I was surprised account duplication wasn't mentioned as a disadvantage. If a user taps the wrong button on their tablet, then they can end up with one or more duplicate accounts if the e-mails are different.<p>I currently have an e-mail confirmation screen that makes it clear a new account is about to be created. I seem to remember Stack Overflow getting me to click a button too. It adds no real burden to new (non-Twitter) users.<p>I'm still wondering about the best way to handle this in Rails though. Passing the OAuth hash data through a second request to confirm the e-mail doesn't feel quite right to me, even if I make an OAuth service object to clean up the code and some policies to standardise the hash.
I've been looking at OAuth a bit lately.<p>I'm amazed there is no open-source, drop-in HTTP proxy to authorise access to REST APIs. The closest I've found is PingFederate, which is kind of expensive, and DoorMan[1], which seems incomplete and unmaintained.<p>Am I the only person who'd find this useful? What are other people doing - building it into their APIs?<p>[1] <a href="https://github.com/movableink/doorman" rel="nofollow">https://github.com/movableink/doorman</a>