Funny, I posted about our high success rate (95% of all users) with
I'm trying to get a feel for if we're fortunate, have a good flow or
everyone has the same rates.
On Jul 28, 2:13 pm, Amitab <hiamita...@gmail.com> wrote:
> As a developer who has recent launched Twaller (http://www.twaller.com) which
> supports OAuth, I think I should share my
> perspective on this.
> I really loved OAuth because:
> (1) Ease of coding. I could get OAuth working within a couple of days.
> Saves me any password maintenance, encryption etc.
> (2) Integration with Twitter Branding. With the OAuth scheme, I
> believe my website is more integrated with Twitter. It would also be
> nicer if Twitter would maintain their own list of websites they trust
> with Oauth, just to give users the added confidence that Twitter
> trusts me.
> (3) Saves me worrying about SSL. A lot of people are finicky about
> HTTPS/SSL. This was I can just ytell them that if Twitter wants Oauth
> that way in future, we will simple provide it.
> The part I hate about OAuth is that the OAUth page is extremely slow
> to load and sometimes does not load at all. I see this issue with the
> Twitter website in general as well, sometime postst from the web just
> don't go through. I would much appreciate if people at Twitter can
> address scalability problems to OAUTH, because that I believe is the
> biggest user turnoff.
> On Jul 28, 1:11 pm, JDG <ghil...@gmail.com> wrote:
> > It's only a scare if the development community neglects or refuses to
> > educate the populace at large that only Twitter really needs your password,
> > so why give it to anyone else?
> > On Tue, Jul 28, 2009 at 13:27, jahbini <jahb...@celarien.com> wrote:
> > > Sorry about your Oauth Implementation, Mine's been working steadily
> > > with no hiccups: Lot's of very solid implementations out there.
> > > As far as the user sign-up problem, Yeah, I agree, It's a bit of a
> > > scare for the user to have to connect to an off-site twitter authority
> > > page -- But that's what Facebook, paypal and all the big boys are
> > > pushing toward.
> > > As Robert Palmer once said: "Your gonna have to face it, your addicted
> > > to passwords".
> > > Jim
> > > On Jul 28, 1:27 am, chinaski007 <chinaski...@gmail.com> wrote:
> > > > Let's be honest...
> > > > The end-result for third-party developers using OAuth appears to be
> > > > fewer sign-ups, less reliability, more complexity, and potentially
> > > > less security.
> > > > Google Optimizer reveals that users are more likely to sign-up for
> > > > Basic Auth than OAuth. That's just fact. Test it for yourself to
> > > > confirm.
> > > > I suppose this is not so weird. Users are accustomed to giving user/
> > > > pass information even to "foreign" apps. It is far more disruptive
> > > > and invasive for them to go to some bizarre Twitter screen asking them
> > > > to "approve an app". To the average user, what does that mean? (And,
> > > > heck, it may even require more steps if they have to login again to
> > > > Twitter.)
> > > > In terms of reliability, Twitter OAuth was down for days several weeks
> > > > ago. Tonight yet another unannounced change occurred that broke major
> > > > code libraries. Meanwhile, Basic Auth has been plugging along just
> > > > fine and dandy...
> > > > So what IS the benefit of OAuth?
> > > > It doesn't benefit developers as you will likely get more sign-ups
> > > > with Basic Auth and Basic Auth is far, far easier to setup. Sure,
> > > > OAuth might satisfy some power users hungry for security...
> > > > But is OAuth even more secure than Basic Auth?
> > > > Perhaps not. After all, tonight's fix was for an OAuth security flaw
> > > > known for at least 10+ days (judging by tweets to @twitterapi) that
> > > > allowed for potential impersonations of credentialed users.
> > > > On the heels of Twitter's (unofficial) assurance of better
> > > > communication with developers, this sort of unannounced change is
> > > > distressing. What's next? (Have Labor Day Weekend plans? You might
> > > > want to cancel those... just the right time for Twitter to make an
> > > > unannounced API change!)
> > > > As for us, we are in the strange position of deprecating OAuth in
> > > > favor of Basic Auth.
> > > > Weird, eh??
> > > > Okay, we are not totally deprecating OAuth, but we are advising users
> > > > that Basic Auth is far more robust and reliable.
> > > > And so our message to new developers: avoid OAuth like the plague. If
> > > > you must, offer it. But let Basic Auth be your backbone: more
> > > > reliable, more sign-ups, simpler, and probably just as secure. (Just
> > > > look at Google Code bug reports about OAuth to get a sense of
> > > > reliablity.)
> > > > (Okay, okay, this post was written at 4am after a workday that started
> > > > at 8am, and after Twitter introduced this new change at 5pm... (hey
> > > > Twitter, can you introduce major new changes EARLIER in the day so we
> > > > can react!?!?)... it still doesn't excuse Twitter's continued
> > > > disregard for the small-to-medium size developer.)
> > --
> > Internets. Serious business.