Hello again,
We've discussed OpenID but adding it is not something we can do
in the near-term. With OAuth just out the door we felt like this was a
better user experience than have to continually re-display the Accept/
Deny dialog. I'm looking into a few issues raised in this thread that
may change how the API works slightly. Let me repeat that on a line
all it's own so people see it:
WERP WERP WERP. Change alert! Danger! Danger, Will Robinson.
I am reviewing this discussion and based on the security/
usability feedback I may need to change how this new method works. In
the case of security it may be a change that breaks the current
behavior and may be done with very little notice. I encourage people
to try out the new system but keep it beta until I can confirm we're
not going to have to alter it significantly.
Thanks;
— Matt
On Apr 16, 2009, at 12:51 PM, Allen Tom wrote:
On Apr 16, 9:52 am, Doug Williams <d...@twitter.com> wrote:
Matt has deployed our answer for one click login. It requires only
a small
change to the normal Twitter OAuth workflow and is documented here:
http://apiwiki.twitter.com/Sign-in-with-Twitter
This is the perfect tool for web applications wanting to offer
users the
ability to sign in with a Twitter account and a single mouse click.
We want
to see it in the wild so please let us know if you roll this out in
your
application.
Hi Doug,
Signing into websites using your Twitter account is an awesome idea,
Twitter accounts would make fantastic portable identities that can be
used to sign into 3rd party sites. Most sites using using Facebook
Connect or OpenID really just want your profile, follower graph, and
the ability to receive viral referral traffic by writing to your
activity stream.
OAuth is great for 3rd party applications that are built on top of
Twitter, however, I'm not sure if it's appropriate to use OAuth token
for Signing In to a website, because it allows that site to spam your
followers by tweeting on your behalf. Using OpenID is safer for Sign-
in, because OpenID would allow Twitter users to verify their Twitter
identity, and share their Twitter Profile and Follower Graph (by
scraping the microformats on the Twitter Profile Page), without having
to authorize access to their Twitter account. If Twitter users sign in
with OpenID, 3rd party sites could still generate viral referral
traffic by giving users a UI to preview and approve the tweet, by
opening a modal dialog or popup that reuses the user's twitter browser
session to tweet.
Allen