I hadn't thought about it this way before but Twitter, and APIs in general, adoption of OAuth helped kill the App ecosystem since all apps authenticated via the user's credentials instead of an API that could be revoked.

The open web is dead, long live the open web. ⌐◨-◨

Building /warpcast and /farcaster

— gabrielayuso.com

OAuth on Twitter and in general means access is secured both by app credentials and user crededentials, not just user credentials.

Any of these can be revoked by the following:

1 User revokes app permisions
2 User gets suspended
3 Owner of protocol (eg. Twitter) revokes app credentials
4 App owner resets credentials (Not applicable on all OAuth providers)

So a lot of ways to lose access.