buzzbird

Live, Tweet, Breathe, Open Source.


xAuth/OAuth checked into master

By now you may have heard that Twitter will be disabling basic HTTP authentication on API calls on June 30, 2010.  Twitter even made a pithy countdown page for it.  After June 30th, all Twitter clients will need to use OAuth to continue making authenticated API calls.

I like to refer to this date as the Oauthpocalypse.  Or even “Opocalypse”.

Rest assured, Buzzbird will be prepared to do battle on the side of good during the end times of basic authentication.  I have a vision (a “revelation,” if you will) of the souls of Twitter clients being expelled from the kingdom of Twitterdom.  They were cast asunder for callously hoarding the credentials of righteous users.  Yet I don’t judge (lest I be judged), for I too was a wayward spirit.  But I have seen the virtuous path.  Yea, I have seen the promised land, and brothers and sisters, that promised land is OAuth.

Now if only I had some icons that didn’t look like they were chiseled on stone tablets…

This entry was posted on Monday, May 10th, 2010 at 19:30 and is filed under Blog. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

3 Responses to “xAuth/OAuth checked into master”

  1. Chris Says:

    June 18th, 2010 at 17:36

    Oh look, I went to git-hub, and looked at your source code for Buzzbird and found a consumerKey and consumerSecret. Oh joy, now I can spoof buzzbird…

    More like the Oauthflawpocalypse…

    Oauth is stupid, flawed, open source desktop app unfriendly ahHhhHHHHhHhhHHhHh!!!!!!!!!!*untold violence*

    Just been working on my own open source twitter client, using python + pyqt4, and I’ve been ignoring oAuth for several months. The deadline for basic death appears, and now I face the security flaw brick wall, and than deadline is pushed back, but still, it’s still a serious problem that needs to be resolved before August >_<

  2. Mike Says:

    June 18th, 2010 at 21:40

    Yep. I’m contemplating advertising my key in the title of a blog post just to make a point of how asinine OAuth is. I’ll probably remove it from git (I think Twitter requires that now), but Buzzbird is distributed as a pile of plaintext scripts. It’s the furthest thing from “secret.” Anyone can find it with almost no effort.

    Gah.Whatevs.

  3. Antonio Says:

    March 16th, 2011 at 13:37

    I could even agree with most of your OAuth criticism, but it’s a golden standard compared to asking people for their passwords like Buzzbird and many other apps do. If you share your passwords with anything, machine or human, then you don’t understand basic security or are looking forward to identity theft.

    http://adactio.com/journal/1357/

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>