On Wednesday, the company clarified just how the new permission model will work. In an , Twitter declared that apps that don't need access to your direct messages won't need to change a thing. Apps that do depend upon offering access to those direct messages--in effect, any full-featured Twitter client----will need to update themselves to leverage Twitter's OAuth system.
A quick background: When you log into Twitter via a third-party app or service, that service needn't know or store your password. It can use one of two authorization mechanisms: xAuth, wherein the app gets your login credentials from you and sends them off to Twitter for verification, and oAuth, where the app actually sends you to Twitter to provide your username and password, and Twitter tells the app whether you've successfully logged in or not.
Most Web apps historically rely on oAuth; you're already using the Web, so sending you off to Twitter's site for a moment during the login process flows naturally. Most non-Web third-party apps--iOS apps and Mac apps, for example--prefer to go the xAuth route, which allows for a more seamless experience.
So what does this all mean? It means that unless Twitterrific and the rest issue updates to their apps by Twitter's deadline of "the end of this month," those apps will soon be unable to display or send your direct messages. That would obviously leave such third-party apps rather crippled; any user who relies on direct messages will instead be greeted by some unspecified error and/or blank direct messages list.
Thus, it's rather likely that we'll see a slew of third-party Twitter app updates in the next couple weeks. But in order for those apps to embrace , they'll need to embrace oAuth. If you use third-party desktop or iOS apps that leverage Facebook's login credentialing system, you already have a sense of what this will look like.