[conspire] Facebook tries to appease frustrated developers

Adrien Lamothe alamozzz at yahoo.com
Mon Jan 2 18:30:09 PST 2012

>>From: Jesse Monroy <jesse650 at gmail.com>
>>To: "jesse650.diedie at blogger.com" <jesse650.diedie at blogger.com>; Adrien Lamothe <a_lamothe at yahoo.com> 
>>Cc: john. sokol <john.sokol at gmail.com> 
>>Sent: Wednesday, December 28, 2011 1:06 AM
>>Subject: Facebook tries to appease frustrated developers | ZDNet


Sent directly to me by Jesse, but perhaps of community interest.

The answer to the problem is in the article: OAuth 2.0. I only use the new OAuth 2.0 interface, and haven't experienced any problems other than when Twitter had problems implementing it. I also only use social sites for authentication and nothing else, though I plan to use their OAuth RESTful interfaces for things like inviting friends to an app. Also, I (politely) urge my users to also supply their email addresses along with login 
names and passwords in their profiles on my sites, so that in the event 
the social site isn't available for whatever reason they can still do a 
normal username/password (over ssl) login and can also do a password 
reset if needed. I don't force them to do this; if they want to be 
completely dependent on some social site to login to my site that is 
their prerogative, but don't complain to me if they can't log in because of some problem with their social site. My Quick Heist game (http://quickheist.net) takes this approach.

The social sites want app developers to create exciting apps, to entice new users onto their platforms, but also want control over those users (such control directly translates into power.) The social sites can change their policies at will, such as when Facebook suddenly changed their affiliate marketing policies, a move which immediately impacted revenue of a number of companies with apps bound to the Facebook site (see http://insideaffiliate.net/r-i-p-facebook-ads-april-2010/). It is also possible a social site can decide they don't like your app for whatever reason and revoke your OAuth credentials, at which point you lose ALL your users with no way to contact ANY of them, unless you have given your users the option of supplying (at a minimum) their email addresses, which can then be used to send standard login password resets allowing the cut off users to get back into your site. At least Facebook supplies users email addresses when they
 authenticate to your system with OAuth. I've found Facebook to be a better platform overall for supporting third party apps and sites.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://linuxmafia.com/pipermail/conspire/attachments/20120102/275754fd/attachment.html>

More information about the conspire mailing list