I originally felt the same as many people contributing to this thread do. Essentially, OAuth 1.0a is harder than it should be. Here’s a recent article that made me rethink this:
OAuth 2.0 and the Road to Hell: http://hueniverse.com/2012/07/oauth-2-0-and-the-road-to-hell/
I’ve seen a few blog posts, besides this one, indicating that there are a lot of problems with OAuth 2.0. Dealing with crippling differences in implementation essentially mean that there is no true standard. There are other issues, but changing standards and inconsistent implementations concern me.
If Twitter were to implement this, there would be many problems. i.e. where do they draw a line on a continuously changing standard? What do they do when the standard changes and they become non-standard and developers can’t use a standard library for their API? If they adopt a moving standard and then change to be compliant, who gets blamed for all the broken code? I could go on, but I’m still thinking - Is this a case of “Be careful what you ask for?”.
Joe
