Great article on OAuth and how Twitter does it “wrong”

Earlier today, passed on by Mikkel on Twitter is an excellent article on OAuth.  Mikkel has created an abstracted view part for use in his TwitNotes that does the OAuth work for you.  As Mikkel outlines, he has gone through the same struggles as Ryan did in his article on Ars.  Even though the article has some great visual graphics, don’t think its not comprehensive.  The article goes deeply into the problem at hand and even offers some suggestions how Twitter could change its OAuth flow like LinkedIn and Google.

Even in the context of server-to-server authentication, OAuth should be viewed as a necessary evil rather than a good idea. It should be approached with extreme trepidation and the high level of caution that is warranted by such a convoluted and incomplete standard. Careless adoption can lead to serious problems, like the issues caused by Twitter’s extremely poor implementation.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s