Twitter Extends New OAuth Deadline For Apps Accessing Direct Messages

Adam DuVander, May 18th, 2011

TwitterWith an announcement of new permissions levels, Twitter is requiring apps that need access to direct messages to re-authorize their users. For mobile apps, this could mean rewriting to use OAuth for the first time. When the developer community balked at a shorter timeline, Twitter extended the deadline to June 14 June 30. Though most developers will not need to make changes to their applications, those that do will have to do so in only 27 43 days.

Update: Twitter has extended the deadline to the end of June.

When Twitter shut off basic authentication last year, it gave over four months notice, though the original heads up was half that. The company twice extended the deadline and finally required OAuth starting August 30, 2010.

The changes provide more clarity and control to users of Twitter’s platform. And while the technical hurdle is not as large as last year’s “OAuthcalypse,” some developers–especially those of native mobile apps–will need to implement big changes, as hinted on the Twitter dev list:

Applications that use “Sign-in with Twitter” or xAuth will only be able to
receive Read or Read/Write tokens.

What this means is only applications which direct a user through the OAuth
web flow will be able to receive access tokens that allow access to direct
messages. Any other method of authorization, including xAuth, will only be
able to receive Read/Write tokens.

Daring Fireball points out that it’s not just a technical issue. Mobile apps are being forced into a degraded user experience:

Thanks to OAuth, you never need to give these sites your Twitter password, let alone allow them to store your password. Instead, they forward you to, you grant them access to your account there, and then forwards you back to the website where you started. It’s common sense: a web-based authentication flow works naturally from within a web browser.

But the same web-based authentication flow is jarring for native apps. When you open a native app — Mac, Windows, iOS, Android, WebOS — you don’t expect to be forwarded out of the app and into your web browser.

Twitter’s relationship with developers has been tense the last year, since around the time Twitter acquired an iPhone app Tweetie, now called Twitter for iPhone. Around the same time, Fred Wilson, an early investor, said developers were just filling holes in the Twitter platform rather than making something new. In his update to the recent announcement, Twitter’s Matt Harris noted that official Twitter apps won’t use the OAuth web flow. “We’re taking this step to give more clarity and control to users about the access a third-party application has to their account,” Harris wrote (emphasis added).

Both comments and pings are currently closed.

5 Responses to “Twitter Extends New OAuth Deadline For Apps Accessing Direct Messages”

May 18th, 2011
at 7:55 pm
Comment by: Twitter Extends New OAuth Deadline For Apps Accessing Direct Messages | WWW.ANDROIDWORLD.BIZ

[...] the original post: Twitter Extends New OAuth Deadline For Apps Accessing Direct Messages This entry was posted in Android Articles and tagged community-balked, deadl, Developer, [...]

May 19th, 2011
at 2:32 am
Comment by: Twitter Gives Users More Control Over Third Party Apps » Social Media Blog

[...] Twitter Extends New OAuth Deadline For Apps Accessing Direct Messages ( Tweet [...]

May 23rd, 2011
at 2:18 am
Comment by: API måndag – Twitter DMs, US Census, Facebook «

[...] permissions och få nya tokens från alla användare, deadline för detta är satt till den 14 juni så det är lite [...]

June 28th, 2011
at 6:01 am
Comment by: Twitter Direct Message Enforcement Deadline This Week

[...] to reauthorize you again by June 30th, 2011 to avoid any interruptions in receiving messages, as Twitter declared in May. The enforcement deadline is now just a few days [...]

December 19th, 2011
at 11:14 am
Comment by: Twitter first four steps to squeeze out developers

[...] Basically, the stranglehold by Twitter was being elevated to a new level. Originally they allowed only 2 weeks to perform these changes. Knowing the delay it takes to get your iOS application approved by Apple, this damocles sword was very close into hitting those 3rd party developers. After much whining and rage, on Twitter, they decided to postpone the application of that new policy until June 30th. [...]

Follow the PW team on Twitter

APIs, mashups and code. Because the world's your programmable oyster.

John Musser
Founder, ProgrammableWeb

Adam DuVander
Executive Editor, ProgrammableWeb. Author, Map Scripting 101. Lover, APIs.