Eran Hammer-Lahav just posed about Twitter’s new “Sign in with Twitter” (documentation) functionality which is powered by OAuth (not Open ID).
It is quite a neat solution, you can both authenticate into a site and grant them permission for them to party on your twitter account
If you are interested in OAuth or Open ID (or the OAuth+OpenID Hybrid) read the post and check out the comments.
This reminded me of when I recently saw a customer using the Windows Live ID Delegated Authentication SDK to capture a address book, user’s profile and a static identifier for the user.
It was interesting because they chose to use DelAuth instead of Live ID Web Auth for the authentication mechanism. This meant that instead of using the unique user id (per application) the site was using the CID/LID which is a public identifier for the user (not their Live ID) – the customer had used DelAuth for something we never intended it would be used for.
Moreover, the user experience was a little funky:
Below are screenshots of signing in with Twitter (they offer both traditional forms based auth and signing in with Twitter via OAuth).
I authenticated to twitter about an hour ago and got this screen (2nd is if I'm not authenticated)
And after I am in I see my picture, name and actions i can do.
You may notice a difference here between the twitter consent screen and Microsoft’s consent screen:
PingBack from http://microsoft-sharepoint.simplynetdev.com/oauth-as-a-sign-in-to-twitter-got-me-thinking/
Twitter's solution has two buttons and a sign out link, allow and deny both in the centre of the screen. Microsoft's has three buttons, 6 links, a checkbox a drop down list, and the standard windows live toolbar at the top (has anyone ever clicked any of those links whilst delegating authentication?!).
It would be really interesting to see how many users change any of the default options or read the privacy policy - often less is more.
I know which solution I prefer.