Please do NOT adopt anything like the Facebook model. Facebook authentication for desktop applications is a nightmare. You have to programatically interact with the browser and it's an enormous hassle.
I think that the OAuth flow for desktop applications is fine as-is. Mobile apps need some love, no question, but for desktop apps, I don't think anything is all that broken. On Oct 12, 3:38 pm, Isaiah <[email protected]> wrote: > > 1. What can be improved about the web workflow? > > I'll leave this one for the web dudes. > > > 2. What can be improved about the desktop workflow? > > The UX: it's currently very complicated for the user. Much more more > complicated than basic auth. Users are unaccustomed to it. Novelty > isn't a bonus during authorization. > > The browser: drop-kicking the user to another app seems egregious. > Make it so that this is unnecessary and the UX problem is nearly solved. > > The assumption: there seems to be an assumption that twitter clients > are *not* trusted and the web browser *is* trusted. But the reality > is that all of the phishing, scams, and untrusted things that I'm > bombarded with daily come in the browser. Please help me to resolve > this paradox. > > > 3. What other models of distributed auth do you think we could learn > > from and what specifically about them? > > All of the clients for everything that needs authorization on my > desktop use a basic-auth-like model: email, ftp, backup services, > picture sharing, blogging, well, you get the idea. I'm not saying > it's right or wrong, but that is the way it is. > I want my app to be part of that ecosystem and not stand out like a > sore thumb. > > Make matching the user experience of other desktop apps your goal. If > you can't achieve that goal, then maybe OAuth isn't ready for the > desktop. Or perhaps it's more apt to say that the desktop is not > ready for OAuth. > > If you say, "it's really no big deal to add this one step," then > stop. It **is** a big deal. Every step added is **really** big > deal. Really. > > > 4. What could we improve around the materials for integrating OAuth > > into your application? > > It's not all the complicated to implement. There's a lot of open > source on web in a multitude of languages. > If you have manpower to throw around, please work on the UX first. ;-) > > I'd be happy to contribute to any open source project that helps to > achieve this. Count me in. > > Isaiah
