Awesome this will definitely improve the process. In particular the users will only have to face the question of "Deny or Allow" access only once.
The only problem I foresee is if multiple users use the same computer. This way if USERA is already signed in to Twitter and USERB attempts to log into my site, USERB might not pay too much attention and end up using USERA's account. Ofcourse I can solve this by making it so obvious on my site who is signed in. But then USERB would have to go back to Twitter sign out USERA , then sign in to Twitter, go back to my site and click the log in button on my site. The ideal solution for me is when a user tries to sign in through my app, they should be directed to a new authorization URL that asks the question: "continue to sign in as USERA or sign in with a different account?" They click continue and are sent to the call back URL. I know that this defeats the purpose of one-click log in. But it helps in solving the problem of someone inadvertently using someone else's account Plus asking someone to "continue or sign in with a different user"is a much softer question then "Deny or Allow access?" which sounds like a much more critical question. I still like the change and will begin using it, however if there was the option of what I describe above, then I would use that. Also thanks for making it so simple to adopt the new flow! On Apr 16, 10:45 am, Ivan Kirigin <[email protected]> wrote: > Zac, this can be solved just be properly modeling user accounts and > twitter accounts. > > It should be one-to-many. Signing in with any of their twitter > accounts can sign in that user. > > Let me know if that doesn't address your problem. > > Ivanhttp://tipjoy.com > > On Apr 16, 1:18 pm, Zac Bowling <[email protected]> wrote: > > > Hi Doug, > > > There is a use case that sort of sucks when you don't force the user > > to authenticate each time, and thats when a your application supports > > multiple twitter accounts. Its nice to shortcut authenticating because > > it removes a step for the end user, but it sucks when you are trying > > to associate with multiple accounts. > > > It would be nice if we could pass a flag to force login to show, or > > pass in an expected username and if its not the same as what twitter > > has for their session cookie, it invalidates and forces a login or > > something. > > > Not sure if something like this exists already or anyone has ran into > > this issue and figured out a work around. > > > Zac Bowling > > > On Thu, Apr 16, 2009 at 9:55 AM, Doug Williams <[email protected]> wrote: > > > > Related: More OAuth documentation is to come throughout the day so > > > some of the links will be broken. It's a glaring omission in the > > > documentation. > > > > Let's use this thread to fill the holes people find while implementing > > > Sign in with Twitter for the time being. > > > > Cheers, > > > Doug Williams > > > Twitter API Support > > >http://twitter.com/dougw > > > > On Apr 16, 9:52 am, Doug Williams <[email protected]> wrote: > > >> Matt has deployed our answer for one click login. It requires only a > > >> small > > >> change to the normal Twitter OAuth workflow and is documented here: > > > >>http://apiwiki.twitter.com/Sign-in-with-Twitter > > > >> This is the perfect tool for web applications wanting to offer users the > > >> ability to sign in with a Twitter account and a single mouse click. We > > >> want > > >> to see it in the wild so please let us know if you roll this out in your > > >> application. > > > >> Thanks, > > >> Doug Williams > > >> Twitter API Supporthttp://twitter.com/dougw
