Sites around the web are getting splashed with a mysterious dialog Tuesday, thanks to a change in the way Twitter handles user authentication.
Some Wired.com website visitors see the dialog box shown here when visiting any of this site’s blogs. It states that a username and password are being requested by Twitter, with the unhelpful message, “Twitter API.” The same dialog has been spotted on ReadWriteWeb and even on Twitter’s own website.
In addition, users of some Twitter apps, including Twitter’s own Tweetie and BlackBerry apps, Tweetdeck and Twitterrific, have complained of Twitter login problems.
In the case of the website dialog, entering your username and password doesn’t do anything useful, and won’t make the dialog box go away. Indeed, it will often reappear several times during a session.
The cause of the trouble appears is a change in the way Twitter handles user authentication for remote sites and programs. As Wired reported yesterday, instead of giving a Facebook app your Twitter username and password, for instance, Twitter now requires the app use a protocol known as OAuth to hand you off to Twitter’s website. Once you’ve authorized Twitter to share your information with the other site or app, it hands a token back to that app, and the two can share information with each other.
The new, OAuth-based method is more secure and ultimately more reliable (for instance, you don’t have to update every Twitter app you use whenever you change your Twitter password).
However, now that Twitter has switched, programs and sites using the old authentication method are not working properly.
That includes websites using Twitter widgets with older code. These widgets, which embed the latest tweets from specific Twitter users, appear to rely on the old authentication method.
Don’t say we didn’t warn you. It’s not called the “OAuthcalypse” for nothing.
The solution, in almost every case, is simply to upgrade. If you have old widget code on your website, go to Twitter.com and get a new widget embed code. Similarly, if you’re using a Twitter app that’s having login problems, the solution is almost certainly to upgrade to the latest version. Twitterrific’s developers, for instance, have spent the day urging the app’s many users to upgrade. Developers have known about the authentication switch for months now, and most have been able to release updated versions of their software that works properly with the new OAuth system.