Personal tools


From Social Patterns

Revision as of 23:28, 12 November 2008 by Emalone (Talk | contribs)
Jump to: navigation, search


Problem Summary

The user wants to participate on a site by bringing their data and files over from another site.


Authorization screen let’s the my Flickr application access profile information on Facebook.

Fig. 18 – Authentication screen from My Flickr Facebook Application to read from account.

Fig. 19 – Flickr’s Authorization screen giving third party read access to data in the flickr account. Allowing the access, let’s flickr pictures from my flickr stream show up in a Facebook application on my Facebook profile.

Use When

  • Use this pattern when features on your site are enhanced or filled in by accessing data and files from another site (Site A).
  • Use this pattern when user generated content or data on your site has the potential to enhance or enable other sites that your users may be participating in (Site B).


  • For Site A:
    • Before automatically using the Password Anti-Pattern (see pattern) to access a user’s data, check to see if the other site is using Oauth. If so, tap into that protocol to facilitate the data transaction.
    • Site A should ask the user what data they would like to access.
    • Show possible choices, like flickr, photobucket, smugmug, etc for photos or Yahoo! Address Book, Plaxo, Google, etc. for contacts.
    • Once the user selects the site where their data lives, Site A should send the user to that site to grant access.
    • Information about how the data will be used should be presented on Site A.
  • For Site B:
    • Use the open authentication protocol, Oauth, to facilitate the authorization process.
    • Site A will send their user to Site B. The user signs into the account and Site B should present a screen that asks if they really want to share the data with Site A.
    • Upon agreement, the user is sent back to Site A and the data is now available in that experience.
    • Information about how Site A will use the permissions granted should be clearly presented to the user on Site B.
    • Allow the user to cancel the authorization at any point.
    • Provide an easy way for the user to revoke permissions from Site A.


Using an authorization flow and protocol like Oauth, allows a user to give access between sites without exposing their user name and password. This process is the preferred method of allowing data sharing rather than using the Password Anti-Pattern.

Related Patterns

Password Anti-Pattern

As Seen On