Comments on: Twitter API Severely Flawed

By: Twitter Trackbacks for Reality Me » Twitter API Severely Flawed [realityme.net] on Topsy.com

Tue, 01 Sep 2009 05:46:16 +0000

[...] Reality Me » Twitter API Severely Flawed realityme.net/2008/12/03/twitter-api-severely-flawed – view page – cached #RSS 2.0 RSS .92 Atom 0.3 Reality Me » Twitter API Severely Flawed Comments Feed Reality Me He Returns TP Emergency! Straight to /dev/null — From the page [...]

By: Five Things Twitter Should Do in ‘09 | Twitterrati

Five Things Twitter Should Do in ‘09 | Twitterrati — Fri, 02 Jan 2009 12:49:12 +0000

[...] 4. Make the Twitter API more user-friendly for developers, especially the authentication process. This would make Twitter more secure for users and make it easier for developer to unveil new services. For more on Twitter’s authentication flaws, check out this post by Reality Me. [...]

By: Doug McCaughan

Doug McCaughan — Tue, 30 Dec 2008 16:13:25 +0000

Perfect! I look forward to incorporating OAuth into the applications I personally develop.

By: Praveen Alavilli

Praveen Alavilli — Tue, 30 Dec 2008 15:15:09 +0000

OAuth provides Service Providers to enable such revoking functionality too. If you look at the spec, it provides consumer applications/clients a secure way to obtain an access token and secret with out asking for user’s credentials directly by themselves (analogous to amazon web services key/secret pair but even “better” because the user’s do not need to manage the keys & secrets – they are handed over as part of the OAuth protocol).

So in your example, each one of the 3rd party application you signup for will get it’s own token/secret pair by sending you to the Twitter’s authorization page where you authorize their access. After that at any given point of time you can goto your Twitter’s profile page and manage access for those applications.
Best example to look at is http://fireeagle.yahoo.net/ or even Flickr apps to see how the model works.

By: Doug McCaughan

Doug McCaughan — Tue, 30 Dec 2008 13:51:04 +0000

OAuth looks very viable. At the time I posted this, I had not looked into OAuth and still have only read about it briefly. As long OAuth gives me the ability to deny one application while keeping another going, it should be a good choice.

If I signup for (let’s make up some fake Twitter applications) ReTwitterApp and I also sign up for TQuoteMeApp and both require my authentication credentials, then I discover that ReTwitterApp is too spammy and I want to deny it, will OAuth make it easy to stop ReTwitterApp from authenticating on my account while letting TQuoteMeApp continue to work? If so, oauth will be excellent.

Tom, glad to hear they are close!

By: darkua

darkua — Tue, 30 Dec 2008 09:41:45 +0000

OAUTH! OAUTH! OAUTH!

By: Tom

Tom — Tue, 30 Dec 2008 07:32:45 +0000

OAuth, like Duke Nukem Forever, is “on the way”. Supposedly they’re “really close”, according to Al3x.

By: Michael

Michael — Tue, 30 Dec 2008 07:10:43 +0000

Why not oauth?

By: Doug McCaughan

Doug McCaughan — Mon, 29 Dec 2008 17:21:12 +0000

I've thought about it for a very long time. Yes, Is Twitterank Ranking Your Popularity Or Stealing Your Password? certainly caused a stir. I made this post before I had heard about the Twitterrank uproar so obviously it is a very apparent flaw to many people. I hope you are right about the flares.

By: Victor Agreda Jr

Victor Agreda Jr — Mon, 29 Dec 2008 16:52:15 +0000

I think that scoring or ranking thing that hit a few weeks ago sent up a flare on this for me as well. Makes no sense, really, for them not to implement…