14 DAY TRIAL // Twitter is making some changes to what type of data third-party apps can access and how users can authenticate through them. These changes ensure that Twitter apps can only access direct messages with the explicit consent of the user, but they also degrade the user experience with native third-party apps.
"Beginning today, we’re giving you more control over what information you share with third-party applications. Apps that you use to access your direct messages will ask for your permission again," Twitter announced.
"When you first connect an application to Twitter, we’ll give you more detailed information about what you’re allowing the app to do with your account. These activities may include reading your Tweets, seeing who you follow, updating your profile, posting Tweets on your behalf, or accessing your direct messages," it explained.
For the users, this makes it harder for rogue apps to access or delete their private messages and it also helps them make a more informed decision when authorizing apps to access their accounts and data.
In practice, though, it means that all applications are now forced to use the OAuth authentication standard. OAuth is used by an increasing amount of companies, to enable third-parties access to data and services. Google is a big fan of OAuth and Twitter has been a pioneer as well.
On the web, OAuth provides a seamless and safe experience. Users are redirected from a third-party website to Twitter.com where they can review the type of data and access the app or website requires and then authorize access. The third-party sites never see any login credentials.
With native apps though, which are now also forced to use OAuth exclusively, this means that users have to move from the app to a browser, on their desktops or mobile phones, where they authorize the app and then have to go back to the app and complete the sign in.
This is hardly a seamless experience and it's a big step backwards to the way apps work now. Currently, native apps can use xAuth which requires users to provide their usernames and passwords.
With xAuth, login data is passed from the app to the Twitter APIs which authorizes the app by providing it with a key. However, apps don't have to store the login data (though they certainly can do that), once they have the key, they're all set.
The change, while beneficial to the user in some ways, is seen as yet another attempt by Twitter to hinder the development and popularity of third-party apps. It's been no secret that Twitter wants people using the website and official apps, lest they be "confused" by an uneven and unfamiliar experience. App makers have make the switch by the end of the month.