Thanks for chiming in here. At our startup we are trying hard to reassure users we're not going to misuse the Facebook access they're giving us. Even though we're asking for a fairly limited set of rights, the permissions screen that appears after the Facebook Graph login is quite intimidating. The design has a warning stripe across the type that is reminiscent of a danger sign, and combined with the copy, inspires a feeling of alarm. See http://developers.facebook.com/docs/authentication/ for a screen shot. It would be better if the screen were friendlier and less evocative of danger.
Additionally, the oauth tokens should be long-lasting by default. We originally set up our site to not ask for an extended-life token, because we wanted to reassure users that we weren't going to be posting things on behalf when they weren't using the site. But this ruined the user experience. A short time after logging in to our site, a user would initiate an action, but because their token had expired, we had to pop open a new Facebook login window, interrupting what they were doing. Users were annoyed at having to constantly re-login to Facebook. So we now ask for the extended life permission. While this improves the user experience, it adds another intimidating message on the Facebook permissions screen, implying we're going to be posting on their behalf even when they don't initiate it.
Happy to chat more about what we're doing and give additional feedback.
Thanks for chiming in here. At our startup we are trying hard to reassure users we're not going to misuse the Facebook access they're giving us. Even though we're asking for a fairly limited set of rights, the permissions screen that appears after the Facebook Graph login is quite intimidating. The design has a warning stripe across the type that is reminiscent of a danger sign, and combined with the copy, inspires a feeling of alarm. See http://developers.facebook.com/docs/authentication/ for a screen shot. It would be better if the screen were friendlier and less evocative of danger.
Another way to improve the user experience would be to consolidate the login form and permissions to a single screen. Twitter's oauth login screen does this well. Screen shot: http://followfridayhelper.com/images/help-login-via-oauth.pn...
Additionally, the oauth tokens should be long-lasting by default. We originally set up our site to not ask for an extended-life token, because we wanted to reassure users that we weren't going to be posting things on behalf when they weren't using the site. But this ruined the user experience. A short time after logging in to our site, a user would initiate an action, but because their token had expired, we had to pop open a new Facebook login window, interrupting what they were doing. Users were annoyed at having to constantly re-login to Facebook. So we now ask for the extended life permission. While this improves the user experience, it adds another intimidating message on the Facebook permissions screen, implying we're going to be posting on their behalf even when they don't initiate it.
Happy to chat more about what we're doing and give additional feedback.
Lee Semel