Personally I've found JavaScript based auth systems like Facebook Connect and Google Friend Connect to be very difficult to debug and use. I am also a lot more comfortable with PHP then JS.
As far as UX. Sign in with Twitter has the same flow as FBC and GFC. Click a link on your site, jump to provider to authorize, and return to consumer. Abraham On Thu, Jul 30, 2009 at 22:12, Jesse Stay <jesses...@gmail.com> wrote: > I understand the reasoning behind OAuth, and think it's a step in the right > direction, but, does Twitter have plans to improve and move to a better Auth > system than OAuth? With Facebook Connect I just have to click once, and if > the user is already logged in and approved my app, they never see the > Facebook login box again. Where as with Twitter there are 3 points of > potential failure every single time the user logs in. It's a Ux nightmare, > IMO. While it does solve a problem, I don't think OAuth is the end or ideal > solution. Are there plans to improve this process? > Jesse > > > On Wed, Jul 29, 2009 at 1:05 PM, Doug Williams <d...@twitter.com> wrote: > >> Well said, Duane. >> Thanks, >> Doug >> >> >> On Wed, Jul 29, 2009 at 7:18 AM, Duane Roelands <duane.roela...@gmail.com >> > wrote: >> >>> >>> First, let me state from the start that I am no fan of OAuth, >>> Twitter's implementation of it, or the way that they've behaved with >>> regard to it. Now, with all that being said. >>> >>> If your website expects me to hand over my Twitter password, I'm not >>> using your web site. Just yesterday, another scam site (TwitViewer) >>> managed to steal thousands of accounts, and convince other people to >>> hand over their information because it was posting tweets from the >>> stolen accounts. >>> >>> OAuth is not perfect, but it provides individual users and Twitter >>> with a way to identify bad actors and lock them out of the ecosystem. >>> >>> OAuth works. There are examples out there. There are developers who >>> are willing to help you. >>> >>> Implementing OAuth tells your customers that the security of their >>> account is important to you, and shutting down Basic Auth trains your >>> users to stop giving away their password. If your product has value, >>> and you clearly communicate what that value is, the users will use >>> OAuth. >>> >>> >>> >>> On Jul 29, 9:10 am, Dewald Pretorius <dpr...@gmail.com> wrote: >>> > It would not surprise me at all if using OAuth resulted in fewer >>> > signups. >>> > >>> > Potential technical advantages of OAuth aside, every additional click >>> > that you add in the conversion process adds an addition leakage point >>> > where some users can and will abandon the signup process. >>> >> >> > -- Abraham Williams | Community Evangelist | http://web608.org Hacker | http://abrah.am | http://twitter.com/abraham Project | http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private. Sent from Madison, Wisconsin, United States
