Yesterday Twitter announced some changes to their authentication and permissions process. On the face of it the changes are actually a good thing, but unfortunately it will require some action by user’s of 3rd Party Twitter Clients.
For sometime now Twitter has offered 3rd Party Clients two ways of authenticating your details against their system.
The first way is called xAuth which just requires you to enter your user name and password into the app and in return we do some magic in the background to exchange that for unique tokens which in turn logs you in, but the app doesn’t keep your password.
The second way is called OAuth. OAuth requires you to visit Twitter’s web site in a web browser, which shows you a list of permissions the app will have to your account and then you’ll be redirected back to your app.
Whilst xAuth is a much neater and elegant system we’ve never been happy with it as it still requires you entering your password to a client who you are simply trusting not to abuse it.
In Mid June, Twitter are going to now require apps that wish to have access to a user’s Direct Messages to firstly use the OAuth process only and secondly re-authenticate users.
How this affects Tweetings
With regards to requiring OAuth only, if you are using Tweetings for iPhone, iPad and Chrome then we don’t need to make any code changes at all as we already use OAuth authentication.
Tweetings for Mac does use xAuth and will require us to push an update to the Mac App Store before the mid-June deadline so that you can keep access to your Direct Messages.
The good news is that we are in final testing of migrating Tweetings for Mac from xAuth to OAuth and we should be good to go soon.
The second part of the changes is where you come in. Unfortunately because of the permission changes Twitter is making, they are requiring all apps that need Direct Message access to re-authenticate all users. We can’t do this ourselves.
This requires you to re-login all of your accounts between now and the mid-June deadline in order to keep your Direct Messages and Direct Message push notifications.
What happens if I don’t re-login?
From our understanding pretty much everything will work just fine EXCEPT you won’t be able to make use of Direct Messages until you do relogin.
How do I do this in Tweetings
Tweetings for iPhone and iPad
- If you have more than one account then this is pretty straight forward. Simply go to the accounts screen (by tapping your screen name at the top of the main timeline).
- Swipe to delete an account you aren’t currently logged into
- Tap ‘Add Account’ and re-log back into that same account
- Switch to that account and then do the same for the next account
If you only have one account you have two options
- You’ll either have to delete Tweetings and re-install it from the App Store. Don’t worry this is free because you’ve already purchased it before.
- You can alternatively create a temporary second account on Twitter so that you can delete your primary account without deleting the app.
Note: if you try to authenticate two accounts quickly after one another, when presented with the login page on Twitter’s website you may still be logged into the last account. Tap your icon at the top right of the screen and then logout.
Tweetings for Chrome
- Tap the logout X button at the top right of the popup window
- Then tap the Tweetings icon and re-login again
Tweetings for Mac
- Do not perform the delete/relogin process unless you have the forthcoming version 2.0.4 from the Mac App Store
- If you have 2.0.4 then go to the ‘Tweetings’ menu at the top left of the main menu bar
- Select ‘Accounts’
- Delete any accounts you wish to by selecting them and pressing the ‘-‘ button
- Click the ‘+’ button and a window will open and authenticates you with Twitter over OAuth
tl;dr if you don’t re-log in to your accounts in Tweetings before mid-June you’ll loose access to Direct Messages and Direct Message push notifications
Update: Tweetings for Mac 2.0.4 is now available from the Mac App Store with oAuth authentication.
Update 2: Twitter’s cut off for moving to oAuth is now the end of June