Twitter is killing support for basic user authentication in third-party apps on Tuesday morning, the company says. Instead, Twitter will now require all third-party app developers to use OAuth for user authentication.
This is a planned move Twitter first announced in December, and the company has posted a help page on its developer site with some resources meant to ease the transition to OAuth.
The Twitter API team has been dialing down the number of requests an app can make using the basic authorization method. That number will hit zero at 8AM Pacific time Tuesday.
Some bloggers have given the event the catchy name, “OAuthcalypse” — a bit of a mouthful, but so is “user authentication protocol” — the implication being that when basic authentication is switched off, it will break old software and leave users in the dark. But since Twitter has given developers ample warning of the change, the switch will only lock out a small number of apps.
Twitter’s move mirrors a broader trend on the social web, where basic authentication is being ditched for the more secure OAuth when services and applications connect user’s accounts.
In basic authentication, a website or app will say, “Hey, do you want to share whatever you’re doing here with your friends on Twitter? Give me your Twitter username and password and I’ll hook up your accounts.” By passing along your info, you’re giving that app or website unlimited access to everything in your Twitter account. Pretty dangerous, and not secure.
In OAuth authentication, the website or app will send you to Twitter where you sign yourself in, then Twitter will tell the website or app “Yeah, they are who they say they are.” The website or app only gains the ability to do certain things with your account — post, read, reply, search — while staying locked out from the more sensitive stuff.