On Mon, Oct 12, 2009 at 2:53 PM, Jesse Stay <jesses...@gmail.com> wrote:
> On Mon, Oct 12, 2009 at 11:01 AM, Ryan Sarver <rsar...@twitter.com> wrote:
>> 1. What can be improved about the web workflow?
>> 2. What can be improved about the desktop workflow?
>> 3. What other models of distributed auth do you think we could learn
>> from and what specifically about them?
>> 4. What could we improve around the materials for integrating OAuth
>> into your application?
> This is a given coming from me (I wrote O'Reilly's FBML Essentials), but I
> strongly recommend looking at the way Facebook is doing it with Facebook
> Connect - if you're logged into Facebook and have authorized the app, no
> further auth is necessary - you click the "Connect with Facebook" button,
> Facebook tells your app it's already authorized (without sending the user
> through the authentication or authorization process again), and you can then
> give the user a session in your app. It's a simple one-click workflow that
> only turns into a more-than-one-click workflow when absolutely necessary.

Twitter already has something similar (one-click login):

Some devs like this for the simplicity, some don't because it will
automatically use the "already logged in account" w/o giving the
option to use another account. Whereas most facebook users probably
have only one account, I would guess that a larger percentage of
Twitter users (while still a small percentage) are managing multiple


> I also like that their authorization process naturally provides a popup
> instead of forcing the app to completely redirect to another site to
> authorize.  True, you can do this on your own through a window.open() call
> of some sort with Twitter, but with Facebook, they provide all the code that
> does this process automatically.  No worry about backend code or anything
> else on your part.  It's very simple to implement (to the extent they've
> even built a Wizard to give you the code you need to copy and paste on your
> website).
> That's just my $.02.  Maybe Twitter can try to work with Facebook (gasp!) to
> try and come up with an open protocol of some sort that standardizes this
> type of authorization effort.  Let me know if I can help any in moving
> towards this type of authorization flow - it's a much simpler process IMO.
> (not to mention it opens up even greater possibilities in a desktop or
> mobile environment as well)
> Jesse

Reply via email to