OAuth FAQ

Page history last edited by Matt Sanford 7 mos ago

    1. General
      1. What is OAuth?
      2. Where do I create an application?
      3. When are you going to turn off Basic Auth?
      4. Can my application continue to use Basic Auth?
    2. Technical
      1. How long does an access token last?
      2. The application registration page asks about read/write access. What constitutes a write?

     

    General

     

    What is OAuth?

    OAuth is an authentication protocol that allows users to approve application to act on their behalf without sharing their password. More information can be found at oauth.net or in the excellent Beginner's Guide to OAuth from Hueniverse.

     

    Where do I create an application?

    We're working on a better site, but in the mean time you can create new applications at http://twitter.com/oauth_clients.

     

    When are you going to turn off Basic Auth?

    We would like to deprecate Basic Auth at some point to prevent security issues but no date has been set for that. We will not set a date for deprecation until several outstanding issues have been resolved. When we do set a date we plan to provide at least six months to transition.

     

    Can my application continue to use Basic Auth?

    There is no requirement to move to OAuth at this time. If/When a date is set for the deprecation of Basic Auth we will publish a notice on the API Development Talk. We will not set a date for deprecation until several outstanding issues have been resolved. When we do set a date we plan to provide at least six months to transition.

     

     

    Technical

     

    How long does an access token last?

    We do not currently expire access tokens. You access token will be invalid if a user explicitly rejects your application from their settings or if a Twitter admin suspends your application. If your application is suspended there will be a note on your application page saying that it has been suspended.

     

    The application registration page asks about read/write access. What constitutes a write?

    Many users trust an application to read their information but not necessarily change their name or post new statuses. Updating information via the Twitter API - be it name, location or adding a new status - requires and HTTP POST. We stuck with the same restriction when implementing this. Any API method that requires an HTTP POST is considered a write method and requires read & write access.

    Comments (0)

    You don't have permission to comment on this page.

    Printable version
    		 
    Anonymous Create an account or Log in