I stumbled upon Ian McKellar‘s twauth prototype: a Twitter and OpenID based mobile authentication solution.
The idea behind twauth is to address the usability issues of current mobile OpenID-based authentication workflows.
The particular issue that Ian’s twauth addresses it the effort place on the user to enter alphanumeric passwords.
Twauth addresses this issue by replacing the alphanumeric password entry by a digits-only 5-digit one-time code sent to the mobile phone via Twitter/SMS, that the user then enters on the openid authentication page.
Here are some screenshots of the complete workflow:
1. Entering the twauth mobile OpenID URL at the mobile ma.gnolia.com (m.gnolia.com) http://twauth.ianloic.com/twitteruserid
:
2. Instructing the OpenID server to send a direct (private) Twitter message with a 5-digit code (ignore the garbage):
3. The mobile phone that is linked to the Twitter account linked with the twauth OpenID URL is sent a message with a 5-digit code (18010 – screenshot not available)
4. User enters the one-time 5-digit code:
5. You are authentic!
One thought on “twauth: mobile authentication with OpenID and Twitter”