Notes from a wireframe world

A couple of days ago I wrote about how many mobile and desktop application could fail in June. Well twitter have offered a helping hand to many developers. oAuth from a username/password combination.

So how does it work? [The technical bit]

Normally with oAuth the application generators a unique URL from its security tokens, opens a new browser window and asks the user to login, when the user does twitter then redirects back to the site that made the request, and posts a secure token set that, with applications tokens authenticate both the user and the application.

With mobile and desktop applications the process a little different, the application doesn’t have a website to authenticate back to, so it supply the user with a PIN code, that then is user to generate the secure codes within the application.

This doesn’t provide the best in the way of user experience and has been a thorn in the side of many application developers for a long time. Thankfully now you don’t need to, you can just supply the username and password with the oAuth request.

When this request is sent some additional headers are sent

The x_auth_mode, x_auth_username and x_auth_password are new, and if the whole this is sent via SSL, the PIN code is returned to the application directly. No Browser input.

Thanks to @abraham via his blog for the images.

Posted via email from scottherbert’s posterous

Facebook’s six years old yesterday, and how do they celebrate? With Jelly and cake? No by annoying me!

No may I add with the re-design. It’s their site they can do with it as they wish, but the fact that this will lead a raft of new invites asking me to join the “we don’t like the new facebook, we want the old one back” well you won’t get it, and even if you can find a million people who agree with you that will still only be 1/400^th of facebooks membership, so they won’t care if you leave.

Posted via email from scottherbert’s posterous

Meany of the most popular twitter application, including almost all desktop and mobile applications could stop working in June.

Back in December Ryan Sarver (Twitters Director of Platform ) took the stage at the Le Web conference in France, and announced that come June twitter would stop supporting basic authorization for third party applications (such as Hootsuite or TwetterDeck).

Basic authorization is the method where you submit your username and password directly to the application.

Twitter wants developers to use what is called OAuth to provide authorization. OAuth, is where twitter opens in a new window and asks you to authorize an application, then either returns you to the web site, or provides you with a PIN number if you are authorizing a mobile or desktop application.

However few if any applications have moved to OAuth, HootSuite for example have been “almost ready” for over a year.

However if the rumours floating around Twitters development forum are anything to go by twitter could be planning something that would make makers of mobile and desktop applications react quicker.

According the rumours twitter is planning to kill off the source tag (the part that says send from [MyApp] ) for non-oAuth applications shortly after the Chirp conference in April and then ban all non-oAuth application in June.

This is likely to force developers into action because the Source tag is a great way of promoting your application, to throes who follow, throes who use your application.

Also it would change such applications to say “send via API”, which some other applications take to imply the account is used by spammers.

I feel I must declare an interest here, I’m currently writing a desktop twitter client which uses oAuth to validate users. I believe TwitterBrite not only fills a gap in the market (being the desktop equivalent of Hootsuite) but also since it uses oAuth not Basic authorization, it’s not only more secure but come April, it won’t make you look like a spammer.

Posted via email from scottherbert’s posterous