A number of older threads for reference: http://groups.google.com/group/twitter-development-talk/browse_thread/thread/5994f3237bbb6876/ http://groups.google.com/group/twitter-development-talk/browse_thread/thread/85dbaef35d68fc9e/ http://groups.google.com/group/twitter-development-talk/browse_thread/thread/629b03475a3d78a1/ <http://groups.google.com/group/twitter-development-talk/browse_thread/thread/629b03475a3d78a1/> http://groups.google.com/group/twitter-development-talk/browse_thread/thread/8bb09eb7b045b4d8/ http://groups.google.com/group/twitter-development-talk/browse_thread/thread/d50090ad677bdb52/ <http://groups.google.com/group/twitter-development-talk/browse_thread/thread/8bb09eb7b045b4d8/>
On Mon, Oct 12, 2009 at 15:00, Duane Roelands <duane.roela...@gmail.com>wrote: > > Please do NOT adopt anything like the Facebook model. Facebook > authentication for desktop applications is a nightmare. You have to > programatically interact with the browser and it's an enormous hassle. > > I think that the OAuth flow for desktop applications is fine as-is. > Mobile apps need some love, no question, but for desktop apps, I don't > think anything is all that broken. > > On Oct 12, 3:38 pm, Isaiah <supp...@yourhead.com> wrote: > > > 1. What can be improved about the web workflow? > > > > I'll leave this one for the web dudes. > > > > > 2. What can be improved about the desktop workflow? > > > > The UX: it's currently very complicated for the user. Much more more > > complicated than basic auth. Users are unaccustomed to it. Novelty > > isn't a bonus during authorization. > > > > The browser: drop-kicking the user to another app seems egregious. > > Make it so that this is unnecessary and the UX problem is nearly solved. > > > > The assumption: there seems to be an assumption that twitter clients > > are *not* trusted and the web browser *is* trusted. But the reality > > is that all of the phishing, scams, and untrusted things that I'm > > bombarded with daily come in the browser. Please help me to resolve > > this paradox. > > > > > 3. What other models of distributed auth do you think we could learn > > > from and what specifically about them? > > > > All of the clients for everything that needs authorization on my > > desktop use a basic-auth-like model: email, ftp, backup services, > > picture sharing, blogging, well, you get the idea. I'm not saying > > it's right or wrong, but that is the way it is. > > I want my app to be part of that ecosystem and not stand out like a > > sore thumb. > > > > Make matching the user experience of other desktop apps your goal. If > > you can't achieve that goal, then maybe OAuth isn't ready for the > > desktop. Or perhaps it's more apt to say that the desktop is not > > ready for OAuth. > > > > If you say, "it's really no big deal to add this one step," then > > stop. It **is** a big deal. Every step added is **really** big > > deal. Really. > > > > > 4. What could we improve around the materials for integrating OAuth > > > into your application? > > > > It's not all the complicated to implement. There's a lot of open > > source on web in a multitude of languages. > > If you have manpower to throw around, please work on the UX first. ;-) > > > > I'd be happy to contribute to any open source project that helps to > > achieve this. Count me in. > > > > Isaiah > -- Abraham Williams | Community Evangelist | http://web608.org Hacker | http://abrah.am | http://twitter.com/abraham http://web608.org/geeks/abraham/blogs/2009/10/03/win-google-wave-invite This email is: [ ] blogable [x] ask first [ ] private.