You can do a lot with new software if you tell it a little bit about yourself – but who wants to give the new kid on the block the password to their most important communication tools?
Unfortunately that’s what we’re asked to do with a lot of new applications these days. It doesn’t have to be that way, though.
Standards based user authentication protocols, and one called OAuth in particular, allow applications to send you back to home base with a request for permission to access your data – whether that’s your email contacts, your Twitter account or other information. Today we learned that Firefox is probably going to implement OAuth inside the browser itself and Twitter is getting ready to implement it for sure. That’s very good news.
Senior Software Engineer at Twitter Britt Selvitelle said today in a conversation for developers working with Firefox that Twitter “will be using OAuth as our primary form of token auth.”
That’s fantastic news for a few reasons. Twitter is a very important communication tool for many people, the service’s Application Programming Interface (API) has allowed a huge ecosystem of interfaces and applications to flourish around it…and yet today all of those 3rd party apps have to ask for your Twitter password in order for you to use them. It’s been an awful lot of risk for users to take and we’re really surprised that no one has yet ripped Twitter passwords from unsuspecting users and then unleashed a wave of valid looking spam.
Finally, it appears, Twitter will soon implement a secure way for you to give 3rd parties access to parts of your account without giving them a copy of the key to walk in the front door any time they like.
Firefox
The conversation today took place in the context of a question from Matthew “lilmatt” Willis, a Flock employee and longtime contributor to Mozilla. Willis wants to know if the Firefox developer community would like OAuth built into Firefox and if so how. He points out that much of the work has already been done, if not multiple times.
We’re not entirely sure what this would look like, but we are intrigued. Browser-based authentication for data mashups sounds great. Browser plug-ins that securely access your various accounts without asking you for your passwords sound great too.
As of this afternoon there’s a developer preview of a browser-based OpenID implementation for Firefox (thanks Vidoop!) so we hope that an OAuth implementation for Firefox could be a complimentary project.
The Big Picture
Google adopted OAuth for all the Google Data APIs this summer, so there’s really no reason why 3rd party apps should ask you for any Google passwords ever again.
This is all very good news for everyone. Secure user authentication equals greater user trust, which equals developer access to more user data. More developer access to user data equals more innovation. More innovation makes us happy (we love this stuff) and, co-incidentally, leads to more user data. Data portability is good for everyone. Bring it on, Twitter and Firefox!