This would be helpful for us, too. It's one of the biggest customer support
issues I have now that we're using OAuth.
Jesse

On Mon, Aug 3, 2009 at 2:55 AM, Coderanger <d...@coderanger.com> wrote:

>
> I am looking into adding OAuth authentication to twitcher (http://
> coderanger.com/twitcher), my twitter client, and have a couple of
> suggestions:
>
> 1. The authorisation page at twitter.com, isnt particularly clear as
> to the account being authorised. This could be an issue with users
> authorising multiple accounts from an app. Can I suggest it is split
> into paragraphs and the account name is added to the heading, like:
> ~~~~~~~~~~~
> An application would like to connect to your '<accountname>' account.
>
> The application twitcher by Coderanger.com would like the ability to
> access and update your data on Twitter. This application plans to use
> Twitter for logging you in in the future.
>
> Sign out if you want to connect to an account other than
> <accountname>.
> ~~~~~~~~~~~
>
> 2. It would be useful if you could pass the username up to the
> authorisation page along with the authorisation token. Then at your
> side, if the username is different to the one currently signed in, you
> can auto sign out and place the new username passed into the username
> text input ready for signing in by the user. I think this will improve
> workflow for the customer where multiple-accounts are involved, but
> also when upgrading a system that has been using BasicAuth, and avoid
> potential confusion and mistakes. I dont think there can be any
> security implications for doing this so it would be a possible change
> should you so desire.
>
> Thanks

Reply via email to