Oauth Pin flow issue for Apps, Desktop Flow


#1

Flow is to add twitter account on is:

Good flow:

  1. Add twitter account
  2. Twitter oauth page shows up to “sign in to twitter and authorize account”
  3. User signs in and Pin returned
  4. User enters pin
  5. done

Bad Flow:

  1. Add twitter account
  2. Twitter oauth page shows up to “sign in to twitter and authorize account”
  3. User doesn’t know password, so on the page “Forgot your password”.
  4. User is taken away from the oauth flow entirely and not returned to the flow after a password reset.
  5. User can never authorize the app once leaving the flow unless they restart the process from scratch.

Many thanks for ideas, or when twitter can fix this, or what developers should do differently.


#2

Any ideas anyone?


#3

Well… “Forogt your password” is a pretty big flow-breaker.

Signing out and logging in with a different user works fine. Put perhaps they could remember the OAuth flow ‘session’, yes…


#4

In applications like adobe air which have to use the pin-based flow, open up a browser within the app, they need a way to return to the flow. Otherwise users who are not programmers, won’t know that they have left the flow and will try and sign in unsuccessfully.

Thanks!

Alan


#5

Are you able to register a URI handler for your AIR application in the environments you want to distribute your app?


#6

Do you mean that are we able to detect what URL its gone to and force it to open in a new browser window?


#7

No… if you’re able to tell Windows or Mac or whatever OS you’re on that your application can be reached at:

superairapp://twitter_callback

Then instead of using OOB based OAuth, you can use dynamic oauth_callback=superairapp%3A%2F%2Ftwitter_callback instead and have the tokens redirected directly into your app.


#8

We have looked at this before this before, but we couldn’t get it to work so we stuck with the pin based flow, now we know what we’re looking for this could just work.

We haven’t seen any other air app get this working, curiously, do you know of one?

Sorry for the confusion btw, got ya now.