You can do a lot with new software if you tell it a little bit about yourself - but who wants to give the new kid on the block the password to their most important communication tools?
Unfortunately that's what we're asked to do with a lot of new applications these days. It doesn't have to be that way, though.
Standards based user authentication protocols, and one called OAuth in particular, allow applications to send you back to home base with a request for permission to access your data - whether that's your email contacts, your Twitter account or other information. Today we learned that Firefox is probably going to implement OAuth inside the browser itself and Twitter is getting ready to implement it for sure. That's very good news.
Senior Software Engineer at Twitter Britt Selvitelle said today in a conversation for developers working with Firefox that Twitter "will be using OAuth as our primary form of token auth."
That's fantastic news for a few reasons. Twitter is a very important communication tool for many people, the service's Application Programming Interface (API) has allowed a huge ecosystem of interfaces and applications to flourish around it...and yet today all of those 3rd party apps have to ask for your Twitter password in order for you to use them. It's been an awful lot of risk for users to take and we're really surprised that no one has yet ripped Twitter passwords from unsuspecting users and then unleashed a wave of valid looking spam.
Finally, it appears, Twitter will soon implement a secure way for you to give 3rd parties access to parts of your account without giving them a copy of the key to walk in the front door any time they like.
The conversation today took place in the context of a question from Matthew "lilmatt" Willis, a Flock employee and longtime contributor to Mozilla. Willis wants to know if the Firefox developer community would like OAuth built into Firefox and if so how. He points out that much of the work has already been done, if not multiple times.
We're not entirely sure what this would look like, but we are intrigued. Browser-based authentication for data mashups sounds great. Browser plug-ins that securely access your various accounts without asking you for your passwords sound great too.
As of this afternoon there's a developer preview of a browser-based OpenID implementation for Firefox (thanks Vidoop!) so we hope that an OAuth implementation for Firefox could be a complimentary project.
Google adopted OAuth for all the Google Data APIs this summer, so there's really no reason why 3rd party apps should ask you for any Google passwords ever again.
This is all very good news for everyone. Secure user authentication equals greater user trust, which equals developer access to more user data. More developer access to user data equals more innovation. More innovation makes us happy (we love this stuff) and, co-incidentally, leads to more user data. Data portability is good for everyone. Bring it on, Twitter and Firefox!
Comments
Subscribe to comments for this post OR Subscribe to comments for all Read/WriteWeb posts
oh, you rock, Marshall...
cheers,
Graeme
www.doapps.com
Posted by: GraemeThickins
|
August 6, 2008 5:11 PM
Agreed! I'm getting goosebumps...more innovation is what we need to move closer to developing a seamless net.
Posted by: NewWebPlatform | August 6, 2008 6:16 PM
I'd love to see this implemented on http://freemyfeed.com/
I want to use the service, but I don't want to input my password.
Posted by: Chris Pollock | August 6, 2008 7:44 PM
Is there a way to extract usernames when granting access with oAuth, for example using gAPI? I mean, getting a single token (and no more info) for each user maybe is less than what you need to create a new user for your web service, implementing the more than interesting oAuth.
And these are great news, indeed :)
Posted by: george tziralis | August 7, 2008 1:46 AM
OAuth for twitter will be very much appreciated, and glad to see the comment by Britt. Unfortunately, OAuth is still "low" priority" on their list of things to do. So, it could be a long time before we see it. I encourage people to go vote (to vote, just click the star) for this issue on Twitter's issue tracker:
http://code.google.com/p/twitter-api/issues/detail?id=2
Hopefully we can stir more votes and raise the priority and speed up the schedule for implementing.
Posted by: Ryan Williams | August 7, 2008 10:10 AM
OAuth integrated into the browser would be awesome. However, my immediate concern is security. How will Firefox prevent an attack against the browser credential store?
Posted by: khurt.myopenid.com
|
August 7, 2008 12:05 PM
This is a very good development on twitter. That would really make the process faster. Thanks for the info. Busby Seo Challenge
Posted by: Busby | August 26, 2008 10:10 AM