What's The Deal with OAuth?

Wednesday, 22 April 2009

OAuth is an open protocol that Twitter is experimenting with along with other companies such as Yahoo, Netflix, and Google. The idea is that folks can use awesome Twitter related applications and services like We Follow or TipJoy without giving away their account credentials. Our implementation of OAuth is in a beta testing mode right now and we are in close contact with the consortium of engineers who continue to define this open protocol.

This week, we received word from the folks at OAuth that they were looking closely at a security issue within the protocol. We take security seriously and felt the responsible thing to do was temporarily disable OAuth while this matter was sorted out. Yahoo and others made similar decisions. The developers working on Twitter projects that are in our beta test group felt this disruption the hardest and their patience is extremely appreciated.

It’s important to us that we support the ecosystem and developers that have grown around Twitter. Communication is a big part of this support but so is moving quickly and responsibly when security is involved. As we move further away from beta testing, Twitter’s OAuth support will grow more dependable and many of us will be able to take advantage of applications that incorporate the protocol.

We’re in contact with Twitter developers helping us test OAuth as well as the folks behind the protocol and the other companies using it. We’re expecting service to return later today even better and stronger than before.