> The current language "to access and update your data on Twitter" is so > vague as to be meaningless.
Agreed. > I would definitely support greater disclosure here, but would avoid > the checkbox model of authorizing different levels of access (http:// > www.flickr.com/photos/factoryjoe/2601626420/sizes/o/). Why is that? Do you have any evidence against it? My own (limited, informal) testing tells me people feel more in control with checkboxes. > Instead, you should allow the application developer to pick the > appropriate API access level it needs (read only, posting, friending, > direct messaging, all access) and then provide that language to the > user upon authorization. You mean, like the Flickr example, yeah? http://www.flickr.com/photos/factoryjoe/3295727080/sizes/o/ My preferred implementation would not have them as 'levels', but as 'options'. They're different components or aspects of the functionality. Some apps need to change your profile, but most don't. Some apps need to send tweets but not do anything else. Some apps need access to everything. I'm building an app at the moment where all I need is to know you own the account. Anything else is superfluous to my needs, but any user that authorises my app will be giving me the valet key to the kingdom. I want to be able to pick the options my app needs in order to work to fullest effect, and display them to the user as checkboxes. In my OAuth admin panel, I indicate which functionality is required and which are just 'nice-to-haves'. Twitter presents the form to the user as options and indicates which are required for the app. User picks want they want and validation determines if they meet the minimum for my app. I think OAuth tends to have the exact opposite user experience problem as OpenID. OpenID needs to be faster with less options, whereas OAuth is rushed and doesn't offer the user enough involvement. I realise the above is far more work than simply stronger wording on authorisation form, but I think something of that nature offers a far superior experience for our customers. Lachlan Hardy
