Re: [twitter-dev] Oauth authenticated user
Use the force_login parameter on authenticate and set it to true? http://apiwiki.twitter.com/Twitter-REST-API-Method:-oauth-authenticate On 5/19/2010 9:06 AM, Gary Zukowski wrote: Dean, Exactly the same concern I have. We're going to store the access tokens in the db under their user profile, and some of our users have multiple Twitter accounts. We feel that some of them may see the big "allow" button, click it, and not realize that they are allowing the wrong Twitter account to be linked to their TMJ account. Any way around this? Thanks, Gary Zukowski TweetMyJOBS.com @garyzukowski @tweetmyjobs 704-544-9370 /This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee, you should not disseminate, distribute or copy this email. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system. If you are not the intended recipient, you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited./ *From:* Dean Collins [mailto:d...@cognation.net] *Sent:* Wednesday, May 19, 2010 8:53 AM *To:* twitter-development-talk@googlegroups.com *Subject:* RE: [twitter-dev] Oauth authenticated user This question has been raised before. We have the same issue for our sports chat sites. I would have preferred to have the user log in each time an oauth request is made as it's frustrating when people contat us at support because their "in chat" twitter posts aren't appearing only to find the posts are being made but to someone else twitter accounts who was using the computer before and even though the browser was closed Twitter automatically sued this account when we sent the oauth requests. It's a big problem and a choice should be offered to the developer to force logout before an oauth call if this is the process flow they want to implement. Cheers, Dean *From:* twitter-development-talk@googlegroups.com [mailto:twitter-development-t...@googlegroups.com] *On Behalf Of *srikanth reddy *Sent:* Wednesday, May 19, 2010 8:46 AM *To:* twitter-development-talk@googlegroups.com *Subject:* Re: [twitter-dev] Oauth authenticated user I do not think forcing the user to logout is a good idea. Isn't this a security breach? Twitter will any how ask the user to signout if the user does not wish to connect to your app with the logged in account.Then he will be shown the login page and after successful authentication user will be redirected back to your app (like normal flow) On Wed, May 19, 2010 at 6:01 PM, Gary Zukowski <mailto:ga...@tweetmyjobs.com>> wrote: So there's no way to automatically do this? I have to ask the user to log out? Thanks, Gary Zukowski TweetMyJOBS.com @garyzukowski @tweetmyjobs 704-544-9370 /This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee, you should not disseminate, distribute or copy this email. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system. If you are not the intended recipient, you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited./ *From:* Roee A. [mailto:roe...@gmail.com <mailto:roe...@gmail.com>] *Sent:* Wednesday, May 19, 2010 8:28 AM *To:* twitter-development-talk@googlegroups.com <mailto:twitter-development-talk@googlegroups.com> *Subject:* Re: [twitter-dev] Oauth authenticated user add to your code "If you are not " please log out. Then you will connect him again with the right credentials. Regards, On Wed, May 19, 2010 at 3:19 PM, Gary Zukowski <mailto:ga...@tweetmyjobs.com>> wrote: What does "adf" mean? I want to force the logout and present the Twitter login when doing the authentication Thanks, Gary Zukowski TweetMyJOBS.com @garyzukowski @tweetmyjobs 704-544-9370 /This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify the system manager. This message contai
RE: [twitter-dev] Oauth authenticated user
Dean, Exactly the same concern I have. We're going to store the access tokens in the db under their user profile, and some of our users have multiple Twitter accounts. We feel that some of them may see the big "allow" button, click it, and not realize that they are allowing the wrong Twitter account to be linked to their TMJ account. Any way around this? Thanks, Gary Zukowski TweetMyJOBS.com @garyzukowski @tweetmyjobs 704-544-9370 This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee, you should not disseminate, distribute or copy this email. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system. If you are not the intended recipient, you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. From: Dean Collins [mailto:d...@cognation.net] Sent: Wednesday, May 19, 2010 8:53 AM To: twitter-development-talk@googlegroups.com Subject: RE: [twitter-dev] Oauth authenticated user This question has been raised before. We have the same issue for our sports chat sites. I would have preferred to have the user log in each time an oauth request is made as it's frustrating when people contat us at support because their "in chat" twitter posts aren't appearing only to find the posts are being made but to someone else twitter accounts who was using the computer before and even though the browser was closed Twitter automatically sued this account when we sent the oauth requests. It's a big problem and a choice should be offered to the developer to force logout before an oauth call if this is the process flow they want to implement. Cheers, Dean _ From: twitter-development-talk@googlegroups.com [mailto:twitter-development-t...@googlegroups.com] On Behalf Of srikanth reddy Sent: Wednesday, May 19, 2010 8:46 AM To: twitter-development-talk@googlegroups.com Subject: Re: [twitter-dev] Oauth authenticated user I do not think forcing the user to logout is a good idea. Isn't this a security breach? Twitter will any how ask the user to signout if the user does not wish to connect to your app with the logged in account.Then he will be shown the login page and after successful authentication user will be redirected back to your app (like normal flow) On Wed, May 19, 2010 at 6:01 PM, Gary Zukowski wrote: So there's no way to automatically do this? I have to ask the user to log out? Thanks, Gary Zukowski TweetMyJOBS.com @garyzukowski @tweetmyjobs 704-544-9370 This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee, you should not disseminate, distribute or copy this email. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system. If you are not the intended recipient, you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. From: Roee A. [mailto:roe...@gmail.com] Sent: Wednesday, May 19, 2010 8:28 AM To: twitter-development-talk@googlegroups.com Subject: Re: [twitter-dev] Oauth authenticated user add to your code "If you are not " please log out. Then you will connect him again with the right credentials. Regards, On Wed, May 19, 2010 at 3:19 PM, Gary Zukowski wrote: What does "adf" mean? I want to force the logout and present the Twitter login when doing the authentication.. Thanks, Gary Zukowski TweetMyJOBS.com @garyzukowski @tweetmyjobs 704-544-9370 This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee, you should not disseminate, distribute or copy this email. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system. If you are not the intended recipient, you are notified that disclosing, copying, distributing or taking any action
RE: [twitter-dev] Oauth authenticated user
This question has been raised before. We have the same issue for our sports chat sites. I would have preferred to have the user log in each time an oauth request is made as it's frustrating when people contat us at support because their "in chat" twitter posts aren't appearing only to find the posts are being made but to someone else twitter accounts who was using the computer before and even though the browser was closed Twitter automatically sued this account when we sent the oauth requests. It's a big problem and a choice should be offered to the developer to force logout before an oauth call if this is the process flow they want to implement. Cheers, Dean From: twitter-development-talk@googlegroups.com [mailto:twitter-development-t...@googlegroups.com] On Behalf Of srikanth reddy Sent: Wednesday, May 19, 2010 8:46 AM To: twitter-development-talk@googlegroups.com Subject: Re: [twitter-dev] Oauth authenticated user I do not think forcing the user to logout is a good idea. Isn't this a security breach? Twitter will any how ask the user to signout if the user does not wish to connect to your app with the logged in account.Then he will be shown the login page and after successful authentication user will be redirected back to your app (like normal flow) On Wed, May 19, 2010 at 6:01 PM, Gary Zukowski wrote: So there's no way to automatically do this? I have to ask the user to log out? Thanks, Gary Zukowski TweetMyJOBS.com @garyzukowski @tweetmyjobs 704-544-9370 This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee, you should not disseminate, distribute or copy this email. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system. If you are not the intended recipient, you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. From: Roee A. [mailto:roe...@gmail.com] Sent: Wednesday, May 19, 2010 8:28 AM To: twitter-development-talk@googlegroups.com Subject: Re: [twitter-dev] Oauth authenticated user add to your code "If you are not " please log out. Then you will connect him again with the right credentials. Regards, On Wed, May 19, 2010 at 3:19 PM, Gary Zukowski wrote: What does "adf" mean? I want to force the logout and present the Twitter login when doing the authentication Thanks, Gary Zukowski TweetMyJOBS.com @garyzukowski @tweetmyjobs 704-544-9370 This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee, you should not disseminate, distribute or copy this email. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system. If you are not the intended recipient, you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. From: Roee Aizman [mailto:roe...@gmail.com] Sent: Wednesday, May 19, 2010 7:41 AM To: twitter-development-talk@googlegroups.com Subject: Re: [twitter-dev] Oauth authenticated user U can adf the if you are not log out Then log again with his righr cridentials Sent by IPhone On 19/05/2010, at 14:28, "Gary Zukowski" wrote: How do I force a user to log in to Twitter during the Oauth dance, even though he/she may already be logged in to Twitter via the web? Our users may have more than one Twitter account they want to authenticate/register, and I want to make sure they are forced to put the correct credentials, and not just click "accept" for the currently logged in account. Thanks, Gary Zukowski -- Roee Aizman, CTO E: roe...@gmail.com M: +972-542345222 Amigos-Online.com Friends have never been so close
Re: [twitter-dev] Oauth authenticated user
I do not think forcing the user to logout is a good idea. Isn't this a security breach? Twitter will any how ask the user to signout if the user does not wish to connect to your app with the logged in account.Then he will be shown the login page and after successful authentication user will be redirected back to your app (like normal flow) On Wed, May 19, 2010 at 6:01 PM, Gary Zukowski wrote: > So there’s no way to automatically do this? I have to ask the user to > log out? > > > > > > Thanks, > > > > Gary Zukowski > > TweetMyJOBS.com > > @garyzukowski > > @tweetmyjobs > > 704-544-9370 > > > > *This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they are > addressed. If you have received this email in error, please notify the > system manager. This message contains confidential information and is > intended only for the individual named. If you are not the named addressee, > you should not disseminate, distribute or copy this email. Please notify the > sender immediately by email if you have received this email by mistake and > delete this email from your system. If you are not the intended recipient, > you are notified that disclosing, copying, distributing or taking any action > in reliance on the contents of this information is strictly prohibited.* > > > > > > > > *From:* Roee A. [mailto:roe...@gmail.com] > *Sent:* Wednesday, May 19, 2010 8:28 AM > > *To:* twitter-development-talk@googlegroups.com > *Subject:* Re: [twitter-dev] Oauth authenticated user > > > > add to your code "If you are not " please log out. > > Then you will connect him again with the right credentials. > > Regards, > > > > On Wed, May 19, 2010 at 3:19 PM, Gary Zukowski > wrote: > > What does “adf” mean? I want to force the logout and present the Twitter > login when doing the authentication…. > > > > > > Thanks, > > > > Gary Zukowski > > TweetMyJOBS.com > > @garyzukowski > > @tweetmyjobs > > 704-544-9370 > > > > *This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they are > addressed. If you have received this email in error, please notify the > system manager. This message contains confidential information and is > intended only for the individual named. If you are not the named addressee, > you should not disseminate, distribute or copy this email. Please notify the > sender immediately by email if you have received this email by mistake and > delete this email from your system. If you are not the intended recipient, > you are notified that disclosing, copying, distributing or taking any action > in reliance on the contents of this information is strictly prohibited.* > > > > > > > > *From:* Roee Aizman [mailto:roe...@gmail.com] > *Sent:* Wednesday, May 19, 2010 7:41 AM > *To:* twitter-development-talk@googlegroups.com > *Subject:* Re: [twitter-dev] Oauth authenticated user > > > > U can adf the if you are not log out > > Then log again with his righr cridentials > > > Sent by IPhone > > > On 19/05/2010, at 14:28, "Gary Zukowski" wrote: > > How do I force a user to log in to Twitter during the Oauth dance, even > though he/she may already be logged in to Twitter via the web? Our users > may have more than one Twitter account they want to authenticate/register, > and I want to make sure they are forced to put the correct credentials, and > not just click “accept” for the currently logged in account. > > > > > > Thanks, > > > > Gary Zukowski > > > > > > > > > -- > Roee Aizman, CTO > E: roe...@gmail.com > M: +972-542345222 > > Amigos-Online.com > Friends have never been so close >
RE: [twitter-dev] Oauth authenticated user
So there's no way to automatically do this? I have to ask the user to log out? Thanks, Gary Zukowski TweetMyJOBS.com @garyzukowski @tweetmyjobs 704-544-9370 This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee, you should not disseminate, distribute or copy this email. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system. If you are not the intended recipient, you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. From: Roee A. [mailto:roe...@gmail.com] Sent: Wednesday, May 19, 2010 8:28 AM To: twitter-development-talk@googlegroups.com Subject: Re: [twitter-dev] Oauth authenticated user add to your code "If you are not " please log out. Then you will connect him again with the right credentials. Regards, On Wed, May 19, 2010 at 3:19 PM, Gary Zukowski wrote: What does "adf" mean? I want to force the logout and present the Twitter login when doing the authentication.. Thanks, Gary Zukowski TweetMyJOBS.com @garyzukowski @tweetmyjobs 704-544-9370 This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee, you should not disseminate, distribute or copy this email. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system. If you are not the intended recipient, you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. From: Roee Aizman [mailto:roe...@gmail.com] Sent: Wednesday, May 19, 2010 7:41 AM To: twitter-development-talk@googlegroups.com Subject: Re: [twitter-dev] Oauth authenticated user U can adf the if you are not log out Then log again with his righr cridentials Sent by IPhone On 19/05/2010, at 14:28, "Gary Zukowski" wrote: How do I force a user to log in to Twitter during the Oauth dance, even though he/she may already be logged in to Twitter via the web? Our users may have more than one Twitter account they want to authenticate/register, and I want to make sure they are forced to put the correct credentials, and not just click "accept" for the currently logged in account. Thanks, Gary Zukowski -- Roee Aizman, CTO E: roe...@gmail.com M: +972-542345222 Amigos-Online.com Friends have never been so close
Re: [twitter-dev] Oauth authenticated user
add to your code "If you are not " please log out. Then you will connect him again with the right credentials. Regards, On Wed, May 19, 2010 at 3:19 PM, Gary Zukowski wrote: > What does “adf” mean? I want to force the logout and present the Twitter > login when doing the authentication…. > > > > > > Thanks, > > > > Gary Zukowski > > TweetMyJOBS.com > > @garyzukowski > > @tweetmyjobs > > 704-544-9370 > > > > *This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they are > addressed. If you have received this email in error, please notify the > system manager. This message contains confidential information and is > intended only for the individual named. If you are not the named addressee, > you should not disseminate, distribute or copy this email. Please notify the > sender immediately by email if you have received this email by mistake and > delete this email from your system. If you are not the intended recipient, > you are notified that disclosing, copying, distributing or taking any action > in reliance on the contents of this information is strictly prohibited.* > > > > > > > > *From:* Roee Aizman [mailto:roe...@gmail.com] > *Sent:* Wednesday, May 19, 2010 7:41 AM > *To:* twitter-development-talk@googlegroups.com > *Subject:* Re: [twitter-dev] Oauth authenticated user > > > > U can adf the if you are not log out > > Then log again with his righr cridentials > > > Sent by IPhone > > > On 19/05/2010, at 14:28, "Gary Zukowski" wrote: > > How do I force a user to log in to Twitter during the Oauth dance, even > though he/she may already be logged in to Twitter via the web? Our users > may have more than one Twitter account they want to authenticate/register, > and I want to make sure they are forced to put the correct credentials, and > not just click “accept” for the currently logged in account. > > > > > > Thanks, > > > > Gary Zukowski > > > > > > -- Roee Aizman, CTO E: roe...@gmail.com M: +972-542345222 Amigos-Online.com Friends have never been so close
RE: [twitter-dev] Oauth authenticated user
What does “adf” mean? I want to force the logout and present the Twitter login when doing the authentication…. Thanks, Gary Zukowski TweetMyJOBS.com @garyzukowski @tweetmyjobs 704-544-9370 This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee, you should not disseminate, distribute or copy this email. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system. If you are not the intended recipient, you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. From: Roee Aizman [mailto:roe...@gmail.com] Sent: Wednesday, May 19, 2010 7:41 AM To: twitter-development-talk@googlegroups.com Subject: Re: [twitter-dev] Oauth authenticated user U can adf the if you are not log out Then log again with his righr cridentials Sent by IPhone On 19/05/2010, at 14:28, "Gary Zukowski" wrote: How do I force a user to log in to Twitter during the Oauth dance, even though he/she may already be logged in to Twitter via the web? Our users may have more than one Twitter account they want to authenticate/register, and I want to make sure they are forced to put the correct credentials, and not just click “accept” for the currently logged in account. Thanks, Gary Zukowski
Re: [twitter-dev] Oauth authenticated user
U can adf the if you are not log out Then log again with his righr cridentials Sent by IPhone On 19/05/2010, at 14:28, "Gary Zukowski" wrote: How do I force a user to log in to Twitter during the Oauth dance, even though he/she may already be logged in to Twitter via the web? Our users may have more than one Twitter account they want to authenticate/register, and I want to make sure they are forced to put the correct credentials, and not just click “accept” for the currently logged in account. Thanks, Gary Zukowski