Currently when you send a user to https://itch.io/user/oauth
and they are logged in to itch.io, they are prompted with a button to give the application permission to get the username and profile picture. Cool. But next time you send them to this url (eg, they log into the game again the next day), they get the same prompt, even if they've already accepted. What would be preferable is if they have already accepted, the page should just redirect them straight to the callback url. They should be able to refuse these permissions if they ever wish to in their account settings. This way we can use this url each time the user opens the game to (relatively) seamlessly get their username. Right now its a bit of a jarring experience for the user because no other identity provider works this way.