OAuth vs. The End User

I just submitted a patch to fix Jaiku's OAuth implementation for accessing web applications. 99% of the code was there so submitting the patch appears to have been a simple task. Hopefully it gets merged into the trunk soon so I can keep working on my integration with ScreamIt!

OAuth has certain advantages over other public authentication schemes.

1. Never gives requesting sites your password.
2. Revoking a token for an application means not having to change your passwords all over the Internet.
3. Token is passed as a url parameter > no firewall concerns
   

The detriments of the scheme, in my opinion, are passed onto the user. If not implemented correctly it can cause massive confusion. Even implemented as intended it has the potential to still confuse some users. Here's a typical authentication request work flow:

1. Click a link that navigates away from site A to authenticating site B.
2. Log into site B.
3. Authorize site A to use data from site B.
4. Site B redirects back to site A...hopefully (kicks Jaiku).

If setup properly it can be pretty seamless and it only needs to be done one time. Unless site B decides to expire the access token.

What I really struggle with is the end users reaction. I had a conversation today about doors that have handles on them but still require you to push for entry. Even though there is a sign on the door that says push, I still see the handle and pull every time. Is this process too confusing and drawn out? Users are used to filling out forms and clicking next -> next -> done to complete tasks. If I have to put up descriptive text to help the user through the authentication process I've failed.

Facebook has done a good job of implementing a similar closed authentication scheme. I've been very surprised by the amount of social sites that use it. Twitter is reportedly going to introduce OAuth support soon too. I'm hoping wide spread adoption will lower the learning curve and better OAuth workflow design will follow.

Twitter Bitter

Twitter rubs me the wrong way for different reasons. Let me explain.

I can't deny the social web is an outlet now for commercialization, much like TV has been. The parallels are simple. You pay for TV and you pay for the internet. Both are channels of distribution for content. Networks produce television content and then recoup their revenue in the form of advertisements. Most websites aim to do the same thing. Obviously these similarities have been over simplified, but the modal has worked for sites like Digg, Facebook, and Google.

Twitter retains and displays 140 characters of text and allows users to follow one another. The hype machine has exploded around them in 2008 and the momentum is continuing to build in 2009. Politicians, athletes, celebrities, and students thrown in jail in Egypt all use Twitter now. Twitter has gone above and beyond what I thought it was capable of.

Now we are in a recession. We look at bankers and brokers and shake our collective heads. Irresponsible lending got us into our current situation. So it astounds me when a site like Twitter can raise millions in capital not once, but twice. As of today Twitter has made $0 in three years of service. I have no idea how many millions they have spent in that time for very legitimate expenses like bandwidth, hardware, R&D and so on. The investors must know something the public doesn't...or not.

Websites like Salesforce and Basecamp can actually sell a service, usually geared to corporations who will spend money. Facebook, MySpace, and Digg have managed something miraculous. They sell us (to advertisers) because frankly they can't charge us (everyone would just move onto the next free service even if it were rubbish). We are more valuable as a whole than to try and nickle and dime us. This makes the social web a viable and honest business. In a recession there are only so many advertising dollars to go around.

Twitter has admitted publicly it has no idea how they are going to generate revenue and doesn't seem to care as they are continuing forward with R&D (Maybe on a 280 character feature). If that was my capital or 401k/pension that was being invested I would be pretty furious. Twitter has become the Worldcomm of the web 2.0 era because even they don't understand what it is they are trying to sell. Then again maybe they do. How else do you convince someone to hand over millions of dollars to you? Digg and Facebook managed to make it work. Now Twitter does.