Marking as “closed” as we are unable to invest in fully migrating to OAuth 2.0 at this time.
An error occurred while saving the commentYuri Schimke commented
With ubiquitious HTTPS, the signing features of Oauth1 seem minimally useful. For developers on blessed platforms able to use TOO APIs, it doesn't matter as it's taken care of.
But overall Oauth2 just makes things simpler for everyone, both internal twitter API developers and especially for anyone implementing authentication for 3rd party clients.
But more than that, Oauth2 (or OIDC etc) is just how the world of APIs works externally. The expectation of every developer on the web is now that they can easily prototype some code by getting a temporary Bearer token and sending any sort of request to the API.
It must be a handbrake on interesting integrations for Twitter.
I've implemented Oauth for a large number of services, and Twitter stood out as the only really painful one https://github.com/yschimke/okurl/tree/master/src/main/kotlin/com/baulsupp/okurl/services/