On Feb 9, 2009, at 10:07 PM, atebits wrote:
> >> For an end user, OAuth is generally speaking much friendlier for >> pretty much >> every application type, iPhone, desktop, or web. > > From my chair, OAuth is a fantastic solution to authenticate *other > web apps*. OAuth anywhere else, desktop, iPhone, laundry machine, > makes me want to chip away a hole in my skull with a dull screwdriver, > jab a straw into my head, and drink my own brain matter. > > No, seriously. When I launch a desktop app, I want to type in my > username and password. That's it. If I launch a Twitter client on my > iPhone, I don't want to have to quit the frickin' app to authenticate > in Safari, then go *back* to the app when I'm done. Sure I could > bring up an embedded web view, but UIWebView is a flakey hunk of junk, > and it's no more secure than letting the user type the password into a > native field directly because I would *own the web view and can get at > any info the users types in anyway*. See the Darkslide iPhone app for a nice implementation of this. When you touch the log in button it opens mobile Safari where you log in and authorize the app. Mobile Safari then closes and you are taken back to Darkslide where you are now logged in. I have no idea how this is done from a programming perspective, however, from a user perspective it works well IMHO. > Hell, it's not even any more secure on the desktop... I just install a > key listener and wait for you to type in a password into your browser. > > Ok, I'm holding myself back from ranting. I guess my point is this: > OAuth sucks hardcore for everything except other web apps. > > Oh, and Twitter guys: I can't thank you guys enough for keeping around > basic auth. Thank you thank you thank you. -- Chris Scott http://iamzed.com/ http://hailtheale.com/
