|
|
|
|
|
|
by josephholsten
5761 days ago
|
|
|
Seems like this author just doesn't realize how painful migrating to OAuth is for a service provider. Of course xAuth isn't a real security improvement to HTTP Basic. But it forces everyone to support auth that isn't inherently broken. So once Twitter stops receiving many xAuth requests, they can just turn it off. The migration to OAuth 2 will be interesting though. All the existing clients will have the right kind of structure to plug in drop in a replacement flow, but I bet there will still be a bunch of complaints. "OMG I don't want to use HTTPS! This is so hard! Who cares that I can use curl to debug now, I want programming to be drag and drop." Haters gonna hate. |
|
|
But your argument still doesn't explain why Twitter's supported service still uses xAuth. Or Twitterrific (and they have a significant market share). What is blocking them from migrating from Basic to non-xAuth OAuth?