> 1. I think the current text makes it clear which account is being used.
I do beg to differ, I have made the mistake of authorising the wrong
account during the testing. If the account was in the heading and/or
an extra paragraph was used in the text to split it up .. they are
separate paragraphs gramatically anyway then this can be
alleviated ... for the case of two tiny changes I dont think its worth
not doing as no harm can be done.

> 2. Not sure I like the idea of auto sign out. Maybe instead if the username
> is provided
>     as an additional parameter twitter will display the login prompt with
> the username provided.
>     The the user just enters their password and authorizes the app. This way
> the browser cookie
>     for the currently active session is not affected and will remain active.
Sounds fine to me

> A suggestion I might make is not asking for the user's twitter username
> before authorization. Instead
> have the user go to twitter and authorize which account they want. Then when
> they return back and you
> get the access token then detect which username is being used if you need
> it. You could even double check with the user that this is the account they 
> want.
Yes, I will be doing that for new accounts, but I wish to upgrade
existing accounts (its not a new app and there are lots of existing
users) ... this could cause confusion if they authorise the wrong
account which the app was expecting, but yes I was going to verify the
authorisation using the returned user name but its a potential
confusion that could be avoided; I just thought it might add an extra
useful path on the workflow and help allow the app to control a little
part of it.

Reply via email to