Feed Sign in with OpenID OpenID

Simon Willison’s Weblog

The password anti-pattern. What I don’t understand is why Google / Yahoo! / other webmail providers haven’t just deployed a simple OAuth-style API for accessing the address book. Sites have been scraping them for years anyway; surely it’s better to offer an official API than continue to see users hand out their passwords?

Posted 12th October 2007 at 9:25 am

Tagged , , , , , ,

3 comments

  1. After a quick glance I wouldn't call Google's authentication for web apps simple, but it does exist. I'm told this API would allow a service to access your contacts in a secure way.

    Rory Parle - 12th October 2007 12:07 - #

  2. That would certainly do the trick (as would Yahoo!'s BBAuth), but as far as I know neither Google or Yahoo!'s APIs actually include access to the address book, which is what the scraping sites are looking for.

    Simon Willison - 12th October 2007 12:53 - #

  3. Looking more carefully, it seems you're right. Obviously I was misinformed.

    Rory Parle - 12th October 2007 13:22 - #

Sign in with OpenID

Auto-HTML: Line breaks are preserved; URLs will be converted in to links.

Manual XHTML: Enter your own, valid XHTML. Allowed tags are a, p, blockquote, ul, ol, li, dl, dt, dd, em, strong, dfn, code, q, samp, kbd, var, cite, abbr, acronym, sub, sup, br, pre

A django site