Ryan Sarver wrote:
> 1. What can be improved about the web workflow?
* On many mobile platforms--even some of the newest ones--copy & paste is
unavailable, and/or users simply do not know how to do it.
* A 7-digit PIN is too long for most users to remember long enough to switch
apps and type it in. I tested 10 people when there was a 6-digit PIN and 6
of them could not remember the PIN long enough to type it in. Only 2 of 10
people tried to write the PIN down before closing the browser the first
time. That means they had to repeat the authorization process. 3 of the 10
people gave up and handed the phone back to me before completing the OAuth
* *All* the users I tested described the OAuth-related parts as the worst
part of my app.
* It is very tempting to embed a browser control into the app and then use
that browser control to allow the user to do the OAuth flow, because often
it isn't easy for users to switch between the standalone web browser and the
Twitter app. However, any app that does this can act as a keylogger and grab
the user's username and password. So, OAuth isn't adding significant
security in this situation.
* OAuth doesn't work well when the user has multiple devices running the
same Twitter client. For example, Nokia smartphone owners often have
multiple Nokia smartphones (often a "work phone" and a "play phone"). If
they install the app on two phones, then whenever they log in on one phone,
they get logged off of the other phone. This wouldn't be so bad, but see
above: these users then have to go through the most-hated part of the
experience all over again. The only way I have found to overcome this:
create a bunch of different "apps," one for each model Nokia releases. But,
this is a poor solution because (a) all apps have to have a unique name, and
(b) I read here that Twitter may limit the number of apps that a developer
can register. Note that the people who review mobile twitter apps are the
ones most likely to have this problem, which sucks, because usually we want
to optimize their experience so they write good reviews. Ideally, there
would be a way for a single app to have multiple tokens at once.
Please feel free to contact me directly if you want any more detailed