Aaron knows what he’s talking about when it comes to authentication, and Apple’s latest move with sign-in for native apps gets the thumbs up.
Sign In with Apple is a good thing for users! This means apps will no longer be able to force you to log in with your Facebook account to use them.
This does not mean that Apple is requiring every app to use Sign in with Apple.
Andy sounds a cautionary note: the password anti-pattern may be dying, but OAuth permission-granting shouldn’t be blasé. This is why granular permissions are so important.
A one-stop-shop with links to the authentication settings of various online services. Take the time to do a little Spring cleaning.
Ben documents the improvements in Twitter’s OAuth flow. Maybe this will help to stop people blindly giving permission to dodgy third-party sites to update their Twitter stream.
Blaine outlines the vision for Webfinger.
Allow your Twitter location to be automatically updated from FireEagle. The process of connecting you, FireEagle, and Twitter is beautiful: 1 x OpenID + 2 x OAuth.
Glenn has created a screencast of his superb Skillswap presentation, syncing up the audio with the slides.
A thoughtful post from Ben on how the flow of OAuth, OpenID and Facebook Connect can be improved.
David has written an excellent comparison of the two differing mindsets when approaching online authentication. In no uncertain terms, OAuth (or an OAuth style authentication) is right and the password anti-pattern is wrong, wrong, wrong.
I never thought I'd find myself linking to and agreeing with a post on TechC*nt but it's good to see somebody pointing out Facebook's hypocrisy with using the password anti-pattern.
All of Google's data APIs (Calendar, Blogger, Contacts, etc.) all now support OAuth. Excellent!
An excellent rant by Jeff Atwood that explains just why the password anti-pattern is such an abhorrent practice: "How did we end up in a world where it's even remotely acceptable to ask for someone's email credentials?"
As promised by Kevin Marks in the Q&A after my panel at South by Southwest, the Google Contacts API now supports OAuth. w00t!
A nice summary of the technologies presented at my SXSW panel.
Leisa joins in on the password anti-pattern. As she says, this is a question of ethics. I've already made my position clear to my colleagues and clients. Have you?
Brian's article on portable social networks is a clear and concise introduction to the subject with explanations of the technologies involved.
A new site to track the building blocks of portable social networks: OpenID, OAuth, hCard, XFN and more.