In a tweet, Brett praises the OAuth-based UX between WeFollow and Twitter.
Personally, I find it confusing in a couple of places.
First, on the WeFollow (OAuth Consumer) side, I'm getting mixed messages.
'Authorize WeFollow' tells me that I'm in the driver seat and have control over WeFollow. But 'need to verify your identity on Twitter' gives the impression that it's WeFollow doing me the favour, and not the other way around.
Once I get sent over to Twitter (the OAuth SP), I stay confused
If I'm presenting my password (or other credential), I expect to see a 'LogIn' button, not an 'Allow'.
This UI confused Sxipper as well. When I allowed Sxipper to fill in and submit the form, the result wasn't what I expected.
2 comments:
I had the same problem with sxipper. Then, not sure whether I wanted to post a tweet about joining the "directory", and having a couple of ad-hoc meetings, it was over an hour before I clicked the button to send the tweet. At that point I got another failure message from wefollow. So I just gave up.
I think I see why your UX was different from mine. I was already logged into Twitter when I kicked this off so all I got was a confirmation screen that asked me if I really wanted to do this and/or if I wanted to do this under a different Twitter account. So all I had to do was click ok and I got the WeFollow confirmation and was able to thereafter jump right into the WeFollow UI and enroll myself.
Honestly, it was pretty sweet.
But it looks like an interop (IOP) problem that shows the "not logged in to Oauth SP when initiated" flow isn't robust, at least not between these two implementations.
Maybe Oauth needs a Test Procedure that is well designed to isolate this particular flow (it's a common flow and should work better than what you two experienced).
Post a Comment