Twitter API lead Alex Payne announced today that Twitter is now accepting applications to its OAuth private beta, making good on the promises he made on the Twitter API mailing list and had repeated on the January 8 Citizen Garden podcast (transcript by stilist).
It’s worth pointing out that this has been a long time coming and is welcome news, especially following Alex’s announcement to limit Twitter API requests to 20000/hr per IP.
But it’s important to keep in mind that, in light of the recent security breaches, OAuth in and of itself does not, and will not, prevent phishing.
It does, however, provide a way for Twitter to better track the use of its API, and to enable higher quality of service for trusted (paying?) applications and to surface them through a Facebook-like application directory. It also means that Twitter users will have finer grained control over which applications have ongoing access to their accounts — and will be able to disable applications without changing their password.
I’m on the beta list, so I’m looking forward to seeing what their current UI looks like — and what lessons we can extract for other services going from zero OAuth to a completeld delegated authentication model.
Factory Joe 
It’s worth point that applications for the private beta are already closed – in under two hours – due to the immense response from the API developer community. Very promising!
Yeah, it is promising that they appear to have had such a large response, I just hope I don’t miss out. I didn’t find out until it was already “closed” because on this side of the world I was enjoying my Saturday morning sleep in. Hopefully if I’ve missed out on the private beta, the public one won’t be far behind, because I’d really love to be able to add OAuth to Hahlo 4
Yes, I didn’t sign up for it because I didn’t think I’d have a use for it. I really contemplated before signing up, because I knew slots would be limited.
I feel for the new developers, or those who are working on small projects, forced out by people who only want to fart around with it and not actually utilize the service. I’m hoping BrightKite made it in, but since I didn’t see them tweeting to that effect, I’m guessing not. Sad!
BrightKite and anyone else who runs an existing, widely-used Twitter app or site can email us at any time to get into the beta. The value of getting these apps switched over to OAuth is high, and we’re not gonna be sticklers about it 🙂
Alex (won’t read this): A friend of mine, @soldoutactivist, can’t get in now because he’s a small developer and didn’t find out within the first 2 hours. People who don’t develop, like @factoryjoe, got in. That’s interesting!
Alex, I’ve emailed you. We’d love to get this in asap.
Best,
Martin
brightkite.com
It’s about freaking time!!!
That’s indeed great news and the huge respond as well. I also wanted to note that of course OAuth does not directly prevent phishing it stop the bad educating of people that giving out your password to other services is an OK thing to do. Of course it is not and might make it easier for phishers.
Unfortunately though too much of this bad idea is already in people’s heads and it might be hard to get it out there again but nevertheless having OAuth now is better than nothing.
Which I now would wish for is that Twitter would remove that password antipattern page from the Find people tab and replace it with calls to some contacts API using OAuth or at least a similar mechanism. This of course also goes for other sites (among which also was Plaxo at least when I last checked which very much surprised me).