Since the beginning, Twitter has supported Basic Auth as a form of authentication. On June 30th, however, they plan to pull the plug. If you’re unfamiliar with authentication processes, Basic Auth involves attaching the user’s username and password to a request header. It’s as simple as can be for developers, but not exactly safe for users. Although many developers wouldn’t even consider tampering with a user’s account, the dark side still lingers.

Because of this, OAuth was introduced to keep users’ passwords out of 3rd party hands. Instead, an access token is given to the 3rd party for each user. With it, they can call any of the methods in the API that Basic Auth could, but users can feel safe knowing only Twitter holds their passwords. Though this sounds all well and good, it certainly has its downsides.

For one, the login process isn’t as smooth—for both the user and the developer. This diagram compares the user experience of Basic Auth versus OAuth. As you can see, OAuth is a bit long-winded. It’s even worse for the 3rd party. They bear the burden of encoding and signature parsing. From a user experience standpoint, the worst part of the OAuth process lies in the last three steps. Twitter is not a bank. Requiring the user to copy, paste, and authenticate a pin adds three unnecessary steps.

Prior to DestroyTwitter, I developed DestroyFlickr, which authenticates with Flickr to access its API. This process involves entering a username in the app, which opens Flickr.com, asks you to login if you haven’t already, then verifies that you’d like to authorize this app. Finally, return to the app and you’re good to go.

Now, Twitter does have an alternative authentication method—xAuth. Imagine if Basic Auth and OAuth had a baby. The process is the same for the user as Basic Auth, but the 3rd party is given an access token, just like with OAuth. There’s one problem—it still divulges the user’s password to the 3rd party, just like Basic Auth. Even though Twitter says, “Storage of Twitter usernames and passwords is forbidden,” this single sentence isn’t going to stop a malicious 3rd party from exploiting users.

Let’s look at one last issue that arises with OAuth. For Twitter app developers, how do you authenticate with services like Twitpic?—with the user’s username and password. If the 3rd party can’t store users’ credentials, it’s impossible for them to authenticate with the service. Unless Twitter releases this proposed echo method with enough time to implement, you will either see a massive drop in Twitter service usage or Twitter app developers will ignore the no-storage rule and put us back at square one.

Keep in mind, a lot can change between now and June. Let’s hope Twitter improves the user experience by removing the need for a pin. Let’s look forward to a way to communicate with services without sharing users’ credentials. With enough of a heads-up, June 30th will just be another day. If, however, Twitter makes a change in the eleventh hour, we might see a number of frantic developers.

[update] – Twitter updates OAuth docs to prepare developers for June.

Today marks three years for Jen and me. She’s been my source of inspiration since the day we met and I wouldn’t be where I am now if it weren’t for her support and encouragement. She means everything to me and I simply can’t wait to see where the next three years take us.

It’s been a solid 17 days since I started Destroy Everyday—the creation-a-day mini blog aimed to balance my life between coding and off-the-computer mediums. So far, it’s been a success, meaning I have yet to miss a day. It’s been such a personal success that I’ve somewhat neglected the mothership—Destroy Today. Now that I have a solid routine down for the new year, it’s time to get back to business and stay active across the board.

I have a number of new DestroyFramework classes ready to document and check-in over the next few days. I plan to get back into sharing interesting and useful things I come across, regarding both programming and design. And, now that I’ve been introduced to MVC(S) and RobotLegs, I have a lot more to talk about—expect a tutorial in the near future.

To add some imagery to this post, below is yesterday’s Destroy Everyday post featuring Andy Mangold. I also included a detail shot because the web-sized image really doesn’t do it justice.

Technology continues to amaze me. Can you remember a time before cell phones, when you had ALL of your friends’ phone numbers memorized. Back then, it was a bit easier without area codes. Now, I can video chat with Jen from an airplane. Here’s to the future.

I leave for Adobe MAX within the hour, making a pit stop in San Francisco to join up with the Adobe XD crew, then to Los Angeles for MAX. The past two months have been spent on an Adobe AIR app for the conference. I’ll be sure to post about it when it goes live—a day I’ve been longing for. Since this year’s MAX is Star Wars/Trek themed with Mark Hammil, aka Luke Skywalker, co-hosting with LeVar Burton, I decided to bring my Diesel stormtrooper shoes. To all Destroy Today readers attending MAX, I’ll see you there!

According to Multichannel News, Netflix’s “Watch Instantly” might make its way to the iPhone. Though this section of their website can easily be compared to the VHS aisle at your local video store, it does have a few goodies, mainly TV series. I recently subscribed to the RSS feed that shows the latest movies and shows added to “Watch Instantly.” It does seem like they’re picking up the pace with better additions, recently tossing in every season of LOST, but at the same time including 400 Years of the Telescope—the latest summer blockbuster, I’m sure. Regardless, I welcome Netflix with open arms.

via MacRumors

I finally got an iPhone. Pretty much everyone around me has one, so I felt ancient pulling out the ol’ 1st generation LG Chocolate. The audio on that thing sounds like a Dementor. I’m still getting the hang of the iPhone, but I might need a few suggestions on good apps—I’m after useful utilities rather than games. Along with the iPhone, I picked up a developer license for it. I’ll finally be able to give a crack at it, which is exciting. Learning something new, when you have the chance to, opens doors to all sorts of places. It’s good to be aboard.

Note: Please, please, please don’t barrage my inbox/comments with requests for DestroyTwitter on the iPhone.

I completed my first day at Adobe yesterday where I became oriented with everything. The majority of the time was spent installing software on my computer, which is always a refreshing experience—starting anew. Today, I begin working and I’m very excited to do so. Above is my temporary workspace while I’m here. Don’t ask why I have two keyboards…

Tonight, I spent some time looking at the work of someone I’ve looked up to for years now. His work is always original and leaps over anything considered innovative these days. I then stopped and wondered, “If I were to meet him, what would I say?” It’s a very hard question to answer. Do you tell them you’ve been following their work forever and gush over them like you’re on MTV’s Fanatic? Do you even mention their work or your interest in it, and stumble while trying to come off cool and down-to-earth?

It’s something I’ve always wondered. Last year, James Jean visited MICA and the entire school shut down (not literally). Everyone went crazy—like seeing The Beatles on The Ed Sullivan Show. I happened to have his book, “Process Recess”, which sells on Amazon for as much as $875. Of course, I wanted him to sign mine, but so did everyone else at MICA. When I got up to see James, I was clueless as to what to say, so I said nothing and held the book in front of him like Oliver Twist asking for more. He didn’t scream “Morrrrrrrrre?!” like in the movie, but he did look at me like I was just there to double the value of my book. Though the scenario wasn’t one to sit down and have a chat, I did feel a bit let down that I couldn’t even introduce myself.

Now, James Jean isn’t my idol, but now that I’m an Adobe employee, I’ll be meeting a lot of people I’ve looked up to over the years—especially being in San Francisco. I’m sure I’ll have more to say than when I met James Jean, but it makes me wonder. For those who have already met their idol(s), what did you talk about? I’m sure there’s a handful of good stories out there. Feel free to share.

I didn’t really know what sort of imagery to accompany with this text, so I used a shot I took a while back, trying out the 5D for the first time with Jen.

Last month, I spent a good two weeks flying to Chicago, San Francisco and New York City, meeting with Leo Burnett, Adobe, and Google. Leo Burnett showed interest for their Energy Pool, Adobe for their Experience Design (XD) team, and Google for their Creative Lab. Throughout each meeting, I soaked in as much as I could about each group and ultimately decided to join Adobe.

Working with Adobe, I will develop Adobe AIR apps full-time. I will work out of Baltimore for this next year, flying out to SF from time to time, and then take the trek out to the west coast. I am incredibly excited about working with Adobe and am ecstatic that I’ll be able to continue working on my applications.

But there’s more. Adobe is in the process of licensing DestroyTwitter. This means I’ll be working on the app full-time with the support and resources of the company. Not only that, I’ll be working on other exciting projects at the same time. Since DestroyTwitter is the product of free time between school and work, I can only imagine what it will become with considerably more focus. Stay tuned.