For me, the biggest pain with Oauth is when the redirection to Twitter gives a "Twitter is busy, too many people are tweeting" response. For websites/ applications that are pretty small, each person who is willing to try out is immensely valuable. I hate it when I loose that person (probably permanently) just because twitter couldn't support the log in process.
I saw this happening a lot of times today morning. It is a problem that keeps recurring. This is what I would want to improve in OAuth: 1) Get the login process working 99.999% time. I can cache the remaining things but ic annot cache the login process. 2) Please integrate the OAuth authntication with my branding. At the moment it is just the logo. I would like to have the whole background be of my branding. /Amitabh Follow Twaller.com @mytwaller On Oct 12, 1:20 pm, Abraham Williams <[email protected]> wrote: > A number of older threads for > reference:http://groups.google.com/group/twitter-development-talk/browse_thread...http://groups.google.com/group/twitter-development-talk/browse_thread...http://groups.google.com/group/twitter-development-talk/browse_thread... > <http://groups.google.com/group/twitter-development-talk/browse_thread...>http://groups.google.com/group/twitter-development-talk/browse_thread...http://groups.google.com/group/twitter-development-talk/browse_thread... > <http://groups.google.com/group/twitter-development-talk/browse_thread...> > > On Mon, Oct 12, 2009 at 15:00, Duane Roelands <[email protected]>wrote: > > > > > > > Please do NOT adopt anything like the Facebook model. Facebook > > authentication for desktop applications is a nightmare. You have to > > programatically interact with the browser and it's an enormous hassle. > > > I think that the OAuth flow for desktop applications is fine as-is. > > Mobile apps need some love, no question, but for desktop apps, I don't > > think anything is all that broken. > > > On Oct 12, 3:38 pm, Isaiah <[email protected]> wrote: > > > > 1. What can be improved about the web workflow? > > > > I'll leave this one for the web dudes. > > > > > 2. What can be improved about the desktop workflow? > > > > The UX: it's currently very complicated for the user. Much more more > > > complicated than basic auth. Users are unaccustomed to it. Novelty > > > isn't a bonus during authorization. > > > > The browser: drop-kicking the user to another app seems egregious. > > > Make it so that this is unnecessary and the UX problem is nearly solved. > > > > The assumption: there seems to be an assumption that twitter clients > > > are *not* trusted and the web browser *is* trusted. But the reality > > > is that all of the phishing, scams, and untrusted things that I'm > > > bombarded with daily come in the browser. Please help me to resolve > > > this paradox. > > > > > 3. What other models of distributed auth do you think we could learn > > > > from and what specifically about them? > > > > All of the clients for everything that needs authorization on my > > > desktop use a basic-auth-like model: email, ftp, backup services, > > > picture sharing, blogging, well, you get the idea. I'm not saying > > > it's right or wrong, but that is the way it is. > > > I want my app to be part of that ecosystem and not stand out like a > > > sore thumb. > > > > Make matching the user experience of other desktop apps your goal. If > > > you can't achieve that goal, then maybe OAuth isn't ready for the > > > desktop. Or perhaps it's more apt to say that the desktop is not > > > ready for OAuth. > > > > If you say, "it's really no big deal to add this one step," then > > > stop. It **is** a big deal. Every step added is **really** big > > > deal. Really. > > > > > 4. What could we improve around the materials for integrating OAuth > > > > into your application? > > > > It's not all the complicated to implement. There's a lot of open > > > source on web in a multitude of languages. > > > If you have manpower to throw around, please work on the UX first. ;-) > > > > I'd be happy to contribute to any open source project that helps to > > > achieve this. Count me in. > > > > Isaiah > > -- > Abraham Williams | Community Evangelist |http://web608.org > Hacker > |http://abrah.am|http://twitter.com/abrahamhttp://web608.org/geeks/abraham/blogs/2009/10/03/win-google-wave-invite > This email is: [ ] blogable [x] ask first [ ] private.
