A number of older threads for reference:
On Mon, Oct 12, 2009 at 15:00, Duane Roelands <duane.roela...@gmail.com>wrote:
> Please do NOT adopt anything like the Facebook model. Facebook
> authentication for desktop applications is a nightmare. You have to
> programatically interact with the browser and it's an enormous hassle.
> I think that the OAuth flow for desktop applications is fine as-is.
> Mobile apps need some love, no question, but for desktop apps, I don't
> think anything is all that broken.
> On Oct 12, 3:38 pm, Isaiah <supp...@yourhead.com> wrote:
> > > 1. What can be improved about the web workflow?
> > I'll leave this one for the web dudes.
> > > 2. What can be improved about the desktop workflow?
> > The UX: it's currently very complicated for the user. Much more more
> > complicated than basic auth. Users are unaccustomed to it. Novelty
> > isn't a bonus during authorization.
> > The browser: drop-kicking the user to another app seems egregious.
> > Make it so that this is unnecessary and the UX problem is nearly solved.
> > The assumption: there seems to be an assumption that twitter clients
> > are *not* trusted and the web browser *is* trusted. But the reality
> > is that all of the phishing, scams, and untrusted things that I'm
> > bombarded with daily come in the browser. Please help me to resolve
> > this paradox.
> > > 3. What other models of distributed auth do you think we could learn
> > > from and what specifically about them?
> > All of the clients for everything that needs authorization on my
> > desktop use a basic-auth-like model: email, ftp, backup services,
> > picture sharing, blogging, well, you get the idea. I'm not saying
> > it's right or wrong, but that is the way it is.
> > I want my app to be part of that ecosystem and not stand out like a
> > sore thumb.
> > Make matching the user experience of other desktop apps your goal. If
> > you can't achieve that goal, then maybe OAuth isn't ready for the
> > desktop. Or perhaps it's more apt to say that the desktop is not
> > ready for OAuth.
> > If you say, "it's really no big deal to add this one step," then
> > stop. It **is** a big deal. Every step added is **really** big
> > deal. Really.
> > > 4. What could we improve around the materials for integrating OAuth
> > > into your application?
> > It's not all the complicated to implement. There's a lot of open
> > source on web in a multitude of languages.
> > If you have manpower to throw around, please work on the UX first. ;-)
> > I'd be happy to contribute to any open source project that helps to
> > achieve this. Count me in.
> > Isaiah
Abraham Williams | Community Evangelist | http://web608.org
Hacker | http://abrah.am | http://twitter.com/abraham
This email is: [ ] blogable [x] ask first [ ] private.