1.      The page needs to display correctly (laid out nicely, with the
entire form "above the fold") on a 2.4" QVGA (240x320 and 320x240) screen
when images, Javascript, and flash are all disabled. 

2.      Replace the manual PIN entry requirement with something else. The
OAuth 1.0a designers greatly under-estimated the poor usability of manual
PIN entry, especially on mobile devices. One suggestion off the top of my
head: allow OAuth 1.0 (in addition to OAuth 1.0a) if--and only if--all parts
of the OAuth authorization flow take place in the same TLS session (e.g.
using TLS session resumption and/or a persistent HTTPS connection when/if
Twitter supports persistent connections) and the application is registered
as a desktop app (not a web app).


Raffi Krikorian wrote:

hey fabien (and the rest of the list).


what do you think we could do to improve this for all of you?

Reply via email to