Chris, If I understand you correctly, you're saying one should login for the user in the OAuth process? Wouldn't that involve scraping the Twitter web interface? Or am I outside the ballpark with my understanding?
Dewald On Aug 6, 10:36 am, Chris Babcock <cbabc...@kolonelpanic.com> wrote: > On Thu, 6 Aug 2009 05:09:48 -0700 (PDT) > > > > Dewald Pretorius <dpr...@gmail.com> wrote: > > Amen to that. > > > When one does customer support for long enough, you quickly realize > > that: > > > a) People do not read instructions, and > > > b) Many people are not as computer literate as you'd wish them to be. > > > If you send people all over the place, many go, "WTF," and abandon the > > process out of fear or ignorance. > > > With Basic Auth the process is very simple. Enter the username and > > password on your site, and click the save button. It shouldn't be any > > more involved or complicated with OAuth. > > The problem with Basic Auth is that it doesn't know the difference > between Authentication and Authorization. It's an oversimplification. > The only way to do something *for* someone is to *be* that someone as > far as the target system is concerned. A system that is as smart as it > needs to be is going to be a little more complicated and involved than > that. > > You can still do a little animated "authorize this" screen just like > Facebook with OAuth. Just set up a gateway on your server and Ajax the > whole work flow through the gateway. There's no need to complicate the > UX. The complications can go in the back end so that you can get your > authenticalization in one click. > > Chris Babcock > > signature.asc > < 1KViewDownload