Comment 2 for bug 1522360
Revision history for this message
| Alberto Mardegan (mardy) wrote Re: [Bug 1522360] Re: Online Accounts authorization on desktop (unity7) is confusing | #2 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
On 04.01.2016 20:59, Matthew Paul Thomas wrote:
> "the first time that these processes start using the newly created
> account, they need to be authorized by the user: this is not something
> that we can control, as it's a requirement from the remote server"
>
> Is this true on the phone as well? If not, how does the phone avoid
> this? And if so, the phone Online Accounts design needs changing too.
It is true on the phone as well: Once the user clicks on our "Allow"
button on the phone, we only authorize the application to use the Online
Account data which we have locally, but then when the application
actually uses this account's data on the remote server, the remote
server might want to send the user through a web-based authorization.
Usually this happens on the very first time the user wants to use this
application on his account: that is, if the account gets deleted locally
and then the user performs the same steps again, he generally won't be
asked to reauthorize the app, because the authorization is remembered by
the remote server (though, that's totally up to the remote server:
Google and Facebook generally remember the apps, but other services don't).
When this happens on the phone, most of the times these authorization
requests are initiated when the requesting app is running on the
foreground, so we simply show the "trusted session" UI on top of the
app, containing the webview with the remote service's autorization page.
This is usually not a disruption of the user's activity because it
typically happens after the user has explicitly asked the application to
perform some action.
I'd say that the problem only involves those system services which run
on the background; these are much more common on the desktop than on the
phone, but indeed the issue is not limited to the desktop only. See for
example bug 1507540.
[...]
> In this case we can't Just Do It. So, we should provide a button to do
> it. What should that button look like? We're allowing the service to
> access a particular account, so let's label the button "Allow". To make
> the alternative obvious, we should have another button for that, "Don't
> Allow". And of course we should identify the service and the account it
> wants to access, so let's use text for that, above the two buttons.
>
> By now this should be sounding very familiar ... It's the standard
> Online Accounts dialog! The only difference here is that we have to show
> the Web UI afterwards, so "Allow" should be "Allow…". That's all.
>
> Now, I guess you're going to tell me that reimplementing that in Unity 7
> would be far too invasive. If so, let me know how much you're
> comfortable implementing, and we'll see how close we can get.
As I explained above, the problem is different: this is about notifying
the user that an application *other than the active one* (so, it could
be a system service or an unfocused app) needs his attention. I don't
think we want to popup a dialog in that case.