I think in the end any solution, to be the ideal solution, will need
multiple Auth access points for desktop vs. web.  OAuth itself also isn't an
ideal desktop solution due to its reliance on the web.  My suggestion
towards a Facebook-like solution was intended to be for web apps.  It's a
great solution for web apps, and very simple to implement.
Jesse

On Mon, Oct 12, 2009 at 2:00 PM, Duane Roelands <duane.roela...@gmail.com>wrote:

>
> Please do NOT adopt anything like the Facebook model.  Facebook
> authentication for desktop applications is a nightmare.  You have to
> programatically interact with the browser and it's an enormous hassle.
>
> I think that the OAuth flow for desktop applications is fine as-is.
> Mobile apps need some love, no question, but for desktop apps, I don't
> think anything is all that broken.
>
> On Oct 12, 3:38 pm, Isaiah <supp...@yourhead.com> wrote:
> > > 1. What can be improved about the web workflow?
> >
> > I'll leave this one for the web dudes.
> >
> > > 2. What can be improved about the desktop workflow?
> >
> > The UX:  it's currently very complicated for the user.  Much more more
> > complicated than basic auth.  Users are unaccustomed to it.  Novelty
> > isn't a bonus during authorization.
> >
> > The browser:  drop-kicking the user to another app seems egregious.
> > Make it so that this is unnecessary and the UX problem is nearly solved.
> >
> > The assumption:  there seems to be an assumption that twitter clients
> > are *not* trusted and the web browser *is* trusted.  But the reality
> > is that all of the phishing, scams, and untrusted things that I'm
> > bombarded with daily come in the browser.  Please help me to resolve
> > this paradox.
> >
> > > 3. What other models of distributed auth do you think we could learn
> > > from and what specifically about them?
> >
> > All of the clients for everything that needs authorization on my
> > desktop use a basic-auth-like model:  email, ftp, backup services,
> > picture sharing, blogging, well, you get the idea.  I'm not saying
> > it's right or wrong, but that is the way it is.
> > I want my app to be part of that ecosystem and not stand out like a
> > sore thumb.
> >
> > Make matching the user experience of other desktop apps your goal.  If
> > you can't achieve that goal, then maybe OAuth isn't ready for the
> > desktop.  Or perhaps it's more apt to say that the desktop is not
> > ready for OAuth.
> >
> > If you say, "it's really no big deal to add this one step," then
> > stop.  It **is** a big deal.  Every step added is **really** big
> > deal.  Really.
> >
> > > 4. What could we improve around the materials for integrating OAuth
> > > into your application?
> >
> > It's not all the complicated to implement.  There's a lot of open
> > source on web in a multitude of languages.
> > If you have manpower to throw around, please work on the UX first.  ;-)
> >
> > I'd be happy to contribute to any open source project that helps to
> > achieve this.  Count me in.
> >
> > Isaiah
>

Reply via email to