Alice wants to use Bob's website to send her tweets to Twitter. Bob sets up with Twitter to get his Consumer Key and Consumer Secret. This uniquely identifies
SuperCoolSiteOfBobas a Twitter client. Alice goes to Bob's site and starts to connect. This means a jump to Twitter to allow/deny
SuperCoolSiteOfBobto do what it needs to to Alice's Twitter feed, in the form of giving Bob an Access Token and Secret to Alice's account. Alice can check her settings and see
SuperCoolSiteOfBoband all the other folks she let have access to her Twitter account, and Twitter can decide that
SuperCoolSiteOfBobis doing the wrong thing and block it. All without giving out the main keys to the city, Alice's Twitter password.
This is a good thing.
If anyone asks you for your login and password, who isn't the one and only service you're trying to access, while you're trying to access, treat them like they are trying to bankrupt you, take all your belongings, sell your children into slavery and do donuts in the Payless parking lot until your tires burst and your rims spark. Go to a site and have it say It will be much cooler if you could talk to all your friends, so give us your Gmail login and password and we'll see if they're already on and I read it as saying I'd like to f*** your wife or something even more offensive. Here's a several-year-old discussion of the problem and why OAuth is needed.
Let's sidestep for a moment. There's DVDs. There's basic encryption so not just anybody can play (meaning rip) DVDs. Yet, you want people to play (meaning watch) DVDs, and here, yes, you want just anybody to do so. Children watching Spongebob Squarepants. The elderly watching I Love Lucy. The stoned watching Spongebob Squarepants. Just put the disc in and go. So, everybody needed the key, but you needed to hide the key. And, people wanted the key so they can rip DVDs. And they got it.
Now, let's switch from
SuperCoolAppOfBob. This is running on Alice's desktop or her phone. Or, Marcia's. (I mentally think of Alice and Bob as Alice the house keeper and Bobby of the Brady Bunch. Eve the eavesdropper is of course Eve Plumb, who played Jan. I once made mugshot-looking images with the protect-the-innocent black bars across their eyes.) Marcia can easily do what they did to DVDs to Bob's app and come up with a Twitter-bashing tool that claims to be Bob's app, eventually forcing Twitter to disavow and denounce Bob, meaning that Alice has to download another app to do her tweeting. Which is bad.
I do have a thought here. Bob as developer needs to have a Consumer Key and Secret (from here on out referred to as Consumer Key) in order to test and know his code works. Bob as website needs the key and can keep it secure. Bob as software vendor doesn't need to distribute his Consumer Key with his software, as long as Alice can easily get one from Twitter, and the process is not too hard. Why don't we go with this?