2009/9/30 Allen Tom <[email protected]>: > > Using OAuth with browserless devices is challenging, and perhaps it's > more realistic to provide an API that allows the device to exchange the > username/password for a scoped credential (Access Token). After > obtaining the Access Token, the well behaved device should discard the > password, and only store the Access Token persistently.
I generally agree with everything Allen's said, but I do want to push back here --- I'd love to see some data on adoption of the Flickr iPhone app; it does the "right" thing security-wise and does not ask for a username / password, even though it's the native Flickr app running on a highly controlled platform (and therefore presumably quite trustworthy). It redirects to Yahoo!'s login page (which admittedly could be more optimized for mobile browsers), and I get to see my sign in badge and everything. There aren't *any* comments about it being hard to use or confusing, and in fact the people I've spoken to about it didn't even notice that anything had happened (techies and non-techies alike, spoken to after they'd installed and configured the app). http://search.twitter.com/search?q=flickr+iphone+app+hard The only comment I can find at all is actually an interaction designer praising how good the experience was, and how more apps should follow the flow: http://www.tuaw.com/2009/09/08/yahoo-a-first-look-at-the-official-flickr-iphone-app/2#comments With respect to mobile devices without good browsers, all I can say is "seriously?" --- No one uses internet apps on those devices, precisely because the usability of those devices is complete and utter trash. Why are we trying to make usability better for fundamentally non-usable devices? Let's stop. b. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
