One of the prominent service providers offering OAuth based authentication is… Twitter. As more and more people are using Twitter as a personal and professional communication tool, I’m wondering why many of the additional third party services have not yet implemented OAuth based authentication. I don’t know about you but I’m getting slightly annoyed when an independent (often poorly designed) web site asks me to enter my full Twitter credentials. They all promise to not cache or store my username and password but still, it’s does not feel right. Some don’t even use an SSL encrypted HTTP connection for retrieving my secret user information.
Today I’d like to encourage all third party Twitter services to jump onto the OAuth bandwagon and offer their users with a secure and trusted way to delegate access control.
And here is my list of services that do not currently offer OAuth (and that I’m no longer going to use unless they do):
- Twellow: Asks for username and password. No secure HTTP POST.
- TweetLater: Asks for username and password. No secure HTTP POST.
- MrTweet: Asks for username and password. No secure HTTP POST.
- GroupTweet: Asks for username and password. No secure HTTP POST.
- Twitter Scheduler: Asks for username and password. No secure HTTP POST.
I’ll update this list accordingly and will add service providers, that don’t do it right and move those that switch to OAuth off from this hall of shame.
Which 3rd party Twitter services are you using? Please submit via the comments!
Update: We have decided to publish the post over at The Next Web. You might want to follow the discussion there, too!