I am looking into adding OAuth authentication to twitcher (http://
coderanger.com/twitcher), my twitter client, and have a couple of

1. The authorisation page at twitter.com, isnt particularly clear as
to the account being authorised. This could be an issue with users
authorising multiple accounts from an app. Can I suggest it is split
into paragraphs and the account name is added to the heading, like:
An application would like to connect to your '<accountname>' account.

The application twitcher by Coderanger.com would like the ability to
access and update your data on Twitter. This application plans to use
Twitter for logging you in in the future.

Sign out if you want to connect to an account other than

2. It would be useful if you could pass the username up to the
authorisation page along with the authorisation token. Then at your
side, if the username is different to the one currently signed in, you
can auto sign out and place the new username passed into the username
text input ready for signing in by the user. I think this will improve
workflow for the customer where multiple-accounts are involved, but
also when upgrading a system that has been using BasicAuth, and avoid
potential confusion and mistakes. I dont think there can be any
security implications for doing this so it would be a possible change
should you so desire.


Reply via email to