FriendFeed API v2:
Paul Kinlan
With the introduction of Authentication for Applications we are now asking Friendfeeders to enter their passwords into our applications. A lot of users, regardless of the fact that I don't store their password will find it hard to trust me and my applications (their arguments will be why do we need to use passwords when oauth exists).
August 3, 2009
- Comment
- Like
- Share
NaHi and Mark Trapp liked this
How can we give confidence to the users that they are infact using oauth and we don't store their passwords
- Paul Kinlan
Great question. You can direct them to the feedback group for your application where other users will hopefully be talking about the application in a positive light. You can tell them that they can revoke access at http://friendfeed.com/setting... and if they change their password not only can the application no longer make access tokens with your password but all old access tokens are automatically revoked. If they are interested technically you can direct them to http://code.google.com/apis... which is Google's implementation of OAuth for installed applications
- Benjamin Golub
We also plan to update http://friendfeed.com/api/faq to address concerns.
- Benjamin Golub
I at least plan a personal offensive. When I did twollo.com I found that if I put my mug shot on and responded as a person to queries rather than the catch-all "twollo" twitter user that there was a large element of trust being put in me rather than the company - I supose the theory is that I am putting my reputation on the line rather than hiding behind a corporate entity. So I full expect to do that with the applications that are using Authentication for Applications.
- Paul Kinlan