I am looking into adding OAuth authentication to twitcher (http:// coderanger.com/twitcher), my twitter client, and have a couple of suggestions:
1. The authorisation page at twitter.com, isnt particularly clear as to the account being authorised. This could be an issue with users authorising multiple accounts from an app. Can I suggest it is split into paragraphs and the account name is added to the heading, like: ~~~~~~~~~~~ An application would like to connect to your '<accountname>' account. The application twitcher by Coderanger.com would like the ability to access and update your data on Twitter. This application plans to use Twitter for logging you in in the future. Sign out if you want to connect to an account other than <accountname>. ~~~~~~~~~~~ 2. It would be useful if you could pass the username up to the authorisation page along with the authorisation token. Then at your side, if the username is different to the one currently signed in, you can auto sign out and place the new username passed into the username text input ready for signing in by the user. I think this will improve workflow for the customer where multiple-accounts are involved, but also when upgrading a system that has been using BasicAuth, and avoid potential confusion and mistakes. I dont think there can be any security implications for doing this so it would be a possible change should you so desire. Thanks