On 02/22/2013 06:33 PM, Brian Wolff wrote:
Which coincides to several bots/tools and would generally be quite useful. Quite honestly having bots make edits directly on someones behalf using their account sounds scary.
For autonomous bots, yes (they should keep using their own accounts). But for tools, it's common on other sites already, and makes sense here. Instead of the API requiring a user password and an elaborate token mechanism, it could just use OAuth.
If an OAuth app misbehaves, a user can revoke it, or (in severe cases) it can be globally denied OAuth access.
Matt Flaschen