From Social Patterns
The user wants to participate on a site by bringing their data and files over from another site.
- Use this pattern when features on your site are enhanced or filled in by accessing data and files from another site (Site A).
- Use this pattern when user generated content or data on your site has the potential to enhance or enable other sites that your users may be participating in (Site B).
- For Site A:
- Before automatically using the Password Anti-Pattern (see pattern) to access a user’s data, check to see if the other site is using Oauth. If so, tap into that protocol to facilitate the data transaction.
- Site A should ask the user what data they would like to access.
- Show possible choices, like flickr, photobucket, smugmug, etc for photos or Yahoo! Address Book, Plaxo, Google, etc. for contacts.
- Once the user selects the site where their data lives, Site A should send the user to that site to grant access.
- Information about how the data will be used should be presented on Site A.
- For Site B:
- Use the open authentication protocol, Oauth, to facilitate the authorization process.
- Site A will send their user to Site B. The user signs into the account and Site B should present a screen that asks if they really want to share the data with Site A.
- Upon agreement, the user is sent back to Site A and the data is now available in that experience.
- Information about how Site A will use the permissions granted should be clearly presented to the user on Site B.
- Allow the user to cancel the authorization at any point.
- Provide an easy way for the user to revoke permissions from Site A.
Using an authorization flow and protocol like Oauth, allows a user to give access between sites without exposing their user name and password. This process is the preferred method of allowing data sharing rather than using the Password Anti-Pattern.
As Seen On