Repent now all ye practitioners of Basic Authentication. Your days are numbered. On June 30th, Twitter will be turning off Basic Authentication in the Twitter API — the OAuthcalypse!
What does this mean? Well, some apps are going to break. And some, like TweetList, won't. Since it launched, TweetList has taken advantage of Twitter's xAuth authentication method. No matter what version you're running, your normal Twitter experience won't be affected.
It's the other guys we're concerned with though — particularly the photo services that various apps use to store the photos you take and post to Twitter. Right now, most require that an app sends your Twitter username and password to them every time a photo is uploaded; that's how Basic Authentication works. Fortunately, Twitter has proposed something called OAuth Echo that avoids sharing your password. @raffi, a member of the Twitter API team, calls it delegation in identify verification. Catchy.
When Twitter turns off Basic Authentication, attempting to upload a photo to a provider who hasn't implemented OAuth will fail. It's definitely in their best interests to make sure this doesn't happen, but as of this writing, not many have. And things are getting a bit too close for comfort given the lead time we need for application approval through Apple. So we will be proactively switching over to TwitPic with the next release of TweetList (version 1.3.0 a.k.a. "Broadway").
We chose TwitPic (name recognition aside) because they are one of the only providers that reliably supports OAuth Echo right now. Here is how it will work: instead of passing a username and password, we'll be giving TwitPic an authorization code/header that will allow TwitPic's servers to verify your identity with Twitter on behalf of TweetList. If your identity checks out as it should, the upload will proceed as normal. This won't give TwitPic (or anyone else) permission to read your timeline or post tweets, it just allows TwitPic to confirm that TweetList has permission to do so.
And yes, we plan to add support for other Twitter photo/video upload providers once they support OAuth Echo.
Crisis narrowly averted! Or was it? (NSFW)