OAuth2 for iPhone and iPad applications

  • A client requests access to a provider’s service using its own unique client ID and secret token.
  • The user logs into the service directly (using a web page on the provider’s server) and grants the client permission to access.
  • The provider redirects the user to a URL unique to the client passing along a verification code in the query string.
  • The client verifies the authorization request and uses the verification code from step 3 to obtain an access token.
  • The client may periodically refresh the access token when it expires.

Source: OAuth2 for iPhone and iPad applications

Flow Chart 和 UI Flow

上圖只是簡單的流程示範,不過是隨口多一句「喂、幫我加個驗證碼功能」,Flow Chart 就會突然肥一截。真正的會員登入驗證還有更多花樣以及安全性考量,比如登入錯誤 3 次就多提示一句「忘記密碼」等等,更狠的直接鎖帳號請使用者找客服申訴。Flow Chart 和 UI Flow 相輔相成,甚至是先有 Flow Chart 才有 UI Flow 。在沒有 Flow Chart 、不知道要處理多少判斷時就產出 UI Flow,規劃不周掉頁面漏功能的機率非常非常高。

Source: Flow Chart 和 UI Flow « 嫁給RD的 UI Designer