I use the new OAuthWebSecurity shell for DotNetOpenAuth to allow users to log in to the MVC4 application with their Microsoft account (e.g. Windows Live ID).
I registered a microsoft client:
OAuthWebSecurity.RegisterMicrosoftClient(clientId: "...", clientSecret: "...");
It all works, and I love its simplicity. But how do I clarify what he is doing?
After choosing to enter the system with his Microsoft account, the user goes to the screen asking to enter the system:
When they log in, I want them to be able to check the Remember Me box.
Then Microsoft will ask them OK for my access:
But I really don't want that kind of access. All I want is their name and email address. And maybe their picture. Of course, I do not need or do not need access to their contacts and friends. This will scare my users away.
Where can I pass OAuthWebSecurity or DotNetOpenAuth parameters to manage this?
Thus, the user clicks "yes", and everything is in order. However, when they leave and return to my site - the option to "keep me in the game" should be implemented. This is not true. Instead, they see this:
I do not understand the message that says:
As you gain access to confidential information, you need to confirm your password.
What is confidential information? Contacts or friends I didn't want to start with? Or something else?
How can I get around these two questions to make my application more convenient?