Auth flows for web widgets?

George Fletcher gffletch at aol.com
Tue Mar 17 18:50:01 UTC 2009 

Hi Allen,

I hadn't seen that flow; thanks for the pointer. I can see making this 
flow work for widgets displayed as part of a widget container, though I 
agree that a more streamlined UI would help. Do you think that most 
users will understand what's happening and be OK with the popup? I'm 
wondering if they will feel safer? or just more confused?

Also, will certain environments block the popup window? Not that I see 
any easy alternatives:)

Thanks,
George

Allen Tom wrote:
> Hi George,
>
> Have you seen the Yahoo Updates Gadget for iGoogle?
>
> http://developer.yahoo.net/blog/archives/2009/03/igoogle_open_updates.html 
>
>
> The gadget opens a popup to do the OAuth dance with Yahoo. After the 
> user authorizes the gadget, the user closes the popup, and the gadget 
> fetches the OAuth credentials.
>
> The Yahoo OAuth UI was *not* designed to render in a popup, and there 
> are lots of things that can be improved. For instance, the screens are 
> way too large, there are three screens (one too many), and the user 
> has to somehow know to close the popup window after reaching the last 
> screen to return back to the gadget. Also, the screens are excessively 
> scary and wordy, but that's a different topic altogether.
>
> Allen
>
>
> George Fletcher wrote:
>> Hi,
>>
>> I'm wondering if anyone has developed UX flows for web based 
>> "widgets" that don't implement the "password anti-pattern"?  Most 
>> widget's that require an identity provide an "authentication form" on 
>> the "back" of the widget. I'm trying to figure out how to propose a 
>> good user experience that doesn't require the "password 
>> anti-pattern". For instance, it seems weird to popup a browser window 
>> from the "back" of a widget. Just wondering if anyone has examples 
>> for solving this. I realize a widget container can help... but I'm 
>> looking for the standalone solution right now.
>>
>> Thanks,
>> George
>> _______________________________________________
>> user-experience mailing list
>> user-experience at openid.net
>> http://openid.net/mailman/listinfo/user-experience
>
> _______________________________________________
> user-experience mailing list
> user-experience at openid.net
> http://openid.net/mailman/listinfo/user-experience
>

-- 
Chief Architect                   AIM:  gffletch
Identity Services                 Work: george.fletcher at corp.aol.com
AOL LLC                           Home: gffletch at aol.com
Mobile: +1-703-462-3494           
Office: +1-703-265-2544           Blog: http://practicalid.blogspot.com

More information about the user-experience mailing list