Calling all Twitter tool providers to implement OAuth

Calling all Twitter tool providers to implement OAuth

OAuth has rightly gained lots of popularity these days and even given the current session fixation issues, I’m a strong fan of the delegated access control it promotes and helps implementing. (For those of you who might not know, OAuth in a nutshell provides a Site A with access to data and features hosted on a Site B without asking you to provide your username/password to Site A.)


One of the prominent service providers offering OAuth based authentication is… Twitter. As more and more people are using Twitter as a personal and professional communication tool, I’m wondering why many of the additional third party services have not yet implemented OAuth based authentication. I don’t know about you but I’m getting slightly annoyed when an independent (often poorly designed) web site asks me to enter my full Twitter credentials. They all promise to not cache or store my username and password but still, it’s does not feel right. Some don’t even use an SSL encrypted HTTP connection for retrieving my secret user information.

Today I’d like to encourage all third party Twitter services to jump onto the OAuth bandwagon and offer their users with a secure and trusted way to delegate access control.

And here is my list of services that are carelessly insecure don’t use OAuth AND do not secure your Twitter account information by leveraging  SSL:

I don’t want to finish this post without giving outstanding, positive examples of doing it right: Check out WeFollow and TwitterCounter.

We plan to update this list accordingly and will add service providers, that don’t do it right and move those that switch to OAuth off from this hall of shame.

Which 3rd party Twitter services are you using? Please submit via the comments!

Read next: Bad news for IBM and Apple...