the Twitter integration, you send them to *once*
> where they allow your app.
> You store their token and log the user in to your site with a
> temporary password you generate, that they can change. You might
> collect their email address this way.
> From then on, they never have to go to They can interact
> with Twitter via your app, using your website, email, sms, etc.
> Of course, with the massive use of your site that you claim, it won't
> be long before your site is listed by Websense and the various evil
> governments mentioned above.
> On Aug 14, 1:04 am, TheGuru <> wrote:
>> Is there no one from Twitter proper who has a position regarding this?
>> On Aug 13, 2:12 pm, TheGuru <> wrote:
>>> Add that to the list of even more reasons why this is an issue.
>>> However, even stating oh well, tell them to use their cell phones,
>>> obviously isn't a solution of any degree.  Smart Phone penetration in
>>> the US, for example, is still less than 20%...
>>> On Aug 13, 9:43 am, earth2marsh <> wrote:
>>>> At least "people at work" have the potential to use phones to access
>>>> Twitter…
>>>> I'm worried about users like those in China behind The Great Firewall.
>>>> Currently, they can interact with Twitter by using proxies and http
>>>> basic auth. But OAuth requires access to (or some sort of
>>>> mediation). xAuth could be a solution, but there is already a shortage
>>>> of clients that support alternate endpoints, and some of those use
>>>> OAuth instead of xAuth (or neither).
>>>> When basic auth is shut off, who knows how many Chinese voices will
>>>> fall silent… or in North Korea. Or in Iran. Or in …?
>>>> I'm interested in hearing what others think about this.
>>>> Marsh
>>>> On Aug 12, 10:31 pm, TheGuru <> wrote:
>>>>> I'm curious to post this question to see if Twitter has fully thought
>>>>> out the impact of forcing OAuth onto their API applications.  While it
>>>>> may appear to be a more secure method preferred in principle by users,
>>>>> the fact of the matter is that one of the main benefits of the API, is
>>>>> the ability for third party twitter alternatives to be created, thus
>>>>> allowing people to tweet during "business hours", when they normally
>>>>> could not due to firewall / web sense restrictions, etc, that prevent
>>>>> them from accessing the domain.
>>>>> Via basic authentication, users would never have to visit
>>>>> to login and gain access to twitter functionality via api clients.  By
>>>>> shutting this down, you are now forcing ALL potential users to login
>>>>> via, many of which do not have access to this domain in
>>>>> their workplace environment, thus excluding them from easily using
>>>>> your service wholesale.
>>>>> This can / will, I suspect, have significant impact on twitter usage /
>>>>> volume, unless I am missing something and there is an alternative the
>>>>> does not require them to directly access the domain to
>>>>> grant access.

Reply via email to