Funny, I posted about our high success rate (95% of all users) with
OAuth.

I'm trying to get a feel for if we're fortunate, have a good flow or
everyone has the same rates.
http://groups.google.com/group/twitter-development-talk/browse_thread/thread/da46cd261fa13bca?hl=en

On Jul 28, 2:13 pm, Amitab <hiamita...@gmail.com> wrote:
> As a developer who has recent launched Twaller (http://www.twaller.com) which 
> supports OAuth, I think I should share my
> perspective on this.
>
> I really loved OAuth because:
>
> (1) Ease of coding. I could get OAuth working within a couple of days.
> Saves me any password maintenance, encryption etc.
> (2) Integration with Twitter Branding. With the OAuth scheme, I
> believe my website is more integrated with Twitter. It would also be
> nicer if Twitter would maintain their own list of websites they trust
> with Oauth, just to give users the added confidence that Twitter
> trusts me.
> (3) Saves me worrying about SSL. A lot of people are finicky about
> HTTPS/SSL. This was I can just ytell them that if Twitter wants Oauth
> that way in future, we will simple provide it.
>
> The part I hate about OAuth is that the OAUth page is extremely slow
> to load and sometimes does not load at all. I see this issue with the
> Twitter website in general as well, sometime postst from the web just
> don't go through. I would much appreciate if people at Twitter can
> address scalability problems to OAUTH, because that I believe is the
> biggest user turnoff.
>
> On Jul 28, 1:11 pm, JDG <ghil...@gmail.com> wrote:
>
> > It's only a scare if the development community neglects or refuses to
> > educate the populace at large that only Twitter really needs your password,
> > so why give it to anyone else?
>
> > On Tue, Jul 28, 2009 at 13:27, jahbini <jahb...@celarien.com> wrote:
>
> > > Sorry about your Oauth Implementation, Mine's been working steadily
> > > with no hiccups: Lot's of very solid implementations out there.
>
> > > As far as the user sign-up problem, Yeah, I agree, It's a bit of a
> > > scare for the user to have to connect to an off-site twitter authority
> > > page -- But that's what Facebook, paypal and all the big boys are
> > > pushing toward.
>
> > > As Robert Palmer once said: "Your gonna have to face it, your addicted
> > > to passwords".
>
> > > Jim
>
> > > On Jul 28, 1:27 am, chinaski007 <chinaski...@gmail.com> wrote:
> > > > Let's be honest...
>
> > > > The end-result for third-party developers using OAuth appears to be
> > > > fewer sign-ups, less reliability, more complexity, and potentially
> > > > less security.
>
> > > > Google Optimizer reveals that users are more likely to sign-up for
> > > > Basic Auth than OAuth.  That's just fact.  Test it for yourself to
> > > > confirm.
>
> > > > I suppose this is not so weird.  Users are accustomed to giving user/
> > > > pass information even to "foreign" apps.  It is far more disruptive
> > > > and invasive for them to go to some bizarre Twitter screen asking them
> > > > to "approve an app".  To the average user, what does that mean?  (And,
> > > > heck, it may even require more steps if they have to login again to
> > > > Twitter.)
>
> > > > In terms of reliability, Twitter OAuth was down for days several weeks
> > > > ago.  Tonight yet another unannounced change occurred that broke major
> > > > code libraries.  Meanwhile, Basic Auth has been plugging along just
> > > > fine and dandy...
>
> > > > So what IS the benefit of OAuth?
>
> > > > It doesn't benefit developers as you will likely get more sign-ups
> > > > with Basic Auth and Basic Auth is far, far easier to setup.  Sure,
> > > > OAuth might satisfy some power users hungry for security...
>
> > > > But is OAuth even more secure than Basic Auth?
>
> > > > Perhaps not.  After all, tonight's fix was for an OAuth security flaw
> > > > known for at least 10+ days (judging by tweets to @twitterapi) that
> > > > allowed for potential impersonations of credentialed users.
>
> > > > On the heels of Twitter's (unofficial) assurance of better
> > > > communication with developers, this sort of unannounced change is
> > > > distressing.  What's next?  (Have Labor Day Weekend plans?  You might
> > > > want to cancel those... just the right time for Twitter to make an
> > > > unannounced API change!)
>
> > > > As for us, we are in the strange position of deprecating OAuth in
> > > > favor of Basic Auth.
>
> > > > Weird, eh??
>
> > > > Okay, we are not totally deprecating OAuth, but we are advising users
> > > > that Basic Auth is far more robust and reliable.
>
> > > > And so our message to new developers: avoid OAuth like the plague.  If
> > > > you must, offer it.  But let Basic Auth be your backbone: more
> > > > reliable, more sign-ups, simpler, and probably just as secure.  (Just
> > > > look at Google Code bug reports about OAuth to get a sense of
> > > > reliablity.)
>
> > > > (Okay, okay, this post was written at 4am after a workday that started
> > > > at 8am, and after Twitter introduced this new change at 5pm... (hey
> > > > Twitter, can you introduce major new changes EARLIER in the day so we
> > > > can react!?!?)... it still doesn't excuse Twitter's continued
> > > > disregard for the small-to-medium size developer.)
>
> > --
> > Internets. Serious business.

Reply via email to