Twitter Tools and OAuth Continued

I didn’t post many details in my previous update, and I’d like to visit some of them now. At the time that post was written, it looked like the user experience for Twitter Tools was going to look something like this:

  1. Download, install and activate Twitter Tools.
  2. Click a link to twitter.com where you would have to register your WordPress site as an application.
  3. Take the two keys provided to you and go back to the Twitter Tools settings page. Copy-paste those keys into fields in the Twitter Tools admin page.
  4. Click another link to again visit twitter.com, this time to do the OAuth handshake and get your authentication tokens.
  5. Return to your WordPress admin and continue tweaking your settings, etc.

If you were able to succeed in these steps, everything would be set up.

The fact that I as a developer look at those steps and groan was an immediate red flag to me. I know all too well from years of email support questions that not all WordPress users are highly technical and a 4 step process with 2 steps that make you change sites and one that includes a copy-paste dance isn’t something that is going to make people happy.

Some people have suggested that this is just how it is and I have to deal with it. I disagree. When I see something that’s too hard I want to fix it, not perpetuate it. I sent an email outlining my concerns to the Twitter API team. They are smart folks, clearly they had been working on solutions for this situation as well. They have posted a proposed outline of a different workflow that looks to be an improvement over the previous situation. It’s an improvement, but it’s not enough.

I added the following to the thread:

This is excellent news and sounds like a much better user experience than the previously discussed options. I would like to suggest it be taken one step further. Could the encoded string with the keys be returned programatically to the Open Source application instead of asking the user to copy/paste? This way the user experience would be very similar to a standard OAuth transaction.

I really hope they make this change and provide the string with the tokens via a callback method/URL and allow us to completely skip the copy-paste step.

I don’t pretend to have thought through every situation that the Twitter API team is having to consider here. I’m focused squarely on my own little use case. My goal is simple: make the process of installing and configuring Twitter Tools as easy as possible for my WordPress users.

With what they have outlined and my suggestion above, I am hopeful that I will be able to support a user experience that looks something like this:

  1. Download, install and activate Twitter Tools.
  2. Click a button in the WordPress admin that registers your site with twitter.com and returns the necessary tokens to Twitter Tools.
  3. Click another link to again visit twitter.com, this time to do the OAuth handshake and get your authentication tokens.
  4. Return to your WordPress admin and continue tweaking your settings, etc.

The OAuth step is going to be required – there isn’t a way around that (and shouldn’t be). However I want the rest of the connection stuff should be as painless as possible for my users.

If you care about this, you might want to drop the Twitter API team a line (api@twitter.com or @twitterAPI) and encourage them to go one step further in their proposed implementation so that Twitter Tools can give you the easiest possible configuration experience.

My guess is that the OAuth deadline will be extended while this new API is being implemented and tested. I am currently holding off on my Twitter Tools integration until I see where things end up.

This post is part of the project: Twitter Tools. View the project timeline for more context on this post.