Tom, OAuth definitely sells itself as more than just a non-password-based authorization protocol. Just as important as not sharing the user's password is the value/usefullness of the information being accessed to service consumers. Look at where OAuth 2.0 is headed with the inclusion of scope parameters in the standard. Even the "hello world" use case of OAuth is a user granting consent to a printing application to access "their photos" on another website. As a user who setup my own account on twitter I should be allowed to selectively share pieces of MY user profile with other apps. Facebook obviously get this, and while I am sure the folks at Twitter do too, they have chosen not to provide this function. That is is an unnecessary inhibitor, not a selling point of the site. I am not suggesting it should be in the default scope, but it should be requestable via a scope parameter in the redirect-for-authorization step, and if granted should be in the returned data.
I have developed implementations of OpenID, OAuth and Infocard from the ground up, so know precisely what the capabilities are. OpenID doesn't offer any more or less in the way of attribute sharing than OAuth - it's what the deployers of the technologies choose to expose from their databases that makes the difference. I'm suggesting Twitter should let users decide what to share, not always hide what many consider to be the single most useful attribute of a user's profile. On Sep 9, 1:12 am, Tom van der Woerdt <i...@tvdw.eu> wrote: > I disagree - the idea behind OAuth is to provide access to information > on a server without the need for sending usernames/passwords. Nothing > more than that. ;-) > > You may like OpenID though. > > Tom > > On 9/8/10 3:01 PM, shanew wrote: > > > > > Thanks for the reply Ken. I understand all you have said, but the real > > power of protocols like OAuth is user consent of their own attribute > > data. My entire goal is to *avoid* having to ask a user to re-enter > > their emal address. In this particular use case "minimally invasive" > > is eqivalent to "minimally useful". > > > On Sep 7, 7:58 pm, Ken <k...@cimas.ch> wrote: > >> Twitter has distinguished itself as a "minimally invasive" social > >> network. The API gives you the ability to replicate and build on the > >> communication model appreciated by Twitter users. > > >> It's about brevity, it's lightweight and of course you can reach your > >> followers inbox by direct messaging, if the user accepts email > >> notifications. > > >> Meanwhile, verify_credentials gives you what you need to set up their > >> account and log them in when they return. If you need a user's email > >> address, just ask them for it. > > >> Ken- Hide quoted text - > > - Show quoted text - -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en