One of the things I hate the most about AlfredTweet is the authentication mechanism. I don’t like that I have to send you to Twitter to log in, grab a code, then make you come back and enter the code into Alfred for storage. Maybe I could use xAuth to authenticate to Twitter to make it a little easier, but I also don’t like the idea of having to ask for your password. I would never do anything malicious like try to steal your password or anything like that, but still.. I wouldn’t feel comfortable just giving my password out in an extension so I don’t really expect you guys to want to do it as well. So how am I going to handle this? Well there are several options and I could potentially offer several in AlfredTweet.
The first option is the easiest and that is to just keep the current authentication method. This would keep authentication with Twitter.com. This already works, and I’ve actually done a few things to make it a little bit of a smoother process.
This option would consist of me trying to work in xAuth authentication to Twitter. xAuth consists of AlfredTweet getting your username and password to Twitter and sending a request to Twitter.com with that information and getting your auth tokens. Once I get the auth tokens, save them for later and that is what is used to interact with Twitter. As mentioned earlier though, I don’t like the idea of asking for your username and password. One potential solution would be that, instead of asking for your username and password in Alfred, I could use Don Southard’s (@binaryghost. Don’t know him? Follow him now. Seriously, now.) Authenticator app. Using Authenticator would ask for your username and password and store it in your OS X Keychain. I could then use Authenticator to grab the username and password, authenticate to Twitter, grab your auth tokens, save them back to the keychain and then delete the keys that have your username and password in them. So this just gives you a secure way of entering your username and password until I get done with the authentication. This isn’t exactly my preferred method but, I want to make things easy for you guys.
This is my favorite method, but it has a downside. This method requires Mountain Lion. This option will request keychain access and check to see if you have your auth tokens stored in the keychain already. Why would they be in there? The Twitter integration that is baked into OS X stores your auth tokens in the keychain. So, if you had your Twitter account set up in Mountain Lion you could simply perform a “local authentication” that would grab your auth tokens from the keychain and be done. No website, no entering in codes, usernames, passwords, etc. There would only be a prompt saying that I wanted to grab the info from your keychain and then setup is complete.
What would you like to see or what would you prefer? Send a tweet, let me know.