I am building a twitter application that is currently using the classic login instead of OAuth. Does Twitter have any plans of deprecating this? I chose not to do OAuth because it is still being piloted as a beta.
+7
A:
I doubt there are any plans to deprecate the old API, because there are hundreds of applications which are designed to use it. Even though it's safe to use the old API, if I were you, I'd transition to OAuth due to user security concerns. OAuth is more secure than the plain API, and provides fewer ways for an attacker to obtain the user's password.
From the Twitter API documentation:
OAuth is the Twitter preferred method of authentication moving forward. While we have no plans in the near term to require OAuth, new applications should consider it best practice to develop for OAuth. We eventually would like to suspend Basic Auth support. However we realize that Basic Auth has been a large part of the API's success, and that the barrier to entry if OAuth is the only solution is substantially higher. Many applications rely on Twitter accounts as their means of account management. Additionally, Basic Auth allows a developer with a command line, cURL, and his account credentials to start poking at Twitter data. There are still a number of archetectural use cases to work through before we consider the deprication of Basic Auth. Before any changes begin to happen, we will discuss them with the community through the support channels, and give at least 6 months lead time before making any policy changes.
John Millikin
2009-08-11 20:38:31
A:
It would be best if you provide both mechanisms to your clients, by default the classic login but if user is concerned about security they can choose the OAuth mechanism. Mind it, many users will leave your application just because it requires them to give your application their (user's) credentials.
Monis Iqbal
2009-09-07 17:28:21
A:
i believe using Oauth would be the safest bet, and its more convienet in the long run. I read an article saying that twitter is making Oauth mandatory pretty soon as well so you will have to switch over eventually
A:
"When are you going to turn off Basic Auth?
We announced in December of 2009 the deprecation of Basic Auth. Its removal date from the platform is set for June 2010. We announced towards the end of June 2010 that we have postponed this until August 16th 2010."
mportiz08
2010-09-06 02:50:23