1. What can be improved about the web workflow?
I'll leave this one for the web dudes.

2. What can be improved about the desktop workflow?

The UX: it's currently very complicated for the user. Much more more complicated than basic auth. Users are unaccustomed to it. Novelty isn't a bonus during authorization.

The browser: drop-kicking the user to another app seems egregious. Make it so that this is unnecessary and the UX problem is nearly solved.

The assumption: there seems to be an assumption that twitter clients are *not* trusted and the web browser *is* trusted. But the reality is that all of the phishing, scams, and untrusted things that I'm bombarded with daily come in the browser. Please help me to resolve this paradox.

3. What other models of distributed auth do you think we could learn
from and what specifically about them?

All of the clients for everything that needs authorization on my desktop use a basic-auth-like model: email, ftp, backup services, picture sharing, blogging, well, you get the idea. I'm not saying it's right or wrong, but that is the way it is. I want my app to be part of that ecosystem and not stand out like a sore thumb.

Make matching the user experience of other desktop apps your goal. If you can't achieve that goal, then maybe OAuth isn't ready for the desktop. Or perhaps it's more apt to say that the desktop is not ready for OAuth.

If you say, "it's really no big deal to add this one step," then stop. It **is** a big deal. Every step added is **really** big deal. Really.

4. What could we improve around the materials for integrating OAuth
into your application?

It's not all the complicated to implement. There's a lot of open source on web in a multitude of languages.
If you have manpower to throw around, please work on the UX first.  ;-)

I'd be happy to contribute to any open source project that helps to achieve this. Count me in.


Reply via email to