Twitter Connect for WordPress
The latest version of Twit Connect allows any blog owner to self-host the entire oAuth connection process. The plugin now works just like Facebook Connect.
- Install the plugin.
- Register your blog on Twitter.com and retrieve your Consumer Key and Consumer Secret.
- Plug those items into Twit Connect’s configuration page and you will have a complete and independent oAuth application.
When your readers want to comment on a post, they’ll simply click on a button and provide their Twitter credentials to identify themselves. You’ll also see their Twitter avatar alongside the comments if you’ve setup avatar support on your blog.
I’ve left the option to continue to pass the oAuth process onto me, so you don’t have to register your blog with Twitter.
This version also sports a choice of two different buttons, the new button is from Peter Denton’s “Signin with Twitter” button set.
You may notice that I haven’t implemented the “Sign in with Twitter” process. I will add that functionality later, however, I would like to spend more time testing that feature first. Although it has been reported as a “game changer,” leaving that piece out for now does not significantly change process flow.
Filling out the Twitter Application Form
The Twitter form was designed for applications, but it can work for your blog too. Please see the example below:
Although I’m a big fan of the Twitter oAuth process and I’m really pleased with this plugin,I recognize that there are still things to consider when implementing this type of technology:
- An evil blog owner could capture a user’s oAuth token and secret and read private messages or add unauthorized tweets (if write access is granted).
- A compromised blog could send a user’s oAuth token and secret to a hacker’s site.
- A completely bogus blog could be setup to simply capture oAuth login information.
With oAuth, we’ve at least eliminated the need for a user to provide a password. This is important since we know many users use the same password across multiple applications. It doesn’t, however, make the process completely foolproof and users will need to continue to watch the urls in their browsers and make sure they are signing into legitimate applications.
As always, education is an important part of this technology. Luckily, we have a great forum for providing that education.
data-text=”Twitter Connect for WordPress (Shannon Whitley)”