If I understand you correctly, you're saying one should login for the
user in the OAuth process? Wouldn't that involve scraping the Twitter
web interface? Or am I outside the ballpark with my understanding?


On Aug 6, 10:36 am, Chris Babcock <> wrote:
> On Thu, 6 Aug 2009 05:09:48 -0700 (PDT)
> Dewald Pretorius <> wrote:
> > Amen to that.
> > When one does customer support for long enough, you quickly realize
> > that:
> > a) People do not read instructions, and
> > b) Many people are not as computer literate as you'd wish them to be.
> > If you send people all over the place, many go, "WTF," and abandon the
> > process out of fear or ignorance.
> > With Basic Auth the process is very simple. Enter the username and
> > password on your site, and click the save button. It shouldn't be any
> > more involved or complicated with OAuth.
> The problem with Basic Auth is that it doesn't know the difference
> between Authentication and Authorization. It's an oversimplification.
> The only way to do something *for* someone is to *be* that someone as
> far as the target system is concerned. A system that is as smart as it
> needs to be is going to be a little more complicated and involved than
> that.
> You can still do a little animated "authorize this" screen just like
> Facebook with OAuth. Just set up a gateway on your server and Ajax the
> whole work flow through the gateway. There's no need to complicate the
> UX. The complications can go in the back end so that you can get your
> authenticalization in one click.
> Chris Babcock
>  signature.asc
> < 1KViewDownload

Reply via email to