Web Images Videos Maps News Shopping Gmail more »
Recently Visited Groups | Help | Sign in
Google Groups Home
Twitter Development Talk
Home
+ new post
About this group
Join this group
Message from discussion a simple workaround for lack of OAuth
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
Alex Payne  
View profile  
 More options Nov 24 2008, 5:05 pm
From: "Alex Payne" <a...@twitter.com>
Date: Mon, 24 Nov 2008 17:05:19 -0500
Local: Mon, Nov 24 2008 5:05 pm
Subject: Re: a simple workaround for lack of OAuth
Reply to author | Forward | Print | View thread | Show original | Report this message | Find messages by this author
We're currently waiting on our User Experience team to put the final
touches on a BETA release of our OAuth support.  It's going to have
bugs, to be sure, but we should have it out there soon.

On Mon, Nov 24, 2008 at 12:53, Stut <stut...@gmail.com> wrote:

> On 24 Nov 2008, at 15:13, fastest963 wrote:

>> A better alternative would be to just create an API key for
>> every user. Instead of entering username/password, they would enter
>> their secret API key?

> This is far less secure than OAuth and is actually not much better than
> requiring a username and password.

> One of the core benefits of OAuth is the ability to be very specific
> regarding what each authorised application is allowed to do, on a per
> application basis. It also allows you to selectively revoke the permissions
> of any specific application without needing to ask or even tell the
> application about it. To do this with the API key system you effectively
> need to re-authorise every app you use when you want to block just one of
> them. No real difference between this and having to change your password.

> I would much prefer that the guys (and gals) at Twitter concentrate on
> getting OAuth properly implemented (which is harder than it sounds) than
> their attention gets diverted by developers too impatient to wait for the
> right solution to the problem.

> -Stut

> --
> http://stut.net/

--
Alex Payne - API Lead, Twitter, Inc.
http://twitter.com/al3x

    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Google Groups - Google Home - Terms of Service - Privacy Policy
©2009 Google