PhpRiot
News Archive
PhpRiot Newsletter
Your Email Address:

More information

Chris Shiflett a- Using Twitter for Comments

Note: This article was originally published at Planet PHP on 11 March 2011.
Planet PHP

I just remade this site using Lithium (something I'll blog about later), and I wanted to note a change that relates to Drew McClellan's post on OpenID.

I'm no longer supporting OpenID.

I still really like OpenID, but I don't think the lack of adoption can be blamed on misuse or misunderstanding. I think the failure, as Drew describes it, is that it's too complicated for users and too troublesome for providers.

The idea is great. I really like using shiflett.org as my identity. (I just went through the exact same experience Drew describes when 37signals dropped support for OpenID, because shiflett was not available.) As a user, however, I've noticed that I much prefer sites where I have an account, because I can simply log in with 1Password. It's just easier.

OpenID is also difficult to support. A big part of the problem is how delegation works. Far too many people have sites that don't validate, and because OpenID libraries parse html to grab the delegation information, the failure rate is incredibly high. I get about as many complaints about OpenID failures as I get comments.

Even if your site validates right now, it's very easy to forget to check after you change something. In fact, I just made this very mistake and now have a duplicate id on some of my pages. Oops! I'll always do my best to fix mistakes as I make them, but it happens.

There are other factors, but I don't want to dwell on why I'm no longer supporting OpenID. Unless you're searching for the best way to identify people commenting on a blog, your needs are likely different than mine.

After seeing how easy it was to log in on Lanyrd, I decided Twitter might be the best solution. After all, I don't want people to have to create an account just to comment on my blog. That's ridiculous, plus it sounds like work, and I always try to avoid that.

Because I had already written about Twitter OAuth, implementing it was straightforward. I just had to move some code around and change a callback. I also changed my application settings to only ask for read access. After all, I just want you to identify yourself. What you say on Twitter is your business. :-)

The last change I made is just a change in policy, but it's a big one. I no longer allow anonymous comments. I think having to own what you say will generally be a good thing. I hope you agree.