-
playing with twitter
I recently had a go of pixly, a twitter combat game which yet again requires a user to log on using twitter credentials. This got me thinking, could it be done without needing the users login? The answer is yes. Using the json public methods its possible to grab a tweeter’s friend list on the client side, which could easily be sent back to the server, requiring only a cookie to track a few bits and a database to hold votes etc. This way wont allow you to be accountable for your results, i.e. without a password anyone could pretend to be you and vote with your avatar’s, but it does relieve the need to give out your password while still having the same amount of fun.
I also thought about how to secure your score without handing out a password. As a site owner I could have a twitter account that advertises the site, in order to secure logins the idea would be as follows. User X goes on to site, is told to add follow twitter account, once followed X goes back to site and enters username, upon which, if that username is seen to follow the twitter account, a direct message containing an account password is sent to X.
These methods combined i’m pretty sure would cover a lot of these game style idea’s without affecting user security or asking the user to give up their password in any way.
The obvious downside is speed, the method i went with is very single threaded loading items in blocks of 100 as the api allows, think 5 seconds to load a list of 454 friends.here is the 5 min test i did to load a users friend list, it defaults to @drew mainly because he had a nice number of friends to load: http://mattrandles.com/twitter/2.html
