A couple weeks ago, we noted the start of the “OAuthpocalypse” — that is, Twitter’s move to make all developers use OAuth rather than basic authentication for their third-party apps. Twitter expected some bumps as they were going to be continuously shutting stuff down and progressively limiting rates. That all ends tomorrow, as basic auth support will be officially killed off at 8 AM PT.
Originally, Twitter had said the death of auth would take place today, August 30th. But for whatever reason, they pushed it back until tomorrow (maybe they just didn’t realize August had 31 days). Twitter’s Douglas Bowman confirms this with a tweet today: “Basic Auth for Twitter is almost history. Rate limits are down to 15 requests/hour, and will be 0 by tomorrow.”
As Twitter notes, this move is a very good thing. Here’s the main reasons they give on their documentation for the switch:
- don’t have to worry about exposing the credentials for your users whether through a bug or other means (especially considering that a lot of people use the same password for multiple services);
- don’t have to worry about the user changing their password — a user can change his or her password and the OAuth “connection” to your app will still work;
- don’t have to worry about other applications masquerading as your application – only you can set the byline with your application name;
- will eventually have access to more APIs from Twitter that will only be available to “trusted” OAuth-enabled applications; and
- give the @twitterapi team more visibility into the network — you help us plan for capacity, and you help us squash spam and you help us identify bugs.
As we noted a couple weeks ago, Twitter is also hard at work on OAuth 2 support already which others such as Facebook and Gowalla have begun using. OAuth 2 is the even more secure version of the service, which companies like Facebook, Microsoft, Google, and Yahoo have been working on for some time.
[image: Paramount Pictures]