Mimic xAuth over OAuth
C Objective-C
Switch branches/tags
Nothing to show
Permalink
Failed to load latest commit information.
English.lproj Minor style changes May 20, 2011
OAuthConsumer.framework
THE AUTHENTICATOR.xcodeproj Initial commit May 20, 2011
screenshots
.gitignore Initial commit May 20, 2011
Readme.md Spelling fix and clarification May 23, 2011
THE_AUTHENTICATOR-Info.plist Initial commit May 20, 2011
THE_AUTHENTICATORAppDelegate.h
THE_AUTHENTICATORAppDelegate.m
THE_AUTHENTICATOR_Prefix.pch Initial commit May 20, 2011
main.m

Readme.md

THE AUTHENTICATOR

THE AUTHENTICATOR DOES NOT CARE LETTER BEFORE AUTH. THE AUTHENTICATOR PROVIDE GOOD USER EXPERIENCE. THE AUTHENTICATOR BEND OAUTH TO WILL.

What is this?

This is a proof of concept Objective-C OAuth desktop client for Twitter that implements a login flow that mimics xAuth (Username + Password) for a silky smooth user experience.

Why?

Because there's been hubbubb over the bad user experience associated with OAuth. This resurfaced recently when Twitter decided that all API clients except their own must use OAuth for authentication.

http://daringfireball.net/2011/05/twitter_shit_sandwich

How?

The client embeds a WebKit view to do the authentication, but restyles Twitter's normal authentication dialog to look more like a native OS X window.

Once the user has logged in it hides the WebKit view, and in the background uses Javascript to extract the verification PIN to retrieve the access token.

Practical?

It's a giant hack, and probably violates some Term of Service clause. But it works.

Caveats

  • Needs more native styling
  • Needs a few seconds to download the auth dialog before it can be shown. This can be remedied with some clever UX.

License

By Kim Ahlström, kim.ahlstrom@gmail.com

MIT License