• Speaking
  • Downloads
  • About Talking Identity
  • About Me

Quick Thoughts on the Twitter-iOS Integration

  • Posted on:June 7, 2011
  • Posted in:Personal Identity Management
  • Posted by:Nishant Kaushik
1

One of the big announcements at yesterdays WWDC conference was the integration of Twitter into iOS 5 (those screenshots are nice!). Twitter fanatics are going gaga about this, talking about how this is a game-changer and even conjecturing on what the apparent Facebook snub means. However, what I want to know is – what does this mean for how OAuth is used to integrate with Twitter.

First things first, it isn’t even clear if the integration between iOS and Twitter is based on OAuth or Twitter’s own xAuth. One would hope the former given Twitter’s stated direction. Ping Identity’s resident OAuth wizard Paul Madsen tried to imagine what the OAuth based integration would look like. Looking at it made me wonder if we’re seeing a radical change in how OAuth could be used on devices.

The problem is this: Apple is (justifiably) proud of the attention they pay to the usability of their products. And the OAuth flow would seem to be a problem here. In the simplest form, authorizing all the apps in iOS (camera, contacts, safari, etc) to have Twitter access would repeatedly send the user through the OAuth flow, a user experience I doubt Apple would agree to. So the question is whether a single request token asked for by iOS could be shared amongst all the apps on iOS. If yes, then how can the user manage permissions regarding what these apps can do individually? And how would they revoke a specific app? This model would make it highly unlikely that the integration would extend to 3rd party apps installed from the app store (because of that lack of separation).

Another possibility is that iOS will include some APIs that proxy the Twitter integration. So all communication to Twitter would simply originate from iOS, not from the apps directly. This would eliminate the need for multiple OAuth flows, but the same challenges around permissioning and revocation would remain. On Twitter, the user would just see one app authorized for access – iOS/iPhone/iPad. One way I can see Apple mitigating this while also opening this feature up to 3rd party apps is by adding their own app specific permission layer in the iOS settings. Which would be a practical way to manage this, and open up a whole slew of questions around OAuth and OAuth proxies on devices.

Of course, all of this is moot if the integration requires me to go into iOS settings and enter my Twitter username and password…

Be Sociable, Share!

Tags: AppleiOSiOS 5OAuthTwitter
  • http://twitter.com/bboulo VassilisBoulogiorgos

    I agree Twitter integration in iOS will be nice, but I am not sure why all this hype for a feature already available in Android devices for ages. Android has a much more open integration framework between applications, which could also help us understand possibly how Apple will do it for it's iOS integration too.

    So in Android sharing a picture from Gallery in Twitter just fire-ups the Twitter app and creates a post with the image. And you have options to share the image with DropBox, Facebook, SpringPad or whatever application you installed supports sharing pictures. No need to mess with authentication frameworks, just design a nice OS level API to pass information between applications and let your client application take care of authentication. The same principle applies when sharing a url from your browser, your location from maps etc.

    The beauty of this implementation is that your share options when sharing e.g urls are the same no matter if you use the stock Android browser or Opera Mobile or whatever.

Recent Posts

The Conundrum of 2FA meets the Enigma that is PAM
"It's a mystery. Broken into a jigsaw puzzle. Wrapped in a conun...
The Dilemma of the OAuth Token Collector
'Tis the season to be hacked, I guess. Twitter joined a bunch of...
Why 2013 will be 'The Year of the SCUID'
I'm just now coming back to earth from the high I've been on sin...
The IDaaS Powered World
Last week I was in Colorado for the Defrag and Blur conferences....
What Happens When Telco's Declare SMS 'Unsafe'?
If you've been following Authentication related discussions, you...

Recent Comments

Bob Pinheiro on
The Conundrum of 2FA meets the Enigma that is PAM
7 weeks ago

NishantKaushik on
The IDaaS Powered World
7 weeks ago

Nikolaj Ivancic on
The IDaaS Powered World
15 weeks ago

on
The Dilemma of the OAuth Token Collector
18 weeks ago

on
The Dilemma of the OAuth Token Collector
18 weeks ago

Tags

Application-Centric IdM Burton Catalyst Conference Cloud Computing Cloud Identity Model Facebook Federated Provisioning Identity Governance Identity Governance Framework Identity in Social Networking Identity Management Identity Services IGF OpenID Oracle Identity Management Oracle Identity Manager Oracle OpenWorld Oracle_IDM Password Management Personal Identity Management Privacy Provisioning Risk Management Role Management Service-Oriented Security User-Centric Identity

Connect

Twitter Follow @NishantK

LinkedIn Connect on LinkedIn

Slideshare View Nishant's Presentations

About Me nishantkaushik.com

Categories

  • Ask Dr. K (11)
  • Identity Services (36)
  • Identropy IDaaS (2)
  • Insight IdM (124)
  • Oracle Identity Management (61)
  • Personal Identity Management (32)
  • The Cloud Identity Series (17)
  • Tips & Techniques (4)
  • User-Centric Identity (24)

Archives

  • ► 2013 (3)
    • April (1)
    • February (1)
    • January (1)
  • ► 2012 (13)
    • November (2)
    • August (3)
    • July (2)
    • June (2)
    • May (1)
    • February (3)
  • ► 2011 (29)
    • December (1)
    • November (1)
    • October (1)
    • September (2)
    • August (3)
    • July (4)
    • June (5)
    • May (3)
    • April (4)
    • February (2)
    • January (3)
  • ► 2010 (33)
    • December (1)
    • October (1)
    • September (4)
    • August (5)
    • July (6)
    • June (4)
    • May (3)
    • April (2)
    • March (3)
    • February (2)
    • January (2)
  • ► 2009 (24)
    • December (1)
    • November (1)
    • October (3)
    • September (3)
    • August (4)
    • July (2)
    • June (2)
    • May (3)
    • April (1)
    • February (2)
    • January (2)
  • ► 2008 (44)
    • December (1)
    • October (4)
    • September (4)
    • August (8)
    • July (11)
    • June (4)
    • May (2)
    • April (2)
    • March (3)
    • February (3)
    • January (2)
  • ► 2007 (56)
    • December (3)
    • November (5)
    • October (6)
    • September (5)
    • August (8)
    • July (5)
    • June (9)
    • May (3)
    • April (2)
    • March (5)
    • February (5)
  • ► 2006 (33)
    • December (4)
    • November (2)
    • October (6)
    • September (1)
    • August (2)
    • July (3)
    • June (5)
    • May (3)
    • April (2)
    • March (5)

Disclaimer

Talking Identity is my exploration of the world of Identity Management. The views expressed on this blog are my own and do not necessarily reflect the views of Identropy (doesn't mean I'm not trying hard to mold them in my own image).

Copyright © 2005-2013 Nishant Kaushik. All Rights Reserved.