Twitter permission change hurts third-party mobile apps [21May11] - 0 views
-
Twitter is updating its authentication system to give users more control over how third-party applications can access their accounts. Applications will now have to explicitly request additional permission from the user during the authentication process in order to send and receive direct messages on behalf of the user. At first glance, the change seems like a welcome improvement to the Twitter APIs. Support for granular permission tiers is one of the technical advantages of authority delegation systems like OAuth
-
Twitter's approach to implementing the feature comes with some serious problems for third-party client implementors
-
The OAuth standard was originally intended to enable server-to-server authentication for limited third-party access to non-public APIs. It is poorly suited for open APIs with an arbitrary number of independent third-party applications. More significantly, it doesn't address the needs of desktop and mobile authentication at all. Despite the significant limitations of the standard, it is being adopted and mandated by a number of social networking services, including Twitter.
- ...2 more annotations...