A lot of people ask me why we don’t support Twitter’s OAuth yet. Let me explain why it’s taking so long.
When we launched E about a year ago, Twitter had no OAuth support. That’s why we intregrated it by using regular HTTP authorisation, which requires the user’s username and password (which we store encrypted). A few months later, when the Twitter API team released their OAuth Beta version we immediately started implementing it. While doing that we noticed a substantial problem popping up. E was not built to support two types of service integration, which meant that if we’d implemented OAuth, we’d have to ask all users to integrate Twitter credentials again. Which we, and our users, would obviously find ridiculous.
We’re currently rebuilding the complete system that supports multiple types of integration. The cool thing about this is that we’ll be able to offer additional advanced features after this release. Those features will see the light in our next major version, codenamed ‘Gundam’.
This problem is not only related to Twitter, but to all services we’ve integrated on the second level (http encrypted auth) that now support OAuth.
Since we’re advocates and members of multiple open standards workgroups and associations, we do our very best to implement solutions for privacy issues and the password anti-pattern. Sometimes, we have to stick to the lesser of two evils for the better of the user experience.
We hope this explains the situation, if you have any questions about this topic, please don’t hesitate to comment, email or post in our Get Satisfaction.
For something which wants to be the future of social networking I am flabberghasted on how basics are not done.
As mentioned before on twitter, this is not about Oauth, but about you doing the 5th step first and thus forcing a person to something which is highly unecessary in order to use your service.
I cannot understand why this is done this way as it is utterly stupid. A service which allows me to have a my ‘electronic business card’ should do exactly that: let me have my business card. Let me add services.
In order to do so, I need to add an account like for example twitter. For this I click on add twitter and expect to be able to add one. Instead I am forced to reveal my password for automatic friending and more if I want to add this. Hello?
So my question is not why you do not support Oauth and I do not care about you encrypting my passwords, but why the hell I am supposed to enter my password in the first place as this is clearly a functionality from the planet of nice to have in version 5.
Similar to Friendfeed and I did not check the others much – assuming that I by accident found the ones that ‘do not support automatic friending’ and are therefor without ‘requirement’ of my data or access.
There is ABSOLUTLY NO NEED for the basic funktioniality of this software to have this feature as a requirement of using it at all.
[Yes I am angry. This is not rocket science but pure basic 101 programm design.]
And even if that would be inmplemented with basics first, automatic friending is something I NEVER EVER want to have done through my account.
Nicole Simon
Nicole,
thanks so much for your lengthy response. We hope we didn’t get you in trouble due to automatic friending, but we want to remind you that as of this point E is a free service. We do not force you to use it (but we’d love you to use it anyway!).
Please let me elaborate on why we (seemingly) implemented automatic friending in a reversed logic. When we designed E and developed E, we purely reasoned of out this use case: you exchange your online business card with people in real life. We also limited the service to card exchanges through our mobile application. As the exchange of business cards is a process that requires a mutual gesture, we, as users of our own system, felt that meeting people in real life would mean that they would be interesting enough to follow on Twitter as well. In fact, our first beta release only supported services that allowed ‘automatic friending’ through their API.
As E evolved as a service, we found out that people wanted to add a lot more social profiles to their cards. So we started adding major services like Facebook and LinkedIn (which have very restricted API access) by linking them on cards. In other words, the way you described should (and, should be the de facto setting for integrating services). However, we had many users that already integrated Twitter, and did appreciate ‘automatic friending’. We couldn’t just tell these users to re-integrate their services.
To make a long story short, there are many types of users. We sadly can’t please everybody to a maximum extent, but do strive to do so. Like I mentioned to you before, we are working to provide you with the adequate set of features that will allow you to do exactly what you mentioned in your comment, without obstructing the users that do want the existing functionality.
As a final word I’d like to thank you for taking the time to write your constructive criticism. It’s comments like these that make our service better, and that allow us to grow and learn as a company.
Renn