A reminder for all those who deal with the Twitter API that the cut off has now passed for the end of Basic Auth access to Twitter. For the non-technical out there, this is where you give an application, or a website, your username and password and it logs into Twitter and does something for you.
From now on, all applications will need to use oAuth. I think this is much more secure as the application or website will direct you to Twitter, who would verify who you are and whether you give approval or not. Twitter will also tell the user who is seeking the authorisation, so as an end user I have a better idea of who gets to know what. Developers of Twitter applications have been moving towards this model for a while now and it was pretty much the de facto standard anyway.
An application which is registered with Twitter identifies itself with a security token and key. I run Twitter Tools on my blog and they have had to come with a work around. Since PHP is coded in plain text and not compiled, they couldn’t register it as an application and use their own tokens and keys or other people would use them to imitate their application. Instead I had to register my website as its own application, and every user of Twitter Tools is going to have to do the same.
I had to register my site as an application.
It might seem a drawback, but it does mean that any tweets from my site now come up as coming from the “Nicholosophy” application, which links back to my site. Pretty cool.
So if you aren’t a developer but you run Twitter Tools (or something similar) check out to see if you need to do something. Otherwise I believe it’s another great change by Twitter to improve security and I can’t complain about that!
Loading ...
perhaps " the cut off has now past" should be " the cut off has now passed"?
Thanks mate. I shouldn't blog past my bedtime…