2 May, 2010 | 12 Comments

OAuth Becoming Mandatory for ALL Twitter Applications in June 2010

Some of this article was reproduced from our other “MarketMeTweet Blog” but this goes into a bit more for developers :)

OAUTH is going to be required for ALL Twitter tools in June 2010. This is big news, but what does it mean from a programming standpoint? First, the proof:

From Twitter Site:

Screen shot 2010-02-21 at 11.29.56 AM

So, twitter will now have a say in what type of tools access their site. Whereas before tools could break the rules and they had no idea where it was coming from, now they will know, and systematically shut those tools down. Before OAUTH tools could use “Basic Auth.”  This meant anonymous access to the Twitter API.

How can Twitter monitor apps now?

You can see the post twitter does here about OAuth Token Revocation. And that’s exactly it. They can revoke a token for any application that doesn’t follow their  list of rules for marketing tools.

What are some of these rules the vast majority of marketing tools ignore?

Automation.  Plain and simple. Twitter HATES “set it and forget it.” They want it to be user initiated and user controlled. They are very serious about taking automation out of twitter with the exception of Scheduled Tweets and Reciprocal Following. They really want it all done at the hand of a human being. Mass following in a short period of time is also a big no no.

You can read all of these Rules here.

Why did Twitter pull the plug on Basic Auth?

We spoke to a contact at Twitter and found out that with Basic Auth there was almost no way of stopping people from abusing the API and breaking Twitter’s rule and regulations (which includes most automation). By forcing OAUTH, they will know what site the software is from, and can ‘check it out,’ so to speak. But this is not without problems. What’s happening now (perhaps thanks in part to us giving people the ability to brand their tweets, is that sometimes actual developers apps are getting shut down for no good reason. It seems that Twitter is relying on the landing page to determine if the app is good. Not really sure how well this will work as a long term strategy as it is time consuming for Twitter to manually check the landing page, and some developers may have a dummy page put in place whilst they test….  Even when we first started selling MarketMeTweet they pulled the plug on us for 24 because they thought our landing page implied some Automation they didn’t agree with (it was quickly solved, but as I said, we have a contact at Twitter, not every developer is so lucky).

1264887133_flying_bird_sparkles

So where does that leave things?

Well… we’ve set out to design a tool that follows every single rule. Some people have asked “Why don’t you automate more like TweetAdder?”  And our answer has always been this.

“Because in a few month’s time, we want  the money you spent to be on a tool that still exists.”

And as it turns out, we were dead on with how we developed MarketMeTweet. June 2010 is OAuth Roll out. And when we asked Twitter if everyone has to be on it, even the popular management tools? They replied. “OAuth is 100%. EVERYONE.”

How Do I know if the Tool I bought uses OAuth?

Tools which don’t use Oauth require you to input your Twitter username and password directly into the tool, which they then store (doesn’t sound very secure does it? Giving away your private details to someone else) – Tools which use Oauth, require you to ’sign in with twitter’ which opens up a secure connection to twitter. OAuth secure web tools allow you to sign in and connect the tool. Desktop applications require you to sign in a obtain a pin, which you enter into the tool, so you never give away your password. Here is what it looks like:

Screen shot 2010-02-21 at 11.30.05 AM

You can test if your existing tool is using OAuth by logging into Twitter yourself and changing your password. Your tool will cease to work.

A few tips for developers:

Make a dummy landing page that explains what your tool does quite clearly, and make sure it’s 100% Twitter compliant. Don’t leave it to Twitter to guess because they won’t always guess in your favor:
“Hi, this is the landing page for “So and So Tool,” here are the features it’s going to have, etc etc”

For more reading, here’s Twitter’s explanation of OAuth…

Screen shot 2010-02-21 at 11.33.47 AM

What is OAuth?

OAuth is an authentication protocol that allows users to approve application to act on their behalf without sharing their password. More information can be found at oauth.net or in the excellent Beginner’s Guide to OAuth from Hueniverse.

Tags: , ,

Author:Tammy

View all posts by Tammy
  • Bill Nunney

    Good article, Though from the developer standpoint i really hope they’ve fixed all the bugs in OAuth, like not being able to delete lists.

  • http://www.piedogmedia.com Tammy

    Yeah, agree. And.. i hope they’re fair! I just read social oomph says they’re ‘oauth secure’ – now we know that’s impossible based on twitter’s rules so curious to hear what twitter says (i emailed them today :) )

  • http://topsy.com/trackback?utm_source=pingback&utm_campaign=L2&url=http://www.wuup.co.uk/oauth-becoming-mandator-for-all-twitter-applications-in-june-2010 Tweets that mention OAuth Becoming Mandator for ALL Twitter Applications in June 2010 | Wuup — Topsy.com

    [...] This post was mentioned on Twitter by Christian Markley, MarketMeTweet, PieDog Media, Nancy Frank, Old Mac Donald and others. Old Mac Donald said: OAuth Becoming Mandator for ALL Twitter Applications in June 2010 …: Some of this article was reproduced from ou… http://bit.ly/cvJ2Qi [...]

  • http://www.marketmetweet.com Tammy

    Still waiting to hear from Twitter about Social Oomph.. will be very annoyed if they are allowed to do things no one else is…

  • http://www.marketmetweet.com Tammy

    Ok update… heard from twitter. They said last time they checked social oomph was compliant as they don’t keyword auto follow, BUT they do auto unfollow which is expressly against the Terms of Twitter. Have replied back so will update with what they say!
    :)

  • http://www.marketmetweet.com Tammy

    More news, apparently twitter didn’t realize it had that function. They have advised not adding it to ours b/c they are going to stop social oomph from having it as well as it is against the TOS.

  • Bill Nunney

    Twitter crackdown!

  • http://www.wuup.co.uk Alan Hamlyn

    Twitter laying the ‘smackdown’ on them spammers eh? Very good, very good sir.

  • http://www.piedogmedia.com Tammy

    This is getting interesting. Finding more and more sites having to change from oauth – futuretweets.com has had to stop reoccuring tweets…

  • http://marketmetweet.com/blog/looking-for-strategic-partnerships-for-market-me-tweet-v2/ Looking for Strategic Partnerships For Market Me Tweet V2 | Market Me Tweet Development Blog

    [...] a lot about OAUTH and how the Twitter Landscape will be changing (our most recent article is here), and we’re starting to see it… tools folding, or drastically [...]

  • Ball

    well written blog. Im glad that I could find more info on this. thanks

  • http://www.OmarBriones.com Omar Briones

    Time is tickin, and still so many people don’t know about this… I’ll do my best to spread the word Tammy! This NEEDS to go out to EVERYONE before it’s too late! :)

    Thank you so much for being there for us, and keeping us up-to-date with what’s going on… You already know I got your back… So let me know if there’s ever anything I can do for you!

    You ROCK!! :)

    ~Omar