Twitter Going OAuth Only – Are Developers Ready?

, Sun, Apr 25, 2010

On Saturday Twitter announced that it will be switching off support for basic authentication in it’s API on 30th June, and only allowing access through the more secure OAuth authentication system.

The announcement appeared on on Twitter API Google Group, from Raffi Krikorian of the Twitter Platform Team:

“you’re going to be hearing a lot from me over the next 9 weeks. our plan is to turn off basic authorization on the API by june 30, 2010 — developers will have to switch over to OAuth by that time. between now and then, there will be a *lot* of information coming along with tips on how to use OAuth Echo, xAuth, etc. we really want to make this transition as easy as we can for everybody.

as always, please feel free to reach out to this group, or to @twitterapi directly. if you need help remembering the date – http://bit.ly/twcountdown

Developers of Twitter apps and services will need to make the switch or face the possibility of their tools becoming useless. However given the Twitter acquisition of Tweetie, are developers going to continue to develop and update their apps in what is now a very competitive market.

The popular Twitter directory, oneforty.com lists 2,743 apps and services, and these are only the ones that have registered with the site. Will the developers of all of these tools make the leap to OAuth? Perhaps we will see a culling of the herd, with only Twitter Apps in active developement surviving.


, ,
  • http://twitter.com/GoldChoiceUK SarahLG

    Sounds interesting :) But I dont really get what the change is… :S

  • A Randumb Debelubber

    oauth is also a moving target

  • keefmoon

    Sarah,

    Apologies, I should have explained better in the post. Twitter apps and services can currently use Twitter's API using either Basic Authentication or OAuth.

    Basic Authentication allows the app to pass your Twitter username and password as part of the request, allowing the app to interacte with your account, ie. posting a Tweet. The problem with this is that the app, and therefore the app developer, has access to your username and password.

    OAuth works differently, when you log into an Twitter app or service that uses OAuth, you are providing your username and password to Twitter directly, not the app. You are then able to grant access to your Twitter account on a per app basis. Twitter then provides the app with a token, and this token can be used by the app to interact with your account, like sending a Tweet.

    The advantages of this is that the app, and the developer, do not know your username and password, and you can revoke access to your account from the Twitter website, if your no longer trust the app, or no longer use it.

    The problem for developers is that OAuth is more complicated to implement then basic authentication.

    Hope that helps,

    Keith