Skip to main content

Posts

Showing posts from November, 2012

Dear sign in providers: Users and developers want these features!

Dear Google, Facebook, Twitter, etc.,

I've got a nice, ready-to-use Single Sign-On system on my website. I've implemented a couple of providers (Google and Facebook) and, during my interactions with users and developers online, I've come up with a short list of a few things that I see as things that are must-haves that you need to change about your services to make it easier and more sensible to integrate with.

First, I should be able to pass a couple of URLs to your server that will display two links on the page where the user authorizes access for my application. Specifically, links to Terms of Service and Privacy Policy documents. These are legal documents and, without them, they open up the possibility of legal liability for the service that you are providing authentication for. Not having them defeats the purpose of providing the sign in service in the first place. A Privacy Policy or similar document also affords the perfect location for users to see why I'…