Matt, Thanks for the reply. I'm referring to a popup browser window that displays the full url. The technique is not designed to mask the oAuth process, it's designed to improve the experience for the user. Devs have been using this technique since Twitter released oAuth.
The popup allows the user to remain on the current web page so he or she isn't jarred through multiple screen changes during a login. The Sign in With Twitter button on my blog serves as an example - http://is.gd/qlpZ4L On Apr 28, 3:31 pm, Matt Harris <thematthar...@twitter.com> wrote: > @Shannon: thanks for the feedback on this. The new screens are fluid in size > so wrap to the available space. Hosting in a local iframe isn't something > we've encouraged in the past. We prefer the user to be taken to the > authenticate or authorize page in a tab/new window that they can see the URL > of. This is a good area for us to write some guidance for so thanks for > raising this. > > @Orian: great feedback and definitely something for us to take on board - > thanks. This is a first release of these pages to get a feel for if they are > going in the right direction. We tried to select a number of phrases that > explain the access that's being granted to an application but that are also > easy to understand. I think there will always be some that don't make it, > but there are others, like the ones you raise, which would help aid > transparency more. > > @themattharris > > On Thu, Apr 28, 2011 at 3:00 PM, Orian Marx (@orian) > <or...@orianmarx.com>wrote: > > > > > > > > > I think it's good to be giving users more information on what they are > > granting access to, but by leaving out a number of things there are > > misleading implications. In particular, this list does not mention > > that users will be granting access to all their private DMs. I also > > find it interesting the list mentions the ability to follow new > > people, but not to unfollow existing people. > > > Obviously it's been to everyone's benefit who has built apps that rely > > on OAuth up to this point that there has been specific mentioning of > > access to DMs as this would likely turn off a lot of people from > > granting access to experimental apps. The reality is that the OAuth > > system needs finer-grained controls. It would be good to hear if there > > has been any new thought on this from Twitter engineering. > > > Otherwise, I like the new page :) > > > @orian > > > On Apr 28, 5:02 pm, Matt Harris <thematthar...@twitter.com> wrote: > > > Hey Developers, > > > > Some of you may have noticed already that earlier today we deployed a > > > redesign of the OAuth screens. > > > > We know both you and your users have been asking for better clarity about > > > what an application can see and do with an account and these screens are > > a > > > step towards doing that. > > > > One of the areas we wanted to improve is showing the details of your > > > application. If you visit the new screens you will see we've separated > > your > > > application details from the permissions that are being requested. We did > > > this to help users see that it is your application, not Twitter's. > > Remember > > > you can update your application details at anytime onhttp:// > > dev.twitter.com/apps. > > > > Mobile and international support has also been improved and we now use > > the > > > same rendering templates as those created for Web Intents. This ensures > > the > > > design matches the rest of #newtwitter and, more importantly, works > > > cross-browser, cross-platform, and multilingual. > > > > We hope you find the new designs more welcoming and friendly. Let us know > > > what you think. > > > > Best, > > > @themattharris > > > Developer Advocate, Twitterhttp://twitter.com/themattharris > > > -- > > Twitter developer documentation and resources:http://dev.twitter.com/doc > > API updates via Twitter:http://twitter.com/twitterapi > > Issues/Enhancements Tracker: > >http://code.google.com/p/twitter-api/issues/list > > Change your membership to this group: > >http://groups.google.com/group/twitter-development-talk -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk