Twitter Temporarily Disables OAuth for Security Reasons

    April 22, 2009
    Chris Crum

Twitter recently released a product called "Sign in with Twitter," which is basically the social network’s answer to Facebook Connect, Google Friend Connect, etc.

It’s based on OAuth, but there’s a security problem with OAuth. In fact, Twitter and Yahoo have both disabled OAuth support temporarily. Biz Stone talks a little bit about it on the official Twitter Blog:

Biz StoneThis week, we received word from the folks at OAuth that they were looking closely at a security issue within the protocol. We take security seriously and felt the responsible thing to do was temporarily disable OAuth while this matter was sorted out. Yahoo and others made similar decisions. The developers working on Twitter projects that are in our beta test group felt this disruption the hardest and their patience is extremely appreciated.

It’s important to us that we support the ecosystem and developers that have grown around Twitter. Communication is a big part of this support but so is moving quickly and responsibly when security is involved. As we move further away from beta testing, Twitter’s OAuth support will grow more dependable and many of us will be able to take advantage of applications that incorporate the protocol.

Other Twitter-related Apps like We Follow and TipJoy take advantage of OAuth, and developers are eagerly awaiting support to be continued. Twitter says they are in close contact with the consortium of engineers who define OAuth. They’re expecting the service to return as early as today.