Review Authorize Application Screen Design

[TimothyBJacobs]

Non-Redirect Flow

Redirect Flow

Error States

If the Application Password request is invalid. This would typically indicate a developer error that shouldn't have been caught before their Application was deployed. However, this does allow for plugins to add additional errors, so it could end up being shown to end users.

If application passwords are not enabled for the entire site. Go Back links back to the application the user came from.

If application passwords are not enabled for the particular user. Go Back links back to the application the user came from.

After clicking Approve, an error might be returned. This shouldn't happen with stock WordPress Core, but might with plugins or if there was a database error.

[TimothyBJacobs]

One major way this could change would be to use similar styling to wp-login.php as suggested by @aristath. @georgestephanis mentioned:

I do kinda wanna make it obvious that the user can just walk away from this process if they choose to and not have it feel like a "squeeze page" that forces a choice. I also hesitate on taking over the entire admin ui unless it's well discussed a conscious decision.

Adding it in wp-login.php would complicate the implementation, but if it is worth it we can do it.

[aristath]

The reason I suggested styling it similar to the login page, is because these will probably be used by 3rd-party apps. I can envision a future when this is used for all sorts of things, with 3rd-party apps and sites redirecting me to a WordPress site, ask for authentication a-la facebook or google. Making it a separate screen with dedicated styling instead of the generic wp-admin would go a long way and would make it feel more like an application. The wp-login suggestion was made because that is simply the closest we have to that behaviour

[TimothyBJacobs]

The authorized message has changed slightly to follow the notice styling.