

Show HN: A HackerNews clone, host it yourself. - rukshn
https://github.com/rukshn/helius

======
negativeview
I'm likely a fuddy-duddy, but I agree with mijndert. I detest the idea of
using Site A to authenticate with Site B.

For only the tiniest benefit to me (I guess it's marginally faster to sign up,
maybe?) and no real benefit to you, your service is now beholden to another.
What if Twitter bans a user that is valuable member of your site? What if
Twitter goes under? What if Twitter is outlawed in some countries? What if I
have a moral obligation to signing up for Twitter in the first place?

~~~
rukshn
I agree with all of your points.

But one of the big advantages is the one click sign up, no need to add profile
picture etc.

Plus email sign up takes too much time and filling information that people
might not like to fill.

Overall I agree. But what alternative do we have?

~~~
negativeview
For my own site, I have four form fields on the signup page. Username,
Password x2 and an optional email. That, IMO, is actually easier than the
twitter flow.

With the twitter flow, I have to click to sign in, then read what permissions
you're requesting (from another comment I hear that you aren't requesting
permission to tweet for me, which is GOOD), then click to accept.

Since I personally don't require email, the user actually has to give me zero
personal information. Using twitter, on the other hand, I have to give you my
twitter handle, which might actually be personal information. I don't know how
you're going to USE that information, so if it's personal, I'm not sure if
that information is going to be shown to everyone in the community or not.

~~~
rukshn
Well the site I set up using this code, I created a Twitter app that didn't
ask for permission to Tweet because I only need it to login the user.

What do you mean in your site the email is OPTIONAL? How can user reset their
password if they forget their password? IF a user sign up using their email
then they have to confirm it as well which makes the user to log in to his
email.

Also users have one less password to remember if they use Facebook or Twitter
sign in?

What if the site needs a profile picture for user profile? Then the signup
process takes longer time and users have to fill a larger form.

I'm not saying I'm totally in for Social signups, but what alternative do we
have?

~~~
negativeview
I honestly haven't had anyone needing to reset their password yet. In my
particular case it's not really the end of the world if someone gets locked
out, but I should probably think what I'd do in that case...

Let's be real. Most users reuse their password for everything anyway. Those
that don't likely use a password manager of some sort.

I doubt that any site _needs_ a profile picture. Even Twitter gives you a
default if you don't want to set it.

The alternative we have is what we did before social was a thing. The Internet
existed before Twitter. The very site we're on doesn't require a social
pairing to sign up for it!

------
mijndert
Why did you choose to use Twitter as the sole way to register? This might be
old information by now, but I think Twitter is still very restrictive when it
comes to giving out tokens.

~~~
rukshn
Well 100,000 token limit is for only for clients (correct me if i'm wrong) not
for apps that using Twitter to sign in (Apps that sign, without Tweeting or
Direct messages permissions).

[http://thenextweb.com/dd/2012/09/05/twitter-releases-next-
ve...](http://thenextweb.com/dd/2012/09/05/twitter-releases-next-version-api-
clarifies-user-token-limits-following-complaints/)

You are free to fork it to add a custom login system :)

