Twitter on Tuesday announced via its blog various changes aimed at allowing users finer-grained control over their accounts. To date, when another application (such as TweetBot, Twitterrific, or Echofon) or Web service (such as Favstar) requested access to your Twitter account, it was an all or nothing deal: Granting a third-party access to your Twitter account meant giving it not only the ability to read and post tweets on your behalf, but also full access to your direct message history. After Twitter implements the change it announced today, however, users will get the ability to specify whether they want to allow third-party apps to access that direct message history.
On Wednesday, the company clarified just how the new permission model will work. In an announcement to developers, Twitter declared that apps that don't need access to your direct messages won't need to change a thing. Apps that do depend upon offering access to those direct messages -- in effect, any full-featured Twitter client -- will need to update themselves to leverage Twitter's OAuth system.
[ Stay ahead of the key tech business news with InfoWorld's Today's Headlines: First Look newsletter. ]
A quick background: When you log into Twitter via a third-party app or service, that service needn't know or store your password. It can use one of two authorization mechanisms: xAuth, wherein the app gets your login credentials from you and sends them off to Twitter for verification, and oAuth, where the app actually sends you to Twitter to provide your username and password, and Twitter tells the app whether you've successfully logged in or not.
Most Web apps historically rely on oAuth; you're already using the Web, so sending you off to Twitter's site for a moment during the login process flows naturally. Most non-Web third-party apps -- iOS apps and Mac apps, for example -- prefer to go the xAuth route, which allows for a more seamless experience.
So what does this all mean? It means that unless Twitterrific and the rest issue updates to their apps by Twitter's deadline of "the end of this month," those apps will soon be unable to display or send your direct messages. That would obviously leave such third-party apps rather crippled; any user who relies on direct messages will instead be greeted by some unspecified error and/or blank direct messages list.
Thus, it's rather likely that we'll see a slew of third-party Twitter app updates in the next couple weeks. But in order for those apps to embrace Twitter's new permission model, they'll need to embrace oAuth. If you use third-party desktop or iOS apps that leverage Facebook's login credentialing system, you already have a sense of what this will look like.
When you log in to Facebook via a third party app, that app must briefly display an inline Web view of the Facebook login screen. If it's your first time logging in with that app, you're then asked to approve the specific Facebook permissions that app is requesting.