xAuth to OAuth

Published by Manton Reece (@manton) — RSS Feed | Export CSV | Embed

OAuth update around DM access: "Mission: Permission" http://t.co/DqMg7CC via @twitter
@jasoncosta @themattharris I'd really ask you guys to re-consider not allowing xAuth apps to access DMs. This will break tons of clients.
@rsarver cool, I'm glad you're admitting it isn't a level playing field, and you're actively trying to kill us off.
@rsarver remember when you told me how important it was that 3rd party devs felt respected? How do you think we feel now, Ryan?
@rsarver You make me regret ever helping your service and other devs back in 2007. It's an embarassment.
@rsarver - are you guys serious about this xAuth DM thing? won't that be a support nightmare for you guys (and us 3rd party guys too)?
@rsarver "Permissions changes need to be done as quickly as we can" is BS when it's been the status quo for years.
@rsarver my question is what is the rush? Seems like you're creating a lot of developer anxiety on whim, for what benefit?
@orian we feel it's important to have a short window for a change in permissions models. obviously we're not doing it on a whim :)
@rsarver I'm really glad to see Twitter wanting to move quicker w things, but it takes 6m - 1yr for Twitter to fix documentation errors
At #devnestSF, less than a week ago, I specifically asked about more granular permissions around DMs. @rsarver said nothing about it.
@orian not sure that's a comparison. the team isn't sitting around. we have a small team that needs to prioritize. I know you do the same
@chockenberry twitter apps are part of the "service", not 3rd party apps asking for permission to access an account
@rsarver So you're confirming that the playing field isn't level for third party developers?
@chockenberry it is level for all 3rd party developers. Not sure how it maks sense that a user would see an OAuth flow for Tw4iPhone
@rsarver A traditional OAuth flow in your apps makes as much sense as it does in ours. Hurts usability, ask Loren: http://bit.ly/JfCoH
@gruber OAuth is for 3rd parties who need access to the service provider. we are the service provider
@chockenberry I disagree. I'd love feedback on how we to improve the usability while still giving users clarity on what they are granting
@abraham offered by the service provider. users grant us that permission and store their password with us. not the same as a 3rd party
@chockenberry The logic that @rsarver is using to defend the continued attack by Twitter on 3rd party devs is pretty disgusting
@chockenberry @gruber Okay, it's clear from further @rsarver tweets that Twitter is committed to bad startup UI for all 3rd party apps.
@tapbot_paul we're available to help with the transition to web flow if an app wants DM access.
It's particularly frustrating that the official twitter apps will be getting special treatment. Thats some grade A bullshit. cc/ @rsarver
@jasoncosta @tapbot_paul Can you help get us through the Apple review queues in less than two weeks, too? :-)
@rsarver Would be nice if you could provide some mechanism that allows clients to connect without forcing them into a web view.
★ Twitter’s Shit Sandwich: http://df4.us/hn8
we've been listening to feedback and are going to extend the transition timeline by two weeks to June 14th. more here: http://t.co/gh5FSGD
Kind of want to write more about the #DMpocalypse. Maybe I should change the name of my blog to "Dumb Shit @TwitterAPI Does".
when @al3x left twitter we wrote that he was crazy; we regret the error.
Distracted today, finally caught up on Twitter's announcement that they will break DMs in every Mac/iOS client... except their own. Furious.
Translation From Weasel-Speak to English of the Key Question in Twitter’s FAQ for Developers Regarding Their New Policy f… http://df4.us/hnb
Really waiting for someone to knock Twitter off its perch. I mean, developers would support a twitter alternative in a hearty beat currently
I discovered I have more than 140 characters of opinion about Twitter's actions today: http://t.co/NsbilwK
This just makes me angry http://daringfireball.net/2011/05/twitter_shit_sandwich ; https://twitter.com/#!/rsarver/status/70917459078680577
@danielpunkass Great write-up! I sure hope someone at Twitter is considering your solutions.
Official Coffee Times commence. Today's theme: Man, can Twitter do _anything_ right anymore?
Next up from Ryan Sarver: third-party Twitter clients must request auth tokens by mail, enclosing a prepaid envelope.
Proposed hashtag for impending Twitter client updating deadline: #authpocalypse.
@violasong Thank you! Great to hear from somebody who is well versed in developing a Twitter client :)
Today would be a very good day for Google to announce a Micro Blogging service.
As usual, @gruber nails it. http://tumblr.com/xip2l8jj1l
Macworld says I'm melancholy http://tumblr.com/xip2l8xhj2 snif.
Twitter's @rsarver has studied the Jedi mind trick, but hasn't perfected it. These apps are not apps. They're services! http://t.co/FOLWt96
Talking down to outrage loses the PR war.
@danielpunkass My impression is they're not interested in winning the PR war. They've made a decision and are prepared to weather the storm.
@jmwolfinbarger They should take a page from Machiavelli and deliver all their bad news at once. "No more 3rd party Twitter apps."
I'd actually respect Twitter slightly more if they just came out and shut off API access rather than inconveniencing devs to force them out.
Devil's advocate on Twitter's DM-OAuth change: http://t.co/3AshGLU
Finding it hard not to see Twitter's API policy changes as an attempt to kneecap Uber Media. Smaller developers are collateral damage.
@jasoncosta here's something that'd help. Sample iPhone code that shows the proper way to do an oAuth flow and can handle multiple users.
If you watch it backwards, Twitter's API is a remake of A Christmas Carol; a bitter control freak wins friends by becoming helpful and kind.
@tapbot_paul @jasoncosta Agreed. Sample code that's not web-based would be very helpful. Would help everyone understand the problem…
@chockenberry @tapbot_paul https://github.com/amazingsyco/oauthery
Just signed up for identi.ca. You should in no way anything into this incredibly random happenstance - http://identi.ca/gedeon
@marcoarment The problem with your point 2 is that it can be used to justify many terrible ideas. "Because we can" is not good enough.
@marcoarment #1 you're just wrong. every app that shows DMs will have to change to at least remove the UI or add OAuth. it's a big deal.
@marcoarment #2 no one is saying that they *cannot*, they are saying they *should not* these changes will make Twitter worse for customers.
@marcoarment #3 things change, true. but some changes are better than others. i think Twitter has many alternatives that are better.
@SteveStreza @tapbot_paul Thanks Steve! Nice to know that you can get the account info from the token body (SSToken) — that's a biggie!
So it seems @twitterapi have decided that the horrific user experience of OAuth is acceptable. To think I thought they saw sense with xAuth!
By me: Twitter inflicts further dev pain, featuring special guest star @mattgemmell http://t.co/AZh289e
Is there a single developer of a native Twitter client app who is happy about the forced switch to OAuth?
You guys, I thought "they own the platform they can do whatever they want" was the new mantra for the post-app-store world.
@themattharris That leaves me with one option: the use a built-in browser, pretend to be a web app, and sniff the connections.
I've just posted a few more answers to questions about the new permission level http://t.co/28WeLX6
rno
Just created an FAQ page for our Application Permission Model. Will keep updating it as long as questions come. http://t.co/1TZXN80
Can't wait for Twitter to start pimping their own apps on the OAuth sign in page.
This is what Twitter's authentication change brings to 3rd party clients - http://dl.dropbox.com/u/2320369/oauth.mov
@danielpunkass Glad you got xAuth, but I wonder if you'll save time by coding to OAuth now anyway. Twitter has no love for legacy.
I wonder if any Twitter clients will have the stones to remove DMs from their app, instead of removing xAuth.
@manton I'm prepared to code for OAuth when/if needed. But if there's going to be grandfathering, I want in ;)
@SteveStreza I seriously considered removing DMs, but that only hurts customers. Just a bad deal all around.
I think I can hear the @TweetDeck engineers in Europe rejoicing that they don't need to integrate the OAuth authentication workflow now.
Will TweetDeck have to use OAuth?
@gruber Of course not. Why on earth would Twitter subject their users to such a thing?
@gruber That's the question. It will be difficult for Twitter to argue that TweetDeck is "part of the service".