[twitter-dev] Re: oAuth Authenticate vs. Authorize (force_login)
Does authenticate actually authorize the app to perform operations
on behalf of the user? My understanding is the user must first
authorize the app and then the app can send them through
authenticate in the future as a login check. If the user never
approves the app in an authorize operation, I don't think the app
has the right to perform and twitter operations on behalf of the user.
On Dec 29, 1:44 pm, Andy Freeman ana...@earthlink.net wrote:
Nice =https://twitter.com/oauth/authenticate?force_login=true?{signed
args} this stuff is working very well for me;) Thank you for your
hint.
While that works, I think that it shouldn't.
(1) I don't think that it's a legal url because it has two '?'s.
(2) force_login=true isn't part of the signed arguments so it should
be rejected. (The whole point of signing is to block man-in-the-
middle attacks that alter arguments.)
I haven't tried including force_login=true in the signed arguments.
Are you saying that it doesn't work? If so, I'd say that that's a
bug, as is the above.
Thanks,
-andy
On Dec 28, 9:41 pm, el moro axel.sachm...@googlemail.com wrote:
Nice =https://twitter.com/oauth/authenticate?force_login=true?{signed
args} this stuff is working very well for me;) Thank you for your
hint.
Axel
On 29 Dez., 03:21, Andy Freeman ana...@earthlink.net wrote:
The difference (to my understanding) is that Authenticate does not
authorize the app.
Huh?
Whether I use authorize or authenticate, my app can tweet etc on the
user's behalf.
What, exactly, do you think that authenticate and authorize do? I
think that both can give my application a token that I can use to take
actions on the user's behalf. I think that both do some sort of login
or check before doing so.
The difference that I see is in how twitter presents its questions
regarding the account that is allowing my application to do its thing.
That, and the bit that authenticate leaves folks logged in to twitter.
On Dec 28, 5:27 pm, Justyn justyn.how...@gmail.com wrote:
The difference (to my understanding) is that Authenticate does not
authorize the app. We need to have the app authorized but want to give
the user the chance to choose which account to login with (and
Authorize).
Ideally, twitter state would not be effected, and user could authorize
an app with desired account (regardless of session) without clicking
sign out.
Justyn
On Dec 28, 5:36 pm, Abraham Williams 4bra...@gmail.com wrote:
That is true. Authenticate currently leaves the user logged in.
I would prefer that get fixed rather then adding force_login to
authorize as
I view leaving users logged in as a security risk. Apparently Twitter
does
not:
http://code.google.com/p/twitter-api/issues/detail?id=1070
On Mon, Dec 28, 2009 at 17:13, Andy Freeman ana...@earthlink.net
wrote:
Then use authenticate. It accomplishes the same effect of
authorize.
Does it? My notes say that authenticate leaves the user logged into
twitter if they weren't before and that authorize doesn't.
For my purposes, I'd like to force the user to specify their twitter
account and password even if they're already logged in and not
change
their login state (as far as twitter is concerned) at all.
I can imagine folks who'd like to allow users to quickly authorize
the
use of the logged in account (if any)
I can't imagine anyone who'd want to change the user's logged in
state.
On Dec 27, 6:08 pm, Abraham Williams 4bra...@gmail.com wrote:
Then use authenticate. It accomplishes the same effect of
authorize.
On Sun, Dec 27, 2009 at 17:42, Justyn justyn.how...@gmail.com
wrote:
Thanks Abraham - I understand this is the current limitation,
however
I think there is a need for the foce_login to be available with
the
authorize function. The authorize landing page is confusing to
users
who want to sign-in with an account that is different from their
latest session. The sign-out option is not obvious to users.
This is
based on user feedback, and I don't think we're the only ones
having
this issue.
On Dec 27, 3:39 pm, Abraham Williams 4bra...@gmail.com wrote:
force_login=true only works onhttps://
twitter.com/oauth/authenticatenot
onhttps://twitter.com/oauth/authorize.
On Sat, Dec 26, 2009 at 23:23, el moro
axel.sachm...@googlemail.com
wrote:
Hi, i'd like to use force_login too in my new Rails
application.
This
parameter seems to be buggy. For me it' s not working too.
On 24 Dez., 05:18, Justyn justyn.how...@gmail.com wrote:
Hi guys - just wanted to make sure this stayed on the
Re: [twitter-dev] Re: oAuth Authenticate vs. Authorize (force_login)
@andy: oauth/authenticate is not signed other then with SSL. You are just
passing the request token to Twitter.
@aaron: authenticate and authorize both result in access tokens that allow
you to act on behalf of the user. The first time a user goes through
authenticate they authorize the application.
On Tue, Dec 29, 2009 at 14:16, Aaron Rankin aran...@gmail.com wrote:
Does authenticate actually authorize the app to perform operations
on behalf of the user? My understanding is the user must first
authorize the app and then the app can send them through
authenticate in the future as a login check. If the user never
approves the app in an authorize operation, I don't think the app
has the right to perform and twitter operations on behalf of the user.
On Dec 29, 1:44 pm, Andy Freeman ana...@earthlink.net wrote:
Nice =https://twitter.com/oauth/authenticate?force_login=true?{signed
args} this stuff is working very well for me;) Thank you for your
hint.
While that works, I think that it shouldn't.
(1) I don't think that it's a legal url because it has two '?'s.
(2) force_login=true isn't part of the signed arguments so it should
be rejected. (The whole point of signing is to block man-in-the-
middle attacks that alter arguments.)
I haven't tried including force_login=true in the signed arguments.
Are you saying that it doesn't work? If so, I'd say that that's a
bug, as is the above.
Thanks,
-andy
On Dec 28, 9:41 pm, el moro axel.sachm...@googlemail.com wrote:
Nice =https://twitter.com/oauth/authenticate?force_login=true?{signed
args} this stuff is working very well for me;) Thank you for your
hint.
Axel
On 29 Dez., 03:21, Andy Freeman ana...@earthlink.net wrote:
The difference (to my understanding) is that Authenticate does not
authorize the app.
Huh?
Whether I use authorize or authenticate, my app can tweet etc on the
user's behalf.
What, exactly, do you think that authenticate and authorize do? I
think that both can give my application a token that I can use to
take
actions on the user's behalf. I think that both do some sort of
login
or check before doing so.
The difference that I see is in how twitter presents its questions
regarding the account that is allowing my application to do its
thing.
That, and the bit that authenticate leaves folks logged in to
twitter.
On Dec 28, 5:27 pm, Justyn justyn.how...@gmail.com wrote:
The difference (to my understanding) is that Authenticate does not
authorize the app. We need to have the app authorized but want to
give
the user the chance to choose which account to login with (and
Authorize).
Ideally, twitter state would not be effected, and user could
authorize
an app with desired account (regardless of session) without
clicking
sign out.
Justyn
On Dec 28, 5:36 pm, Abraham Williams 4bra...@gmail.com wrote:
That is true. Authenticate currently leaves the user logged in.
I would prefer that get fixed rather then adding force_login to
authorize as
I view leaving users logged in as a security risk. Apparently
Twitter does
not:
http://code.google.com/p/twitter-api/issues/detail?id=1070
On Mon, Dec 28, 2009 at 17:13, Andy Freeman
ana...@earthlink.net wrote:
Then use authenticate. It accomplishes the same effect of
authorize.
Does it? My notes say that authenticate leaves the user logged
into
twitter if they weren't before and that authorize doesn't.
For my purposes, I'd like to force the user to specify their
twitter
account and password even if they're already logged in and not
change
their login state (as far as twitter is concerned) at all.
I can imagine folks who'd like to allow users to quickly
authorize the
use of the logged in account (if any)
I can't imagine anyone who'd want to change the user's logged
in
state.
On Dec 27, 6:08 pm, Abraham Williams 4bra...@gmail.com
wrote:
Then use authenticate. It accomplishes the same effect of
authorize.
On Sun, Dec 27, 2009 at 17:42, Justyn
justyn.how...@gmail.com wrote:
Thanks Abraham - I understand this is the current
limitation, however
I think there is a need for the foce_login to be available
with the
authorize function. The authorize landing page is confusing
to users
who want to sign-in with an account that is different from
their
latest session. The sign-out option is not obvious to
users. This is
based on user feedback, and I don't think we're the only
ones having
this issue.
On Dec 27, 3:39 pm, Abraham Williams 4bra...@gmail.com
wrote:
force_login=true only works onhttps://
twitter.com/oauth/authenticatenot
onhttps://twitter.com/oauth/authorize.
[twitter-dev] Re: oAuth Authenticate vs. Authorize (force_login)
Then use authenticate. It accomplishes the same effect of authorize. Does it? My notes say that authenticate leaves the user logged into twitter if they weren't before and that authorize doesn't. For my purposes, I'd like to force the user to specify their twitter account and password even if they're already logged in and not change their login state (as far as twitter is concerned) at all. I can imagine folks who'd like to allow users to quickly authorize the use of the logged in account (if any) I can't imagine anyone who'd want to change the user's logged in state. On Dec 27, 6:08 pm, Abraham Williams 4bra...@gmail.com wrote: Then use authenticate. It accomplishes the same effect of authorize. On Sun, Dec 27, 2009 at 17:42, Justyn justyn.how...@gmail.com wrote: Thanks Abraham - I understand this is the current limitation, however I think there is a need for the foce_login to be available with the authorize function. The authorize landing page is confusing to users who want to sign-in with an account that is different from their latest session. The sign-out option is not obvious to users. This is based on user feedback, and I don't think we're the only ones having this issue. On Dec 27, 3:39 pm, Abraham Williams 4bra...@gmail.com wrote: force_login=true only works onhttps://twitter.com/oauth/authenticatenot onhttps://twitter.com/oauth/authorize. On Sat, Dec 26, 2009 at 23:23, el moro axel.sachm...@googlemail.com wrote: Hi, i'd like to use force_login too in my new Rails application. This parameter seems to be buggy. For me it' s not working too. On 24 Dez., 05:18, Justyn justyn.how...@gmail.com wrote: Hi guys - just wanted to make sure this stayed on the radar. I imagine others would like to use force_login for the Authorize function? On Dec 22, 4:46 pm, Justyn justyn.how...@gmail.com wrote: We've found it necessary to use the force_login method for Authorize because of the confusion many users have with the splash page shown on Authorize (many times they want to authorize a different account than their latest session), however Authorize does not support force_login. Is there a way around this, or can we get a version of authorize that bypasses the sign-out link to get the full credential input for our users? Many users have trouble with this. Thanks in advance! Justyn -- Abraham Williams | Awesome Lists |http://awesomeli.st Project | Intersect |http://intersect.labs.poseurtech.com Hacker |http://abrah.am|http://twitter.com/abraham This email is: [ ] shareable [x] ask first [ ] private. Sent from Madison, WI, United States -- Abraham Williams | Awesome Lists |http://awesomeli.st Project | Intersect |http://intersect.labs.poseurtech.com Hacker |http://abrah.am|http://twitter.com/abraham This email is: [ ] shareable [x] ask first [ ] private. Sent from Madison, WI, United States- Hide quoted text - - Show quoted text -
[twitter-dev] Re: oAuth Authenticate vs. Authorize (force_login)
Then use authenticate. It accomplishes the same effect of authorize.
Does it? My notes say that authenticate leaves the user logged into
twitter if they weren't before and that authorize doesn't.
For my purposes, I'd like to force the user to specify their twitter
account and password even if they're already logged in and not change
their login state (as far as twitter is concerned) at all.
I can imagine folks who'd like to allow users to quickly authorize
the
use of the logged in account (if any)
I can't imagine anyone who'd want to change the user's logged in
state.
Then again, my notes also say that
onhttps://twitter.com/oauth/authenticate?force_login=true?{signed
args} works.
On Dec 27, 6:08 pm, Abraham Williams 4bra...@gmail.com wrote:
Then use authenticate. It accomplishes the same effect of authorize.
On Sun, Dec 27, 2009 at 17:42, Justyn justyn.how...@gmail.com wrote:
Thanks Abraham - I understand this is the current limitation, however
I think there is a need for the foce_login to be available with the
authorize function. The authorize landing page is confusing to users
who want to sign-in with an account that is different from their
latest session. The sign-out option is not obvious to users. This is
based on user feedback, and I don't think we're the only ones having
this issue.
On Dec 27, 3:39 pm, Abraham Williams 4bra...@gmail.com wrote:
force_login=true only works onhttps://twitter.com/oauth/authenticatenot
onhttps://twitter.com/oauth/authorize.
On Sat, Dec 26, 2009 at 23:23, el moro axel.sachm...@googlemail.com
wrote:
Hi, i'd like to use force_login too in my new Rails application. This
parameter seems to be buggy. For me it' s not working too.
On 24 Dez., 05:18, Justyn justyn.how...@gmail.com wrote:
Hi guys - just wanted to make sure this stayed on the radar. I
imagine
others would like to use force_login for the Authorize function?
On Dec 22, 4:46 pm, Justyn justyn.how...@gmail.com wrote:
We've found it necessary to use the force_login method for
Authorize
because of the confusion many users have with the splash page shown
on
Authorize (many times they want to authorize a different account
than
their latest session), however Authorize does not support
force_login.
Is there a way around this, or can we get a version of authorize
that
bypasses the sign-out link to get the full credential input for
our
users?
Many users have trouble with this.
Thanks in advance!
Justyn
--
Abraham Williams | Awesome Lists |http://awesomeli.st
Project | Intersect |http://intersect.labs.poseurtech.com
Hacker |http://abrah.am|http://twitter.com/abraham
This email is: [ ] shareable [x] ask first [ ] private.
Sent from Madison, WI, United States
--
Abraham Williams | Awesome Lists |http://awesomeli.st
Project | Intersect |http://intersect.labs.poseurtech.com
Hacker |http://abrah.am|http://twitter.com/abraham
This email is: [ ] shareable [x] ask first [ ] private.
Sent from Madison, WI, United States- Hide quoted text -
- Show quoted text -
Re: [twitter-dev] Re: oAuth Authenticate vs. Authorize (force_login)
That is true. Authenticate currently leaves the user logged in. I would prefer that get fixed rather then adding force_login to authorize as I view leaving users logged in as a security risk. Apparently Twitter does not: http://code.google.com/p/twitter-api/issues/detail?id=1070 On Mon, Dec 28, 2009 at 17:13, Andy Freeman ana...@earthlink.net wrote: Then use authenticate. It accomplishes the same effect of authorize. Does it? My notes say that authenticate leaves the user logged into twitter if they weren't before and that authorize doesn't. For my purposes, I'd like to force the user to specify their twitter account and password even if they're already logged in and not change their login state (as far as twitter is concerned) at all. I can imagine folks who'd like to allow users to quickly authorize the use of the logged in account (if any) I can't imagine anyone who'd want to change the user's logged in state. On Dec 27, 6:08 pm, Abraham Williams 4bra...@gmail.com wrote: Then use authenticate. It accomplishes the same effect of authorize. On Sun, Dec 27, 2009 at 17:42, Justyn justyn.how...@gmail.com wrote: Thanks Abraham - I understand this is the current limitation, however I think there is a need for the foce_login to be available with the authorize function. The authorize landing page is confusing to users who want to sign-in with an account that is different from their latest session. The sign-out option is not obvious to users. This is based on user feedback, and I don't think we're the only ones having this issue. On Dec 27, 3:39 pm, Abraham Williams 4bra...@gmail.com wrote: force_login=true only works onhttps:// twitter.com/oauth/authenticatenot onhttps://twitter.com/oauth/authorize. On Sat, Dec 26, 2009 at 23:23, el moro axel.sachm...@googlemail.com wrote: Hi, i'd like to use force_login too in my new Rails application. This parameter seems to be buggy. For me it' s not working too. On 24 Dez., 05:18, Justyn justyn.how...@gmail.com wrote: Hi guys - just wanted to make sure this stayed on the radar. I imagine others would like to use force_login for the Authorize function? On Dec 22, 4:46 pm, Justyn justyn.how...@gmail.com wrote: We've found it necessary to use the force_login method for Authorize because of the confusion many users have with the splash page shown on Authorize (many times they want to authorize a different account than their latest session), however Authorize does not support force_login. Is there a way around this, or can we get a version of authorize that bypasses the sign-out link to get the full credential input for our users? Many users have trouble with this. Thanks in advance! Justyn -- Abraham Williams | Awesome Lists |http://awesomeli.st Project | Intersect |http://intersect.labs.poseurtech.com Hacker |http://abrah.am|http://twitter.com/abraham This email is: [ ] shareable [x] ask first [ ] private. Sent from Madison, WI, United States -- Abraham Williams | Awesome Lists |http://awesomeli.st Project | Intersect |http://intersect.labs.poseurtech.com Hacker |http://abrah.am|http://twitter.com/abraham This email is: [ ] shareable [x] ask first [ ] private. Sent from Madison, WI, United States- Hide quoted text - - Show quoted text - -- Abraham Williams | Awesome Lists | http://awesomeli.st Project | Intersect | http://intersect.labs.poseurtech.com Hacker | http://abrah.am | http://twitter.com/abraham This email is: [ ] shareable [x] ask first [ ] private. Sent from Madison, WI, United States
[twitter-dev] Re: oAuth Authenticate vs. Authorize (force_login)
The difference (to my understanding) is that Authenticate does not authorize the app. We need to have the app authorized but want to give the user the chance to choose which account to login with (and Authorize). Ideally, twitter state would not be effected, and user could authorize an app with desired account (regardless of session) without clicking sign out. Justyn On Dec 28, 5:36 pm, Abraham Williams 4bra...@gmail.com wrote: That is true. Authenticate currently leaves the user logged in. I would prefer that get fixed rather then adding force_login to authorize as I view leaving users logged in as a security risk. Apparently Twitter does not: http://code.google.com/p/twitter-api/issues/detail?id=1070 On Mon, Dec 28, 2009 at 17:13, Andy Freeman ana...@earthlink.net wrote: Then use authenticate. It accomplishes the same effect of authorize. Does it? My notes say that authenticate leaves the user logged into twitter if they weren't before and that authorize doesn't. For my purposes, I'd like to force the user to specify their twitter account and password even if they're already logged in and not change their login state (as far as twitter is concerned) at all. I can imagine folks who'd like to allow users to quickly authorize the use of the logged in account (if any) I can't imagine anyone who'd want to change the user's logged in state. On Dec 27, 6:08 pm, Abraham Williams 4bra...@gmail.com wrote: Then use authenticate. It accomplishes the same effect of authorize. On Sun, Dec 27, 2009 at 17:42, Justyn justyn.how...@gmail.com wrote: Thanks Abraham - I understand this is the current limitation, however I think there is a need for the foce_login to be available with the authorize function. The authorize landing page is confusing to users who want to sign-in with an account that is different from their latest session. The sign-out option is not obvious to users. This is based on user feedback, and I don't think we're the only ones having this issue. On Dec 27, 3:39 pm, Abraham Williams 4bra...@gmail.com wrote: force_login=true only works onhttps:// twitter.com/oauth/authenticatenot onhttps://twitter.com/oauth/authorize. On Sat, Dec 26, 2009 at 23:23, el moro axel.sachm...@googlemail.com wrote: Hi, i'd like to use force_login too in my new Rails application. This parameter seems to be buggy. For me it' s not working too. On 24 Dez., 05:18, Justyn justyn.how...@gmail.com wrote: Hi guys - just wanted to make sure this stayed on the radar. I imagine others would like to use force_login for the Authorize function? On Dec 22, 4:46 pm, Justyn justyn.how...@gmail.com wrote: We've found it necessary to use the force_login method for Authorize because of the confusion many users have with the splash page shown on Authorize (many times they want to authorize a different account than their latest session), however Authorize does not support force_login. Is there a way around this, or can we get a version of authorize that bypasses the sign-out link to get the full credential input for our users? Many users have trouble with this. Thanks in advance! Justyn -- Abraham Williams | Awesome Lists |http://awesomeli.st Project | Intersect |http://intersect.labs.poseurtech.com Hacker |http://abrah.am|http://twitter.com/abraham This email is: [ ] shareable [x] ask first [ ] private. Sent from Madison, WI, United States -- Abraham Williams | Awesome Lists |http://awesomeli.st Project | Intersect |http://intersect.labs.poseurtech.com Hacker |http://abrah.am|http://twitter.com/abraham This email is: [ ] shareable [x] ask first [ ] private. Sent from Madison, WI, United States- Hide quoted text - - Show quoted text - -- Abraham Williams | Awesome Lists |http://awesomeli.st Project | Intersect |http://intersect.labs.poseurtech.com Hacker |http://abrah.am|http://twitter.com/abraham This email is: [ ] shareable [x] ask first [ ] private. Sent from Madison, WI, United States
[twitter-dev] Re: oAuth Authenticate vs. Authorize (force_login)
The difference (to my understanding) is that Authenticate does not authorize the app. Huh? Whether I use authorize or authenticate, my app can tweet etc on the user's behalf. What, exactly, do you think that authenticate and authorize do? I think that both can give my application a token that I can use to take actions on the user's behalf. I think that both do some sort of login or check before doing so. The difference that I see is in how twitter presents its questions regarding the account that is allowing my application to do its thing. That, and the bit that authenticate leaves folks logged in to twitter. On Dec 28, 5:27 pm, Justyn justyn.how...@gmail.com wrote: The difference (to my understanding) is that Authenticate does not authorize the app. We need to have the app authorized but want to give the user the chance to choose which account to login with (and Authorize). Ideally, twitter state would not be effected, and user could authorize an app with desired account (regardless of session) without clicking sign out. Justyn On Dec 28, 5:36 pm, Abraham Williams 4bra...@gmail.com wrote: That is true. Authenticate currently leaves the user logged in. I would prefer that get fixed rather then adding force_login to authorize as I view leaving users logged in as a security risk. Apparently Twitter does not: http://code.google.com/p/twitter-api/issues/detail?id=1070 On Mon, Dec 28, 2009 at 17:13, Andy Freeman ana...@earthlink.net wrote: Then use authenticate. It accomplishes the same effect of authorize. Does it? My notes say that authenticate leaves the user logged into twitter if they weren't before and that authorize doesn't. For my purposes, I'd like to force the user to specify their twitter account and password even if they're already logged in and not change their login state (as far as twitter is concerned) at all. I can imagine folks who'd like to allow users to quickly authorize the use of the logged in account (if any) I can't imagine anyone who'd want to change the user's logged in state. On Dec 27, 6:08 pm, Abraham Williams 4bra...@gmail.com wrote: Then use authenticate. It accomplishes the same effect of authorize. On Sun, Dec 27, 2009 at 17:42, Justyn justyn.how...@gmail.com wrote: Thanks Abraham - I understand this is the current limitation, however I think there is a need for the foce_login to be available with the authorize function. The authorize landing page is confusing to users who want to sign-in with an account that is different from their latest session. The sign-out option is not obvious to users. This is based on user feedback, and I don't think we're the only ones having this issue. On Dec 27, 3:39 pm, Abraham Williams 4bra...@gmail.com wrote: force_login=true only works onhttps:// twitter.com/oauth/authenticatenot onhttps://twitter.com/oauth/authorize. On Sat, Dec 26, 2009 at 23:23, el moro axel.sachm...@googlemail.com wrote: Hi, i'd like to use force_login too in my new Rails application. This parameter seems to be buggy. For me it' s not working too. On 24 Dez., 05:18, Justyn justyn.how...@gmail.com wrote: Hi guys - just wanted to make sure this stayed on the radar. I imagine others would like to use force_login for the Authorize function? On Dec 22, 4:46 pm, Justyn justyn.how...@gmail.com wrote: We've found it necessary to use the force_login method for Authorize because of the confusion many users have with the splash page shown on Authorize (many times they want to authorize a different account than their latest session), however Authorize does not support force_login. Is there a way around this, or can we get a version of authorize that bypasses the sign-out link to get the full credential input for our users? Many users have trouble with this. Thanks in advance! Justyn -- Abraham Williams | Awesome Lists |http://awesomeli.st Project | Intersect |http://intersect.labs.poseurtech.com Hacker |http://abrah.am|http://twitter.com/abraham This email is: [ ] shareable [x] ask first [ ] private. Sent from Madison, WI, United States -- Abraham Williams | Awesome Lists |http://awesomeli.st Project | Intersect |http://intersect.labs.poseurtech.com Hacker |http://abrah.am|http://twitter.com/abraham This email is: [ ] shareable [x] ask first [ ] private. Sent from Madison, WI, United States- Hide quoted text - - Show quoted text - -- Abraham Williams | Awesome Lists |http://awesomeli.st Project | Intersect |http://intersect.labs.poseurtech.com Hacker |http://abrah.am|http://twitter.com/abraham This email is: [ ] shareable [x] ask first [ ] private. Sent from
[twitter-dev] Re: oAuth Authenticate vs. Authorize (force_login)
Hi, i'd like to use force_login too in my new Rails application. This parameter seems to be buggy. For me it' s not working too. On 24 Dez., 05:18, Justyn justyn.how...@gmail.com wrote: Hi guys - just wanted to make sure this stayed on the radar. I imagine others would like to use force_login for the Authorize function? On Dec 22, 4:46 pm, Justyn justyn.how...@gmail.com wrote: We've found it necessary to use the force_login method for Authorize because of the confusion many users have with the splash page shown on Authorize (many times they want to authorize a different account than their latest session), however Authorize does not support force_login. Is there a way around this, or can we get a version of authorize that bypasses the sign-out link to get the full credential input for our users? Many users have trouble with this. Thanks in advance! Justyn
Re: [twitter-dev] Re: oAuth Authenticate vs. Authorize (force_login)
force_login=true only works on https://twitter.com/oauth/authenticate not on https://twitter.com/oauth/authorize. On Sat, Dec 26, 2009 at 23:23, el moro axel.sachm...@googlemail.com wrote: Hi, i'd like to use force_login too in my new Rails application. This parameter seems to be buggy. For me it' s not working too. On 24 Dez., 05:18, Justyn justyn.how...@gmail.com wrote: Hi guys - just wanted to make sure this stayed on the radar. I imagine others would like to use force_login for the Authorize function? On Dec 22, 4:46 pm, Justyn justyn.how...@gmail.com wrote: We've found it necessary to use the force_login method for Authorize because of the confusion many users have with the splash page shown on Authorize (many times they want to authorize a different account than their latest session), however Authorize does not support force_login. Is there a way around this, or can we get a version of authorize that bypasses the sign-out link to get the full credential input for our users? Many users have trouble with this. Thanks in advance! Justyn -- Abraham Williams | Awesome Lists | http://awesomeli.st Project | Intersect | http://intersect.labs.poseurtech.com Hacker | http://abrah.am | http://twitter.com/abraham This email is: [ ] shareable [x] ask first [ ] private. Sent from Madison, WI, United States
[twitter-dev] Re: oAuth Authenticate vs. Authorize (force_login)
Thanks Abraham - I understand this is the current limitation, however I think there is a need for the foce_login to be available with the authorize function. The authorize landing page is confusing to users who want to sign-in with an account that is different from their latest session. The sign-out option is not obvious to users. This is based on user feedback, and I don't think we're the only ones having this issue. On Dec 27, 3:39 pm, Abraham Williams 4bra...@gmail.com wrote: force_login=true only works onhttps://twitter.com/oauth/authenticatenot onhttps://twitter.com/oauth/authorize. On Sat, Dec 26, 2009 at 23:23, el moro axel.sachm...@googlemail.com wrote: Hi, i'd like to use force_login too in my new Rails application. This parameter seems to be buggy. For me it' s not working too. On 24 Dez., 05:18, Justyn justyn.how...@gmail.com wrote: Hi guys - just wanted to make sure this stayed on the radar. I imagine others would like to use force_login for the Authorize function? On Dec 22, 4:46 pm, Justyn justyn.how...@gmail.com wrote: We've found it necessary to use the force_login method for Authorize because of the confusion many users have with the splash page shown on Authorize (many times they want to authorize a different account than their latest session), however Authorize does not support force_login. Is there a way around this, or can we get a version of authorize that bypasses the sign-out link to get the full credential input for our users? Many users have trouble with this. Thanks in advance! Justyn -- Abraham Williams | Awesome Lists |http://awesomeli.st Project | Intersect |http://intersect.labs.poseurtech.com Hacker |http://abrah.am|http://twitter.com/abraham This email is: [ ] shareable [x] ask first [ ] private. Sent from Madison, WI, United States
Re: [twitter-dev] Re: oAuth Authenticate vs. Authorize (force_login)
Then use authenticate. It accomplishes the same effect of authorize. On Sun, Dec 27, 2009 at 17:42, Justyn justyn.how...@gmail.com wrote: Thanks Abraham - I understand this is the current limitation, however I think there is a need for the foce_login to be available with the authorize function. The authorize landing page is confusing to users who want to sign-in with an account that is different from their latest session. The sign-out option is not obvious to users. This is based on user feedback, and I don't think we're the only ones having this issue. On Dec 27, 3:39 pm, Abraham Williams 4bra...@gmail.com wrote: force_login=true only works onhttps://twitter.com/oauth/authenticatenot onhttps://twitter.com/oauth/authorize. On Sat, Dec 26, 2009 at 23:23, el moro axel.sachm...@googlemail.com wrote: Hi, i'd like to use force_login too in my new Rails application. This parameter seems to be buggy. For me it' s not working too. On 24 Dez., 05:18, Justyn justyn.how...@gmail.com wrote: Hi guys - just wanted to make sure this stayed on the radar. I imagine others would like to use force_login for the Authorize function? On Dec 22, 4:46 pm, Justyn justyn.how...@gmail.com wrote: We've found it necessary to use the force_login method for Authorize because of the confusion many users have with the splash page shown on Authorize (many times they want to authorize a different account than their latest session), however Authorize does not support force_login. Is there a way around this, or can we get a version of authorize that bypasses the sign-out link to get the full credential input for our users? Many users have trouble with this. Thanks in advance! Justyn -- Abraham Williams | Awesome Lists |http://awesomeli.st Project | Intersect |http://intersect.labs.poseurtech.com Hacker |http://abrah.am|http://twitter.com/abraham This email is: [ ] shareable [x] ask first [ ] private. Sent from Madison, WI, United States -- Abraham Williams | Awesome Lists | http://awesomeli.st Project | Intersect | http://intersect.labs.poseurtech.com Hacker | http://abrah.am | http://twitter.com/abraham This email is: [ ] shareable [x] ask first [ ] private. Sent from Madison, WI, United States
[twitter-dev] Re: oAuth Authenticate vs. Authorize (force_login)
Hi guys - just wanted to make sure this stayed on the radar. I imagine others would like to use force_login for the Authorize function? On Dec 22, 4:46 pm, Justyn justyn.how...@gmail.com wrote: We've found it necessary to use the force_login method for Authorize because of the confusion many users have with the splash page shown on Authorize (many times they want to authorize a different account than their latest session), however Authorize does not support force_login. Is there a way around this, or can we get a version of authorize that bypasses the sign-out link to get the full credential input for our users? Many users have trouble with this. Thanks in advance! Justyn
