Compromising Twitter’s OAuth security system – " What it comes down to is that OAuth 1.0a is a horrible solution to a very difficult problem. It works acceptably well for server-to-server authentication, but there are far too many unresolved issues in the current specification for it to be used as-is on a widespread basis for desktop applications. It's simply not mature enough yet." This is pretty much what I found implementing OAuth for Yahoo! in Yummy.