Please do NOT adopt anything like the Facebook model.  Facebook
authentication for desktop applications is a nightmare.  You have to
programatically interact with the browser and it's an enormous hassle.

I think that the OAuth flow for desktop applications is fine as-is.
Mobile apps need some love, no question, but for desktop apps, I don't
think anything is all that broken.

On Oct 12, 3:38 pm, Isaiah <supp...@yourhead.com> wrote:
> > 1. What can be improved about the web workflow?
>
> I'll leave this one for the web dudes.
>
> > 2. What can be improved about the desktop workflow?
>
> The UX:  it's currently very complicated for the user.  Much more more  
> complicated than basic auth.  Users are unaccustomed to it.  Novelty  
> isn't a bonus during authorization.
>
> The browser:  drop-kicking the user to another app seems egregious.  
> Make it so that this is unnecessary and the UX problem is nearly solved.
>
> The assumption:  there seems to be an assumption that twitter clients  
> are *not* trusted and the web browser *is* trusted.  But the reality  
> is that all of the phishing, scams, and untrusted things that I'm  
> bombarded with daily come in the browser.  Please help me to resolve  
> this paradox.
>
> > 3. What other models of distributed auth do you think we could learn
> > from and what specifically about them?
>
> All of the clients for everything that needs authorization on my  
> desktop use a basic-auth-like model:  email, ftp, backup services,  
> picture sharing, blogging, well, you get the idea.  I'm not saying  
> it's right or wrong, but that is the way it is.
> I want my app to be part of that ecosystem and not stand out like a  
> sore thumb.
>
> Make matching the user experience of other desktop apps your goal.  If  
> you can't achieve that goal, then maybe OAuth isn't ready for the  
> desktop.  Or perhaps it's more apt to say that the desktop is not  
> ready for OAuth.
>
> If you say, "it's really no big deal to add this one step," then  
> stop.  It **is** a big deal.  Every step added is **really** big  
> deal.  Really.
>
> > 4. What could we improve around the materials for integrating OAuth
> > into your application?
>
> It's not all the complicated to implement.  There's a lot of open  
> source on web in a multitude of languages.
> If you have manpower to throw around, please work on the UX first.  ;-)
>
> I'd be happy to contribute to any open source project that helps to  
> achieve this.  Count me in.
>
> Isaiah

Reply via email to