Hello. Just a little note to alert you to a couple of small tweaks we put out to the OAuth authorization screens today, which clears up the denial flow and improves the user experience for OS native applications.
We’ve fixed a confusing aspect of the denial flow in the Authorize and Authenticate interfaces. Previously, Deny (or Cancel) required a user to be signed in (it was used to invalidate any existing tokens the user had for the application.) This was especially annoying if the user wasn’t signed in, as clicking
Cancel would return an authentication error rather than just returning the user to whence they came. We’ve made a small change, which provides a good opportunity to lay out afresh how this part of the flow works, such that you can consider it your application design.
• In the tweaked flow, clicking
Cancel when authorizing Web and Out-of-Band applications no-longer requires a user to authenticate, and takes them straight to the cancellation screen, which if they are logged in will confirm the application’s current authorization state, and link back to the app to close the loop.
Cancel when authorizing a native OS application (e.g. one with a non-HTTP(S) URL
oauth_callback, such as
twitterrific://) will now directly link the user back to the application via the custom-protocol callback.
• Since clicking
Cancel in native apps will redirect a user directly, the “Cancel, and return to Application” link that was inserted below application descriptions has been removed. The conventional
Cancel button will now do what the user expects. Removal of this link unclutters the layout, and the application description takes up less space in the smartphone version of the interface.
• Users can no-longer invalidate an access token through the authorize flow, which was never really a clear consequence of the interface. We instead direct users to their Application Settings page to revoke application access. If you have a place in your application prompting a user to revoke access to your application for any reason, please direct them there.
Hopefully you’ll find this a useful adjustment, and please let me know if you run into any difficulties.