Tuesday, December 4, 2012

Irritated by the Twitter app experience on Android

I’ve been working on a custom Twitter app for Android but have become pretty frustrated with the user experience of such apps.

First, the Android via the official Twitter client stores a user’s Twitter account OAuth token in the AccountManager. But this token is actually useless to third-party apps because it is only signed for the “consumer" id/secret pair that is compiled into the official Twitter apk. (Though I could cite examples of folks extracting this key pair.)

So the only way for my custom app to get its own access token for its “consumer" id/secret pair is via the traditional OAuth route by requesting one from Twitter’s servers and having the end user allow the app to have access to their account. The ugliness of this is that it requires leaving the app to visit mobile.twitter.com with the browser app (though, there are work-arounds to place a webview in a dialog). Worse, a user’s mobile browser is not very likely to be already signed in to mobile.twitter.com in the browser, which now requires them to authenticate.

It seems reasonable enough to expect that if a user has added a Twitter account globally in the Android OS that browser visits to mobile.twitter.com would be smart enough to create a single-signon experience with the access token already saved in the phone.

Edit: This sounds exactly how it should work, but unfortunately, it is for iOS 5. Though I don’t see any reason why something special would need to be baked into the OS, the official Twitter client could provide a custom system service. https://dev.twitter.com/docs/ios

No comments:

Post a Comment