Can anyone from Twitter speak to this? I originally thought force_login=true
was a great way to make sure a user doesn't accidentally add the wrong
account since users connect multiple twitter accounts on my site, but this
unexpected revoking of oauth tokens upon hitting cancel might force me
I concur with David on this one. I didn't take the time to verify
this scenario myself, but it does seem like it's a problem. Consider
the following scenario:
1. A user has whitelisted 10+ web applications using their
credentials.
2. The end user has no knowledge of what an access token is or
It is reproducible. Just have valid an access token then go through
/oauth/authenticate with force_login=true and hit cancel. The access token
will no longer be valid.
I would not expect hitting cancel to revoke my access token while I would
expect hitting deny to revoke my access token. I feel
Hmm, it looks like if you hit cancel when authenticating an app that
you've already authenticated for that username, it changes the access token?
Is this the expected behavior?
--
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter:
I feel like this isn't the expected behavior if a user hits Cancel when
you authenticate with force_login=True - if start typing in another
username, then hit cancel, it shouldn't revoke the access token for the
currently authenticated user.
--
Twitter developer documentation and resources: