Why does NextGurus.com use Twitter to create accounts and log our members in? How does it work? Are we going to hijack your Twitter account? I imagine these questions are going to come up, so let’s answer them in advance.

Why do we use Twitter login?

I chose the Twitter login system for several reasons:

  • It saves you the trouble of keeping track of yet another username and password to log into this site.
  • It automatically connects our members to their Twitter profiles, which is good for several reasons:
    • If you want to follow or connect with someone you find here, you can do so using Twitter.
    • It gets you more exposure for your Twitter profile.
    • We don’t have to duplicate Twitter’s functionality.
    • You don’t have to maintain yet another social media profile that does exactly the same thing as an existing one. (Anybody have profiles on MySpace, FaceBook, LinkedIn, etc.? Do you keep all of them up-to-date? I sure don’t!)

How does it work?

You may have noticed that the login link is the same as the create account link. To explain why, let me guide you through what happens when you click that link.

  1. We send you to a special link on twitter.com.
  2. Are you already logged in to Twitter?
    • Yes: go to the next step
    • No: they show you a login screen.
  3. Have you created a Next Gurus account yet?
    • Yes: continue to the next step.
    • No: they ask you whether you want to authorize Next Gurus to read information about your account. If you say yes, continue to the next step.
  4. Twitter sends you back to NextGurus.com with a unique authorization code.
  5. We check the authorization code with Twitter to make sure it’s legitimate and to get your Twitter username.
  6. We check our database to see if you already have a Next Gurus account.
    • If not, we create your Next Gurus account and log you in.
    • If your account already exists, we just log you in.

Are we going to hijack your Twitter account?

Hey, that’s a valid concern.

One thing you’ll notice in the previous section is that we never ask for your Twitter password — you only enter it on Twitter’s website. So there’s no way for us to log into your Twitter account.

The next question is whether we’ll use the access you grant us to send tweets or DMs through your account. The answer is no, and because of the way we’re set up with Twitter, we couldn’t if we wanted to. Why? Because there are two levels of access that Twitter apps can request:

  • Read-only access: the app can access information about the Twitter account, but can’t send messages or make changes (this is the access level that Next Gurus has).
  • Read and write access: apps with this level of access can send messages and monkey with your Twitter settings. Since all we’re interested in is verifying your identity (or at least the identity of the alter-ego you created on Twitter :-), we don’t need all that, so we don’t ask for it.

So there you have it. As long as Twitter isn’t over capacity, using Twitter to create and log people into Next Gurus accounts is convenient for you and meshes well with our goals, so that’s how we’ve decided to do it.