On 02/22/2013 06:33 PM, Brian Wolff wrote:
Which coincides to several bots/tools and would
generally be quite useful.
Quite honestly having bots make edits directly on someones behalf using
their account sounds scary.
For autonomous bots, yes (they should keep using their own accounts).
But for tools, it's common on other sites already, and makes sense here.
Instead of the API requiring a user password and an elaborate token
mechanism, it could just use OAuth.
If an OAuth app misbehaves, a user can revoke it, or (in severe cases)
it can be globally denied OAuth access.
Matt Flaschen