668
edits
Changes
→Twitter
=== Twitter ===
Twitter runs an OAuth 1.0a service, with tokens that can either read or read-and-write. OAuth 2.0 support is not available at this time.
Twitter is particularly concerned about attackers using OAuth to bypass Twitter rate limits on API calls. Specifically, since rate limits are per-user-per-OAuth-app, leaking the consumer secret means an attacker can use it to increase his number of calls. To our knowledge, this concern is unique to Twitter.
=== Google ===
