Following feedback from user testing, change the following elements on Special:AppManagement:
- Use “key” as the identifying label for OAuth 2.0 clients instead of “client”. After some user testing, I think that “client”, while technically correct, is a bit unclear and overly technical. Using “key” makes the interface friendlier and easier to understand and gives us a category within which to differentiate OAuth 2.0 clients and Personal API tokens.
- Change title of special page (and navigation label) to “API keys”
- Change relevant labels to “key”
- Add text at the top of the page that introduces API keys and links to relevant docs.
- Change the permissions radio selector to check boxes. Instead of pre-combining the permissions into groups, let the user select each permission as a checkbox. This will support adding permissions in the future. The “Read” (basic) option should be pre-checked.
- Add descriptive text to each field to help users understand each input.
- Consolidate the “confidential” checkbox into the “type” selector: Words like “confidential” and “secure” have variable meaning based on experience and context. To make this as clear as possible while adhering to the existing policy, I’d like to change this from a confidential/non-confidential checkbox to focus on the type of app being created. To do this, I’d like to remove the “confidential” checkbox and add an option to the app type selector for “Mobile and desktop apps”. Checking this option will result in a client with the confidential flag set to false. This ensures that the policy is followed without having to make subtle distinctions between secret storage practices. This also reduces friction for users since it is more friendly and reduces confusion.
(red links due to local dev environment)