Tweeting with only twitter credentials


I understand that the entire idea of Oauth is so that you do not send your password over the wire. What if I had an app that was used by several individual clients who wanted to post some information to twitter. Would they have to go into developers site and create new key per client? Shouldn’t there be an easier way to just hit an endpoint with username, password and the tweet message?

Are there any known workarounds?


You would create a single application. Then each of the users you’d want to tweet on behalf of would sign in to that application, granting it an access token for each user. You then use the appropriate access token to create the tweets.

The “easier way” is insecure and requires the application to know privileged information, like a user’s password.