Twitter also seems to behave in the same way. The request token can only be exchanged for an access token once, but different request tokens may return the same access token until the user revokes the token / uninstalls the application.
2009/7/22 Manish Pandit <[email protected]> > > > > On Jul 18, 5:04 am, Monis <[email protected]> wrote: > > Twitter, MySpace return us same access token when using the one > > consumer with the same user, multiple times. > > Is this OK from oauth standards? as the specs state that a request > > token can only be exchanged once for an access token. > > I'd think that it should be fine as long as the token is not timing > out, or is being explicitly revoked by the consumer/user. > > -cheers, > Manish > > > -- Ricardo Lopes --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
