Best Practices for OAuth with Fire Eagle. “We insist that you must NOT use embedded rendering controls to present the OAuth process with Yahoo! and Fire Eagle”—that’s a clear nod towards the iPhone development community.
Sign in with 
OpenID
<blatant self promotional plug>
i built a simple fire eagle update app which is in the itunes store called yofe! It plays nice with oauth, feel free to take a look: http://icanhaz.com/yofe
</blatant self promotional plug>
Colm McMullan - 17th October 2008 00:34 - #
It strikes me that usability is the enemy of security when it comes to authentication and identity.
Guess who wins :/
@James:
The phishers?
Jeremy Dunck - 21st October 2008 14:24 - #
@James Wheare: Yes that is the compromise. However, as I've tried to address as strongly as possible in the Fire Eagle best practices piece, modern operating systems allow you to produce a very slick user experience moving between separate third party application and the browser.
I think it's as good as using an embedded control, if not better (since it's in your browser is uses your browser's cookies, so sites you're already logged into will take you straight to the auth page — whereas an embedded control requires you to log in from scratch).
Few people know about it, hence sometimes clunky user experiences are produced at the moment. This documentation is as much about promoting the x-myapp:// technique as it is highlighting the phishing problem.
Ben Ward - 6th November 2008 20:17 - #