Funny, I posted about our high success rate (95% of all users) with OAuth.
I'm trying to get a feel for if we're fortunate, have a good flow or everyone has the same rates. http://groups.google.com/group/twitter-development-talk/browse_thread/thread/da46cd261fa13bca?hl=en On Jul 28, 2:13 pm, Amitab <[email protected]> wrote: > As a developer who has recent launched Twaller (http://www.twaller.com) which > supports OAuth, I think I should share my > perspective on this. > > I really loved OAuth because: > > (1) Ease of coding. I could get OAuth working within a couple of days. > Saves me any password maintenance, encryption etc. > (2) Integration with Twitter Branding. With the OAuth scheme, I > believe my website is more integrated with Twitter. It would also be > nicer if Twitter would maintain their own list of websites they trust > with Oauth, just to give users the added confidence that Twitter > trusts me. > (3) Saves me worrying about SSL. A lot of people are finicky about > HTTPS/SSL. This was I can just ytell them that if Twitter wants Oauth > that way in future, we will simple provide it. > > The part I hate about OAuth is that the OAUth page is extremely slow > to load and sometimes does not load at all. I see this issue with the > Twitter website in general as well, sometime postst from the web just > don't go through. I would much appreciate if people at Twitter can > address scalability problems to OAUTH, because that I believe is the > biggest user turnoff. > > On Jul 28, 1:11 pm, JDG <[email protected]> wrote: > > > It's only a scare if the development community neglects or refuses to > > educate the populace at large that only Twitter really needs your password, > > so why give it to anyone else? > > > On Tue, Jul 28, 2009 at 13:27, jahbini <[email protected]> wrote: > > > > Sorry about your Oauth Implementation, Mine's been working steadily > > > with no hiccups: Lot's of very solid implementations out there. > > > > As far as the user sign-up problem, Yeah, I agree, It's a bit of a > > > scare for the user to have to connect to an off-site twitter authority > > > page -- But that's what Facebook, paypal and all the big boys are > > > pushing toward. > > > > As Robert Palmer once said: "Your gonna have to face it, your addicted > > > to passwords". > > > > Jim > > > > On Jul 28, 1:27 am, chinaski007 <[email protected]> wrote: > > > > Let's be honest... > > > > > The end-result for third-party developers using OAuth appears to be > > > > fewer sign-ups, less reliability, more complexity, and potentially > > > > less security. > > > > > Google Optimizer reveals that users are more likely to sign-up for > > > > Basic Auth than OAuth. That's just fact. Test it for yourself to > > > > confirm. > > > > > I suppose this is not so weird. Users are accustomed to giving user/ > > > > pass information even to "foreign" apps. It is far more disruptive > > > > and invasive for them to go to some bizarre Twitter screen asking them > > > > to "approve an app". To the average user, what does that mean? (And, > > > > heck, it may even require more steps if they have to login again to > > > > Twitter.) > > > > > In terms of reliability, Twitter OAuth was down for days several weeks > > > > ago. Tonight yet another unannounced change occurred that broke major > > > > code libraries. Meanwhile, Basic Auth has been plugging along just > > > > fine and dandy... > > > > > So what IS the benefit of OAuth? > > > > > It doesn't benefit developers as you will likely get more sign-ups > > > > with Basic Auth and Basic Auth is far, far easier to setup. Sure, > > > > OAuth might satisfy some power users hungry for security... > > > > > But is OAuth even more secure than Basic Auth? > > > > > Perhaps not. After all, tonight's fix was for an OAuth security flaw > > > > known for at least 10+ days (judging by tweets to @twitterapi) that > > > > allowed for potential impersonations of credentialed users. > > > > > On the heels of Twitter's (unofficial) assurance of better > > > > communication with developers, this sort of unannounced change is > > > > distressing. What's next? (Have Labor Day Weekend plans? You might > > > > want to cancel those... just the right time for Twitter to make an > > > > unannounced API change!) > > > > > As for us, we are in the strange position of deprecating OAuth in > > > > favor of Basic Auth. > > > > > Weird, eh?? > > > > > Okay, we are not totally deprecating OAuth, but we are advising users > > > > that Basic Auth is far more robust and reliable. > > > > > And so our message to new developers: avoid OAuth like the plague. If > > > > you must, offer it. But let Basic Auth be your backbone: more > > > > reliable, more sign-ups, simpler, and probably just as secure. (Just > > > > look at Google Code bug reports about OAuth to get a sense of > > > > reliablity.) > > > > > (Okay, okay, this post was written at 4am after a workday that started > > > > at 8am, and after Twitter introduced this new change at 5pm... (hey > > > > Twitter, can you introduce major new changes EARLIER in the day so we > > > > can react!?!?)... it still doesn't excuse Twitter's continued > > > > disregard for the small-to-medium size developer.) > > > -- > > Internets. Serious business.
