OAuth is an Open Authentication system used by a variety of sites including Twitter, Yahoo and others. One of the important bits is the the application doing the logging in has to have a secret key in it. Flickr has one on their server for logging you into the Yahoo network. Desktop Twitter clients have their keys in the code.

Until 31 Aug 2010, Twitter allowed applications to log in either with OAuth or a more traditional username/password handshake. After that day however, only OAuth was accepted. Many many twitter clients broke on that day, because they hadn’t switched to OAuth. Twitter said “Don’t blame us, we announced this six months ago”.

The catch is that you can’t keep a secret key secret in an open source project. This means that ALL of the twitter clients I might consider for my desktop don’t work anymore, and probably won’t work until Twitter makes some changes. My client of choice is Echofon, a Firefox plugin, and even that doesn’t work anymore. Echofon has said they won’t support “fringe” operating systems, and list several, though not Linux. Echofon wasn’t even that great, it was simply the best of a bad lot.

Twitter has essentially shut out all open source clients. Surely they thought of this when they decided t go all OAuth. I wonder why they assumed it wouldn’t matter? I’ve been using my iPod touch to keep up with twitter occasionally, and even using the actual Twitter web site.

If I had the time and know-how I’d make a web based client that I could install in my own web space. My key would be my own, so no-one would see it. It would be all nice and html5/ajax and very nice. TweetDeck is simply a web application using Adobe AIR, it does nothing html5/ajax can’t do. Somene once mentioned t can be installed, but I look at that as a drawback, having to be installed.

But if everyone did this, everyone would be requesting their own OAuth keys, and that would get out of hand VERY quickly.

I’d love to see Twitter make that magic we based Twitter app. It would work similarly to their current site, but be in a small window, opened via a smart bookmark, or even in Prism, that doesn’t dominate the whole web browser.

Regardless of what happens, Twitter became much less user friendly and accessible when it broke all of the open source clients.

For more reading, here are a couple articles. Ars Technica has an article called Twitter: A Case Study On How To Do OAuth Wrong and BenLog has a rebuttal.

One thought on “Twitter and OAuth

Leave a Reply

Your email address will not be published. Required fields are marked *