Chapter 6. Basic Authentication and OAuth
"There have been tons of third party applications built around Twitter but the problem with them is users aren't interested in entering their Twitter username and password to check them out. OAuth changes that by allowing users to grant permission once they've logged into Twitter providing better security."
Up to this point, you have used Twitter's Basic authentication scheme to make your calls against the API. You're also aware that Twitter prefers OAuth authentication, a new standard created by several prominent social web service developers, and that it may remove support for Basic authentication in the near future. Keep in mind that although it is easy to interchange the concepts of authentication and authorization, OAuth specifically handles the challenge of user authorization of API access. The actual authentication of a user's credentials is delegated to the publisher site, i.e., Twitter, which your application intends to consume.
The Pitfalls of Basic Authentication
Your calls to the Twitter API requiring user credentials utilize Basic authentication, a convenient method of passing these credentials over the web to remote sites in an HttpWebRequest; this authentication scheme is painless to implement, but it has several serious flaws that you should consider.
User Credentials are Visible
In Chapter 1, you learned how to make authorized web requests using Basic authentication, and learned that the authentication pair ...
Get Professional Twitter® Development With Examples in .NET 3.5 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
