Just wanted to second Sebastian's POV here. UserExperience is a key revenue driver for us, and OAuth for native mobile apps is really painful for the user.
On Jun 19, 5:41 am, Sebastian <[email protected]> wrote: > Thanks for the pointer... I did some searches, but they were all > focused on mobile clients. > > In my case, I'm not worried about the complexity of implementing > OAuth. I can deal with that, and once it's done, it's gone from the > picture. It's the user experience that worries me, as exposed on that > thread by the TTYtter example. > > "Well, since people are asking, the workflow doesn't significantly > differ > from other OAuth applications and depends on the fact that access > tokens > don't expire. When people start TTYtter up for the first time without > an > access token (or TTYtter tries the access token and it fails), it asks > for > the usual request token, prints the access URL with the request token > it > wants the user to authorize, and waits for the user to authorize. > Twitter, > presumably, will say, "ok, tell your program to continue." Back on > TTYtter's > side, the user hits ENTER, and TTYtter exchanges its request token for > an > access token *and caches it* once it has verified it can successfully > hit > the user timeline for data. So far, this is not significantly > different than > any other OAuth app. " > > Is there any other way to do OAuth and at the same time, behave like a > sensible application? > > Could Twitter implement a basic auth api call to perform the oauth > authorization in the first place? Such a call would only be allowed > from clients that prove they need it, and could be revoked for rogue > clients. I know this lowers the security of OAuth, but it only > officializes a hack many apps will try to implement. > > On Jun 19, 12:39 am, Cameron Kaiser <[email protected]> wrote: > > > > > > Or is the door for basic auth really closing forever? > > > This has been discussed in a number of threads and an exact determination > > has not yet been made. However, this might give you some context: > > >http://groups.google.com/group/twitter-development-talk/browse_thread... > > > -- > > ------------------------------------ > > personal:http://www.cameronkaiser.com/-- > > Cameron Kaiser * Floodgap Systems *www.floodgap.com*[email protected] > > -- The cost of living has not adversely affected its popularity. > > --------------- Hide quoted text - > > - Show quoted text -
