I was just doing some implementation testing. Here's the scenario: Assumption: Visitor has previously authorized the application.
1) Visitor was in my app 2) Visitor clicks on link to authorize app with Twitter 3) Visitor lands on https://twitter.com/oauth/authorize 4) Visitor enters userid and p/w 5) Visitor clicks Deny 6) Visitor is now stuck over on Twitter The application authorization was not revoked, as it still appears in Twitters Authorized App list for visitor. My assumption would be that visitor would expect the application access to have been revoked when they clicked Deny instead of Allow. Since that is not the case, visitor must now log in to Twitter, navigate to Settings->Connections and then click again to Revoke access.
