UPDATED 10:44 EDT / AUGUST 31 2010

Twitter Switches to OAuth This Morning

The Twitter API will make a final change for third-party app developers this morning (8am Pacific time) that will drop Basic Auth for OAuth. Users of applications that haven’t kept up with Twitter news will find themselves suddenly out in the cold when Twitter starts rejecting their status updates. Fortunately, most popular Twitter apps–such as TweetDeck, Twitterrific, Seesmic, and Twitter for Android—have already done this.

The move by Twitter, as explained by Joab Jackson form PCWorld, is to better secure Twitter consumers from spoofing and other identity hijacks. He writes,

On a page explaining the reasons behind the change, Twitter gave several reasons that OAuth is superior to Basic Auth. The new protocol won’t ask users to provide the password directly to third-party sites. It makes spoofing of applications more difficult. It will help Twitter fight spam, and it paves the way for more trusted services.

When a user signs onto a third-party application with OAuth, the app itself doesn’t get access to the user name and password. Instead, Twitter itself will provide a sign-in module, which in turn provides a key to the application provider should the log-in succeed.

Identity hijacking is a huge problem with a lot of social networking—and has been a gigantic scourge of e-mail. In fact, the ability to spoof the origin of a message has become the core hallmark of spam within communities. Even systems like Twitter must find ways to protect themselves, and their users, from numerous bogus accounts created for the pure purpose of delivering unsolicited advertisements. I know I receive at least two requests a week from throwaway accounts (which, by the time I check them out, Twitter catches and disables) but without better authentication, spammers could instead pretend to be you (or your friends.)

The change from Basic Auth to OAuth, as the Basic Auth shutdown announcement explains, will enable Twitter to keep your username and password (login credentials) out of the hands of the third-party app. This means that you and Twitter—and only you and they—get to control your access to Twitter. It will prevent a dishonest third-party application from surreptitiously storing your username and password and passing it along so that some other application can pretend to be you.

That’s the upshot of this change.

Most people won’t even notice it, of course, if the applications they use have kept up with Twitter news.

However, being that there are still many obscure applications out there that use Twitter, we might see a flood of complaints and concerned troubleshooters today.


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU