Twitter opens OAuth interface

Twitter, the popular microblogging service, has now opened it's OAuth interface to all developers. Previously the API was only available to a closed group of developers during it's short beta period, which began last month. The API is now in an open beta for all interested developers. The opening of the interface should help provide safer access to the Twitter service from third party web applications.

OAuth is an open standard for online authentication that allows users to share their private resources, stored on one web site, with another site, without having to hand over their user name and password. It does this through exchanging tokens, limited only to a specific transaction and that may also expire after a given length of time, although for now, Twitter have chosen not to expire their tokens. For the purposes of authentication only tokens are exchanged between sites and the user grants access by entering their user name and password only at their private site.

A typical transaction might involve a user wanting to use a social network graphing site to generate a tag cloud based on their Twitter followers. There are a number of sites offering this service, but previously, to get information on a Twitter user's followers, they would have requested the user name and password of the Twitter user and used those credentials to log into Twitter's API. This was obviously not a satisfactory state of affairs and allowed for phishing for Twitter user names and passwords. With OAuth, the social network graphing site would ask direct the user to log into Twitter itself and authorise the site to access only the information they allow.

See also:

• Twitter spoofing fix fails in UK and Germany, a report from The H.
• Twitter: No more swapping passwords, a report from The H.
• Spam from compromised Twitter accounts, a report from The H.

(crve)