Loading Profile...
OAuth Support
Now that twitter has OAuth support I think tweetie should be using that instead of asking for a username and password. Its just a far greater user experience.
Especially if I, a designer, can get OAuth working in around an hour ;)
Especially if I, a designer, can get OAuth working in around an hour ;)
I’m frustrated
8
people like this idea
I like this idea!
Tell me when this idea gets some attention.
The more people who like this idea, the more it gets noticed.
The more people who like this idea, the more it gets noticed.
The company has not planned to implement this.
The best point from the company
-
3 people think
this is one of the best points
The best point from everyone
-
That post is in relation to the iPhone app, and this is something I understand (to a point, maybe flickr clients on the iPhone handle this UI quite well.)
However, on the desktop, the UI is much better:
1) open app.
2) click "authorize twitter" link
3) twitter opens in browser
4) click approve in new browser window
5) browser redirect back to the desktop app, which is now approved and working
3 people think
this is one of the best points
-
3 people think
this is one of the best points
2 Comments Add a comment
This is one of the best points
-
The Adium nightlies have twitter support and are using OAuth. The authentication process seemed relatively smooth to me. -
ooh, I hadn't played with that yet, it is nice :)
-
Inappropriate?That post is in relation to the iPhone app, and this is something I understand (to a point, maybe flickr clients on the iPhone handle this UI quite well.)
However, on the desktop, the UI is much better:
1) open app.
2) click "authorize twitter" link
3) twitter opens in browser
4) click approve in new browser window
5) browser redirect back to the desktop app, which is now approved and working
3 people think
this is one of the best points
-
Inappropriate?the other problem i've found with my app is that the twitter image sharing sites mostly don't support oauth yet.
even when they do, it seems that they might not support it in a way that works (ie, they may make it so that you have to get a token from twitter for regular posts and from the image sharing site for image posts).
3 Comments Add a comment
This is one of the best points
-
That's because oauth core currently only supports authorizing a single app to act on the behalf of the user - there has been, or is still, a discussion going on how to handle an authorized app to authorize another app. It's not an easy thing to do securely and while the current non-oauth way of sending the passwords around everywhere works - it's not really very optimal or secure.
-
ouch... that doesn't sound like this'll be solved any time soon and twitter is not allowing any new source id's for basic auth clients... apps that already have source id's in are fine, but new ones are out of luck.
-
Here's some related discussion - what you're talking about is called 4-legged oauth:
https://groups.google.com/group/oauth...
http://www.ietf.org/mail-archive/web/... -
Inappropriate?Here's one reason to use OAuth: if I change my password on Twitter.com (in my browser) Tweetie stops working. I suppose it could pop a dialog asking me to reauthenticate, but if it still had valid tokens, the app would continue to work. This goes for the iPhone app as well.
http://getsatisfaction.com/atebits/to...
2 people think
this is one of the best points
2 Comments Add a comment
This is one of the best points
-
or change your username!
No offense, but I don't understand why desktop app developers think they are so much more trustworthy than web app developers. I think OAuth is a good idea on the web, on the desktop, on the iphone.. everywhere! its better and safer for users. -
Indeed. Separating authentication from authorization is a big shift, and FWIW, I get @ashponders point that a desktop client can "get your password" if they want. But I think that's not the point. I think instead desktop app developers should think about taking as few permissions as possible to minimize risk and the potential to do damage... that is, if you're only going to read someone's stream, only ask for read privileges via the API. Otherwise, you become a target for potential abuse/malware.
EMPLOYEE
