About the Author

Chris Shiflett

Hi, I’m Chris: entrepreneur, community leader, husband, and father. I live and work in Boulder, CO.

Using Twitter for Comments

I just remade this site using Lithium (something I'll blog about later), and I wanted to note a change that relates to Drew McClellan's post on OpenID.

I'm no longer supporting OpenID.

I still really like OpenID, but I don't think the lack of adoption can be blamed on misuse or misunderstanding. I think the failure, as Drew describes it, is that it's too complicated for users and too troublesome for providers.

The idea is great. I really like using shiflett.org as my identity. (I just went through the exact same experience Drew describes when 37signals dropped support for OpenID, because shiflett was not available.) As a user, however, I've noticed that I much prefer sites where I have an account, because I can log in directly with 1Password. It's just easier.

OpenID is also difficult to support. A big part of the problem is how delegation works. Far too many people have sites that don't validate, and because OpenID libraries parse HTML to grab the delegation information, the failure rate is incredibly high. I get about as many complaints about OpenID failures as I get comments.

Even if your site validates right now, it's very easy to forget to check after you change something. In fact, I just made this very mistake and now have a duplicate id on some of my pages. Oops! I'll always do my best to fix mistakes as I make them, but it happens.

There are other factors, but I don't want to dwell on why I'm no longer supporting OpenID. Unless you're searching for the best way to identify people commenting on a blog, your needs are likely different than mine.

After seeing how easy it was to log in on Lanyrd, I decided Twitter might be the best solution. After all, I don't want people to have to create an account just to comment on my blog. That's ridiculous, plus it sounds like work, and I always try to avoid that.

Because I had already written about Twitter OAuth, implementing it was straightforward. I just had to move some code around and change a callback. I also changed my application settings to only ask for read access. After all, I just want you to identify yourself. What you say on Twitter is your business. :-)

The last change I made is just a change in policy, but it's a big one. I no longer allow anonymous comments. I think having to own what you say will generally be a good thing. I hope you agree.

About this post

Using Twitter for Comments was posted on Thu, 10 Mar 2011. If you liked it, follow me on Twitter or share:


1.Lenin Ghazi said:

Great that you removed crappy OpenID. I always failed to comment even after authenticating myself with several of my ids. Why wont you use GoogleFriendConnect or other multisocial things similar to OpenID? Google's gmail also supports OAuth now.

Thu, 10 Mar 2011 at 19:10:25 GMT Link

2.Giorgio Sironi said:

Of course you have an audience which is really like to own a Twitter account. But I'm still not comfortable to depend on an external web service for authentication (for testing simplicity and "openness" purposes).

Thu, 10 Mar 2011 at 19:21:04 GMT Link

3.Chris Shiflett said:

Hi Lenin,

An additional benefit of using Twitter is that it's more than just an identity; it's a profile.

If people want to see other comments you've left or more about you, they can visit your profile. All you have to do is connect to Twitter.

I may add support for other stuff later, but this was the easiest thing for me to do quickly. Out of curiosity, is there any particular reason you think I should support Friend Connect?

Thu, 10 Mar 2011 at 19:21:51 GMT Link

4.Chris Weekly said:

Interesting and reasonable choice(s). Thanks for the post. BTW, as of 2:20pm EST today, twitter oauth did say "read and update" (not just "read") despite your comment to the contrary. HTH.

Thu, 10 Mar 2011 at 19:31:10 GMT Link

5.Chris Shiflett said:

Thanks for letting me know, Chris. I just tested it and checked the app settings, and I don't see how it could be requesting write access.

Mind checking your settings again to be sure?

Thu, 10 Mar 2011 at 19:36:54 GMT Link

6.Jim Gaudet said:

I am wondering what will show up in my Twitter profile when I comment, if anything. What happens when there is more than 140 characters? Just testing...

How about using Twitter or Facebook as auth options (assuming the comments are stored in your DB)?

Thu, 10 Mar 2011 at 20:05:36 GMT Link

7.Jim Gaudet said:

Sorry, not trying to spam your comments :D Just noticed it doesn't post to my Twitter profile, so only auth. Cool. Checking out your post on implementing. Do you have one for Facebook?


Thu, 10 Mar 2011 at 20:07:32 GMT Link

8.Chris Shiflett said:

Hi Jim,

I've not yet implemented Facebook Connect for anything, but I will be doing so soon, just to learn more about it if nothing else.

Out of curiosity, did Twitter tell you that I'm only requesting read access? I hope so.

Thu, 10 Mar 2011 at 20:13:22 GMT Link

9.Drew McLellan said:

Interesting to read your thoughts on this, Chris. Thanks for posting.

Twitter correctly only asked for read-only access to my account. After authing with Twitter from a link at the end of the comments list, I was landed back at shiflett.org/community which was slightly confusing. I would be even better if I could have landed back here ready to post.

Thu, 10 Mar 2011 at 20:32:37 GMT Link

10.Chris Shiflett said:

Drew, you'll be glad to know that's already on my list of things to fix. :-)

Thu, 10 Mar 2011 at 20:35:50 GMT Link

11.Nicholas Sloan said:

Hey Chris! As an OpenID fan myself, I'm disappointed that it hasn't been more successful. On the other hand, I think OpenID really started the conversation about a universal identity for the web, and that's a great contribution on its own. I do like the distributed nature of OpenID, and I'm sad to see it replaced by a centralized, closed service, but I recognize the benefits that come of it.

Maybe we'll have it all one day.

Thu, 10 Mar 2011 at 23:18:04 GMT Link

12.Markus Wolff said:

Have you considered using JanRain's Engage? It's a one-stop service that enables your users to sign up with any number of different accounts, including Twitter, Google, Facebook, LinkedIn, MSN and, yes, OpenID ;-)

That way you'd only have to implement one service and everyone could still use the login method they like best. Not everyone has a Twitter account.


Fri, 11 Mar 2011 at 00:19:18 GMT Link

13.Jim Gaudet said:

Yes Chris, Twitter asked for Read Only access :)

Fri, 11 Mar 2011 at 01:03:49 GMT Link

14.Chris Shiflett said:

Hi Markus,

I considered using Janrain's Engage back when it was called RPX. Wez started using it shortly after I switched to OpenID. Outsourcing auth doesn't bother me as a concept, and Wez was pleased with how it worked out for him, but I didn't like the lack of control over the user experience.

As Giorgio correctly points out, people who comment on my blog almost certainly use Twitter, so I think this solution works pretty well.

Fri, 11 Mar 2011 at 02:11:20 GMT Link

15.Kelvin Jones said:

Using twitter for auth is a good solution, but I'd definitely advise against adding more than 1 auth provider seeing as you tie it to a profile.

The last thing I'd want to do is have to remember which 3rd party I used when I first commented.

Fri, 11 Mar 2011 at 11:21:04 GMT Link

16.Jonathan Bossenger said:

Thanks for the article but I'm really looking forward to your post on the Lithium redevelopment.

Fri, 11 Mar 2011 at 11:59:07 GMT Link

17.Till Klampäckel said:

While I agree that OpenID is far from perfect, I see a magnitude of issues with outsourcing 'identity' to any commercial entity.

And it's not just that I don't want Facebook, Google or Twitter to know everything about my social graph, it's also the technical issues that come with it when you rely on a third party.

For me the number one problem with OpenID is that the so-called providers a) never advertised it enough and b) they are just providers, never consumers. So what good is OpenID from Yahoo, Google and what not if they don't accept anyone's OpenID themselves?

Btw, to ease the pain we started using Janrain (formerly RPXnow) to support Facebook Connect, Google, Yahoo, AOL and OpenID in general. Integration has been extremely easy and smooth.

Of course in a perfect world I'd rather implement this myself but the issues that come with it with all the different providers are unreal. And realizing that e.g. OpenID with Google requires a special quirk is just one of the issues people face when they attempt to support this idea.

Fri, 11 Mar 2011 at 12:32:00 GMT Link

18.Praveen Kumar said:

I love this idea! Looking forward to your post on Lithium.

Fri, 11 Mar 2011 at 17:34:24 GMT Link

19.Praveen Kumar said:

Well.. I've noticed one thing. When I click on my profile, it displays wrong date of joining (1970 in my case). Just wanted to report it in case you've overlooked that.

Fri, 11 Mar 2011 at 17:36:36 GMT Link

20.Chris Shiflett said:

Thanks for letting me know, Praveen. I think I just fixed it.

Fri, 11 Mar 2011 at 18:01:36 GMT Link

21.Scott Martin said:

I'm about to finally get going with my own blog again and have been dealing with this same issue. How does the incident with Twitter pulling @girlgeeks affect your decision? I also look forward to hearing about Lithium.

Sat, 12 Mar 2011 at 00:57:03 GMT Link

22.Chris Shiflett said:

Hi Scott,

How does the incident with Twitter pulling @girlgeeks affect your decision?

It makes me a little uncomfortable, as you might imagine. I was very disappointed to read about that. For those who want to know what we're talking about, here's the story:


Sun, 13 Mar 2011 at 15:28:39 GMT Link

23.Greg Brophy said:

Very cool idea. Thanks for sharing.

Fri, 02 Mar 2012 at 20:11:54 GMT Link

Hello! What’s your name?

Want to comment? Please connect with Twitter to join the discussion.