With OAuth 1.0A, you sign the URL to access protected resources. Even though there is already OAuth 2.0, there are companies, many of which are financial institutions, that still intentionally use OAuth 1.0A. In the case of Twitter, using OAuth 1.0A, you can allow apps to access user's private information and act on behalf of the user. Using OAuth 2.0, Twitter only allows apps to read publicly available information.