{"id":930,"date":"2009-08-31T15:36:45","date_gmt":"2009-08-31T15:36:45","guid":{"rendered":"http:\/\/dalelane.co.uk\/blog\/?p=930"},"modified":"2009-09-02T22:30:12","modified_gmt":"2009-09-02T22:30:12","slug":"oauth-authentication-from-a-mobile-device","status":"publish","type":"post","link":"https:\/\/dalelane.co.uk\/blog\/?p=930","title":{"rendered":"OAuth authentication from a mobile device"},"content":{"rendered":"<p>I wrote a post a couple of weeks ago in which I <a href=\"http:\/\/dalelane.co.uk\/blog\/?p=831#oauth\" target=\"_blank\">whined about the difficulties in creating a good user experience for a mobile client that authenticates with an OAuth provider<\/a>.  <\/p>\n<p>I was pleasantly surprised (and a little honoured!) to get <a href=\"http:\/\/dalelane.co.uk\/blog\/?p=831&#038;cpage=1#comment-102383\" target=\"_blank\">a comment on the post<\/a> from <a href=\"http:\/\/factoryjoe.com\/\" target=\"_blank\">Chris Messina<\/a> reminding me that the way to address the usability issue isn&#8217;t to revert back to using usernames and passwords, but for us to all work to improve the usability of OAuth.  <\/p>\n<p>Sufficiently inspired, I went back and <a href=\"http:\/\/dalelane.co.uk\/blog\/?p=905\" target=\"_blank\">had another go<\/a>.  <\/p>\n<p>It&#8217;s still not quite there, but I think it&#8217;s better.  <\/p>\n<p>As Andy <a href=\"http:\/\/dalelane.co.uk\/blog\/?p=831&#038;cpage=1#comment-102313\" target=\"_blank\">pointed out last time<\/a>, not everyone has a Windows Mobile device to try my code on, so this time I tried recording a <a href=\"http:\/\/www.youtube.com\/watch?v=RefVst-OW34\" target=\"_blank\">screen capture of it<\/a>.  <\/p>\n<p><object width=\"425\" height=\"344\"><param name=\"movie\" value=\"http:\/\/www.youtube.com\/v\/RefVst-OW34&#038;hl=en&#038;fs=1&#038;rel=0\"><\/param><param name=\"allowFullScreen\" value=\"true\"><\/param><param name=\"allowscriptaccess\" value=\"always\"><\/param><embed src=\"http:\/\/www.youtube.com\/v\/RefVst-OW34&#038;hl=en&#038;fs=1&#038;rel=0\" type=\"application\/x-shockwave-flash\" allowscriptaccess=\"always\" allowfullscreen=\"true\" width=\"425\" height=\"344\"><\/embed><\/object><\/p>\n<p><!--more-->Unfortunately, the <a href=\"http:\/\/fireeagle.yahoo.net\/\" target=\"_blank\">Fire Eagle<\/a> OAuth and Yahoo! login pages aren&#8217;t very mobile-friendly, but there isn&#8217;t anything that I can do about that. There is probably more the client app can do to warn the user of what to expect on the Fire Eagle website, but it&#8217;d be interesting to put it in front of a couple of potential users and see what they think. <\/p>\n<p>What else can we do to make OAuth easier? <\/p>\n<p><strong>Update (2-Sep-2009):<\/strong> <a href=\"http:\/\/www.plasticbag.org\/\" target=\"_blank\">Tom Coates<\/a> from the Fire Eagle team kindly got in touch to help me work on this. He gave me a couple of useful tips:<br \/>\n1) Add <code>m.<\/code> at the start of the URLs given in <a href=\"http:\/\/fireeagle.yahoo.net\/developer\/documentation\/mobile_auth\" target=\"_blank\">the mobile auth documentation<\/a> to get mobile versions of the pages.<br \/>\nIf the application sends the user to <a href=\"https:\/\/m.fireeagle.yahoo.net\/mobile_auth\/19491\" target=\"_blank\">m.fireeagle.yahoo.net\/mobile_auth\/&#8230;<\/a> instead of <a href=\"https:\/\/m.fireeagle.yahoo.net\/mobile_auth\/19491\" target=\"_blank\">m.fireeagle.yahoo.net\/mobile_auth\/&#8230;<\/a>, the pages render much better on the mobile.<br \/>\n2) Use a <a href=\"http:\/\/fireeagle.yahoo.net\/developer\/documentation\/oauth_best_practice\" target=\"_blank\">custom callback<\/a> so that the web page returns the user to the application. This is not trivial in Windows Mobile. Registering the app to handle callbacks isn&#8217;t too hard, but only if the app isn&#8217;t already running &#8211; I don&#8217;t know how to get it to work when the app is already open.<br \/>\nI suppose I could get the app to terminate itself after launching the web browser to the Fire Eagle OAuth page, but that&#8217;s a bit clumsy. I&#8217;ll look into it more.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I wrote a post a couple of weeks ago in which I whined about the difficulties in creating a good user experience for a mobile client that authenticates with an OAuth provider. I was pleasantly surprised (and a little honoured!) to get a comment on the post from Chris Messina reminding me that the way [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[142,46,415],"class_list":["post-930","post","type-post","status-publish","format-standard","hentry","category-code","tag-fire-eagle","tag-mobile","tag-oauth"],"_links":{"self":[{"href":"https:\/\/dalelane.co.uk\/blog\/index.php?rest_route=\/wp\/v2\/posts\/930","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dalelane.co.uk\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dalelane.co.uk\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dalelane.co.uk\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dalelane.co.uk\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=930"}],"version-history":[{"count":0,"href":"https:\/\/dalelane.co.uk\/blog\/index.php?rest_route=\/wp\/v2\/posts\/930\/revisions"}],"wp:attachment":[{"href":"https:\/\/dalelane.co.uk\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=930"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dalelane.co.uk\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=930"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dalelane.co.uk\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=930"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}