[wp-meta] [Making WordPress.org] #1524: WordPress.org SSO: custom template handling and CSS for login-related screens
Making WordPress.org
noreply at wordpress.org
Sat Jan 23 15:44:03 UTC 2016
#1524: WordPress.org SSO: custom template handling and CSS for login-related
screens
--------------------------+---------------------------------------
Reporter: stephdau | Owner: stephdau
Type: enhancement | Status: assigned
Priority: normal | Component: login.wordpress.org
Resolution: | Keywords: has-screenshots has-patch
--------------------------+---------------------------------------
Comment (by melchoyce):
Hey @hugobaeta, I think your latest mockups are really moving in a good
direction for the next iteration of this screen. Having a background
underneath the entire form feels really focused. I think that if only part
of the form was constrained in a box, the rest of the information would
fade back a little too much into the background, since the attention would
all be focused on the fields. If we're trying to emphasize that you're
logging into WordPress.org, having the logo and the supplementary text
fade back seems like it wouldn't improve clarify.
Speaking of clarify, for all that it's a bit busier, I like the
WordPress.org logo; I think it's okay to over explain where you're logging
in to, since people logging in to the wrong place by accident was one of
the prompts for redesigning this page. A little overkill can go a long
way.
Looking at oAuth screens, there seem to be two trends:
https://cloudup.com/cWir3T67OSw
1. If you're logged out, log in on one screen, and then approve on a
second (eventbrite, facebook, g+, path, tumblr)
2. If you're logged out, log in and authorize on the same page (linkedin,
twitter)
All of them (except for Linkedin, which makes you log in again, even when
it shows you being logged in) allow you to authorize on one screen if
you're logged in already.
The `log in --> approve` method is nice because it doesn't force you to
throw all of your information, plus login form, on the same screen. It's
not a bad flow. If you're already logged in to WordPress.org, you'd just
see the second screen.
In general, the screens seem to have the following information:
- The service you're authorizing, strongly branded
- "This app wants to access [the following features]. Is that okay?"
- Authorize or Deny buttons
- Who you are logged in as
They're also all popup windows, so we have the advantage of being able to
control the size of the window we're presenting on desktop.
Do we know what a WordPress.org single sign-on would be able to access? My
guess would be a list of themes and plugins you've created, your basic
profile information, your contribution history, and maybe your support
forum history? @stephdau, do you know?
@mapk, I know you've done some work into the oAuth screen already, but I
think it would be a good next step to take a step back and sketch out some
flows based on Hugo's new layout. I think you should keep really low-fi at
first — either pen & pencil or something like balsamiq to start. That'll
help you nail down the flow and information that needs to be included
without having to worry about the overall styles yet.
If you don't want to share low-fi deliverables with the community at
large, you're welcome to ping me (and any other core designer) for
feedback whenever you'd like. As a group, we do a lot of peer revision and
impromptu feedback sessions, both in #design and in DMs or group chats. I
try to get feedback on projects from fellow designers early and often
(especially after I've been staring at it for a while and start to lose
track of the bigger picture).
I know this has been sort of a stressful first community project for you,
especially with all of us jumping in (sorry!), but I think you've been
handling it really well and this is really on-track.
--
Ticket URL: <https://meta.trac.wordpress.org/ticket/1524#comment:34>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org
More information about the wp-meta
mailing list