[twitter-dev] Re: oAuth Authenticate vs. Authorize (force_login)
Does authenticate actually authorize the app to perform operations on behalf of the user? My understanding is the user must first authorize the app and then the app can send them through authenticate in the future as a login check. If the user never approves the app in an authorize operation, I don't think the app has the right to perform and twitter operations on behalf of the user. On Dec 29, 1:44 pm, Andy Freeman ana...@earthlink.net wrote: Nice =https://twitter.com/oauth/authenticate?force_login=true?{signed args} this stuff is working very well for me;) Thank you for your hint. While that works, I think that it shouldn't. (1) I don't think that it's a legal url because it has two '?'s. (2) force_login=true isn't part of the signed arguments so it should be rejected. (The whole point of signing is to block man-in-the- middle attacks that alter arguments.) I haven't tried including force_login=true in the signed arguments. Are you saying that it doesn't work? If so, I'd say that that's a bug, as is the above. Thanks, -andy On Dec 28, 9:41 pm, el moro axel.sachm...@googlemail.com wrote: Nice =https://twitter.com/oauth/authenticate?force_login=true?{signed args} this stuff is working very well for me;) Thank you for your hint. Axel On 29 Dez., 03:21, Andy Freeman ana...@earthlink.net wrote: The difference (to my understanding) is that Authenticate does not authorize the app. Huh? Whether I use authorize or authenticate, my app can tweet etc on the user's behalf. What, exactly, do you think that authenticate and authorize do? I think that both can give my application a token that I can use to take actions on the user's behalf. I think that both do some sort of login or check before doing so. The difference that I see is in how twitter presents its questions regarding the account that is allowing my application to do its thing. That, and the bit that authenticate leaves folks logged in to twitter. On Dec 28, 5:27 pm, Justyn justyn.how...@gmail.com wrote: The difference (to my understanding) is that Authenticate does not authorize the app. We need to have the app authorized but want to give the user the chance to choose which account to login with (and Authorize). Ideally, twitter state would not be effected, and user could authorize an app with desired account (regardless of session) without clicking sign out. Justyn On Dec 28, 5:36 pm, Abraham Williams 4bra...@gmail.com wrote: That is true. Authenticate currently leaves the user logged in. I would prefer that get fixed rather then adding force_login to authorize as I view leaving users logged in as a security risk. Apparently Twitter does not: http://code.google.com/p/twitter-api/issues/detail?id=1070 On Mon, Dec 28, 2009 at 17:13, Andy Freeman ana...@earthlink.net wrote: Then use authenticate. It accomplishes the same effect of authorize. Does it? My notes say that authenticate leaves the user logged into twitter if they weren't before and that authorize doesn't. For my purposes, I'd like to force the user to specify their twitter account and password even if they're already logged in and not change their login state (as far as twitter is concerned) at all. I can imagine folks who'd like to allow users to quickly authorize the use of the logged in account (if any) I can't imagine anyone who'd want to change the user's logged in state. On Dec 27, 6:08 pm, Abraham Williams 4bra...@gmail.com wrote: Then use authenticate. It accomplishes the same effect of authorize. On Sun, Dec 27, 2009 at 17:42, Justyn justyn.how...@gmail.com wrote: Thanks Abraham - I understand this is the current limitation, however I think there is a need for the foce_login to be available with the authorize function. The authorize landing page is confusing to users who want to sign-in with an account that is different from their latest session. The sign-out option is not obvious to users. This is based on user feedback, and I don't think we're the only ones having this issue. On Dec 27, 3:39 pm, Abraham Williams 4bra...@gmail.com wrote: force_login=true only works onhttps:// twitter.com/oauth/authenticatenot onhttps://twitter.com/oauth/authorize. On Sat, Dec 26, 2009 at 23:23, el moro axel.sachm...@googlemail.com wrote: Hi, i'd like to use force_login too in my new Rails application. This parameter seems to be buggy. For me it' s not working too. On 24 Dez., 05:18, Justyn justyn.how...@gmail.com wrote: Hi guys - just wanted to make sure this stayed on the
Re: [twitter-dev] Re: oAuth Authenticate vs. Authorize (force_login)
@andy: oauth/authenticate is not signed other then with SSL. You are just passing the request token to Twitter. @aaron: authenticate and authorize both result in access tokens that allow you to act on behalf of the user. The first time a user goes through authenticate they authorize the application. On Tue, Dec 29, 2009 at 14:16, Aaron Rankin aran...@gmail.com wrote: Does authenticate actually authorize the app to perform operations on behalf of the user? My understanding is the user must first authorize the app and then the app can send them through authenticate in the future as a login check. If the user never approves the app in an authorize operation, I don't think the app has the right to perform and twitter operations on behalf of the user. On Dec 29, 1:44 pm, Andy Freeman ana...@earthlink.net wrote: Nice =https://twitter.com/oauth/authenticate?force_login=true?{signed args} this stuff is working very well for me;) Thank you for your hint. While that works, I think that it shouldn't. (1) I don't think that it's a legal url because it has two '?'s. (2) force_login=true isn't part of the signed arguments so it should be rejected. (The whole point of signing is to block man-in-the- middle attacks that alter arguments.) I haven't tried including force_login=true in the signed arguments. Are you saying that it doesn't work? If so, I'd say that that's a bug, as is the above. Thanks, -andy On Dec 28, 9:41 pm, el moro axel.sachm...@googlemail.com wrote: Nice =https://twitter.com/oauth/authenticate?force_login=true?{signed args} this stuff is working very well for me;) Thank you for your hint. Axel On 29 Dez., 03:21, Andy Freeman ana...@earthlink.net wrote: The difference (to my understanding) is that Authenticate does not authorize the app. Huh? Whether I use authorize or authenticate, my app can tweet etc on the user's behalf. What, exactly, do you think that authenticate and authorize do? I think that both can give my application a token that I can use to take actions on the user's behalf. I think that both do some sort of login or check before doing so. The difference that I see is in how twitter presents its questions regarding the account that is allowing my application to do its thing. That, and the bit that authenticate leaves folks logged in to twitter. On Dec 28, 5:27 pm, Justyn justyn.how...@gmail.com wrote: The difference (to my understanding) is that Authenticate does not authorize the app. We need to have the app authorized but want to give the user the chance to choose which account to login with (and Authorize). Ideally, twitter state would not be effected, and user could authorize an app with desired account (regardless of session) without clicking sign out. Justyn On Dec 28, 5:36 pm, Abraham Williams 4bra...@gmail.com wrote: That is true. Authenticate currently leaves the user logged in. I would prefer that get fixed rather then adding force_login to authorize as I view leaving users logged in as a security risk. Apparently Twitter does not: http://code.google.com/p/twitter-api/issues/detail?id=1070 On Mon, Dec 28, 2009 at 17:13, Andy Freeman ana...@earthlink.net wrote: Then use authenticate. It accomplishes the same effect of authorize. Does it? My notes say that authenticate leaves the user logged into twitter if they weren't before and that authorize doesn't. For my purposes, I'd like to force the user to specify their twitter account and password even if they're already logged in and not change their login state (as far as twitter is concerned) at all. I can imagine folks who'd like to allow users to quickly authorize the use of the logged in account (if any) I can't imagine anyone who'd want to change the user's logged in state. On Dec 27, 6:08 pm, Abraham Williams 4bra...@gmail.com wrote: Then use authenticate. It accomplishes the same effect of authorize. On Sun, Dec 27, 2009 at 17:42, Justyn justyn.how...@gmail.com wrote: Thanks Abraham - I understand this is the current limitation, however I think there is a need for the foce_login to be available with the authorize function. The authorize landing page is confusing to users who want to sign-in with an account that is different from their latest session. The sign-out option is not obvious to users. This is based on user feedback, and I don't think we're the only ones having this issue. On Dec 27, 3:39 pm, Abraham Williams 4bra...@gmail.com wrote: force_login=true only works onhttps:// twitter.com/oauth/authenticatenot onhttps://twitter.com/oauth/authorize.
[twitter-dev] Re: oAuth Authenticate vs. Authorize (force_login)
Then use authenticate. It accomplishes the same effect of authorize. Does it? My notes say that authenticate leaves the user logged into twitter if they weren't before and that authorize doesn't. For my purposes, I'd like to force the user to specify their twitter account and password even if they're already logged in and not change their login state (as far as twitter is concerned) at all. I can imagine folks who'd like to allow users to quickly authorize the use of the logged in account (if any) I can't imagine anyone who'd want to change the user's logged in state. On Dec 27, 6:08 pm, Abraham Williams 4bra...@gmail.com wrote: Then use authenticate. It accomplishes the same effect of authorize. On Sun, Dec 27, 2009 at 17:42, Justyn justyn.how...@gmail.com wrote: Thanks Abraham - I understand this is the current limitation, however I think there is a need for the foce_login to be available with the authorize function. The authorize landing page is confusing to users who want to sign-in with an account that is different from their latest session. The sign-out option is not obvious to users. This is based on user feedback, and I don't think we're the only ones having this issue. On Dec 27, 3:39 pm, Abraham Williams 4bra...@gmail.com wrote: force_login=true only works onhttps://twitter.com/oauth/authenticatenot onhttps://twitter.com/oauth/authorize. On Sat, Dec 26, 2009 at 23:23, el moro axel.sachm...@googlemail.com wrote: Hi, i'd like to use force_login too in my new Rails application. This parameter seems to be buggy. For me it' s not working too. On 24 Dez., 05:18, Justyn justyn.how...@gmail.com wrote: Hi guys - just wanted to make sure this stayed on the radar. I imagine others would like to use force_login for the Authorize function? On Dec 22, 4:46 pm, Justyn justyn.how...@gmail.com wrote: We've found it necessary to use the force_login method for Authorize because of the confusion many users have with the splash page shown on Authorize (many times they want to authorize a different account than their latest session), however Authorize does not support force_login. Is there a way around this, or can we get a version of authorize that bypasses the sign-out link to get the full credential input for our users? Many users have trouble with this. Thanks in advance! Justyn -- Abraham Williams | Awesome Lists |http://awesomeli.st Project | Intersect |http://intersect.labs.poseurtech.com Hacker |http://abrah.am|http://twitter.com/abraham This email is: [ ] shareable [x] ask first [ ] private. Sent from Madison, WI, United States -- Abraham Williams | Awesome Lists |http://awesomeli.st Project | Intersect |http://intersect.labs.poseurtech.com Hacker |http://abrah.am|http://twitter.com/abraham This email is: [ ] shareable [x] ask first [ ] private. Sent from Madison, WI, United States- Hide quoted text - - Show quoted text -
[twitter-dev] Re: oAuth Authenticate vs. Authorize (force_login)
Then use authenticate. It accomplishes the same effect of authorize. Does it? My notes say that authenticate leaves the user logged into twitter if they weren't before and that authorize doesn't. For my purposes, I'd like to force the user to specify their twitter account and password even if they're already logged in and not change their login state (as far as twitter is concerned) at all. I can imagine folks who'd like to allow users to quickly authorize the use of the logged in account (if any) I can't imagine anyone who'd want to change the user's logged in state. Then again, my notes also say that onhttps://twitter.com/oauth/authenticate?force_login=true?{signed args} works. On Dec 27, 6:08 pm, Abraham Williams 4bra...@gmail.com wrote: Then use authenticate. It accomplishes the same effect of authorize. On Sun, Dec 27, 2009 at 17:42, Justyn justyn.how...@gmail.com wrote: Thanks Abraham - I understand this is the current limitation, however I think there is a need for the foce_login to be available with the authorize function. The authorize landing page is confusing to users who want to sign-in with an account that is different from their latest session. The sign-out option is not obvious to users. This is based on user feedback, and I don't think we're the only ones having this issue. On Dec 27, 3:39 pm, Abraham Williams 4bra...@gmail.com wrote: force_login=true only works onhttps://twitter.com/oauth/authenticatenot onhttps://twitter.com/oauth/authorize. On Sat, Dec 26, 2009 at 23:23, el moro axel.sachm...@googlemail.com wrote: Hi, i'd like to use force_login too in my new Rails application. This parameter seems to be buggy. For me it' s not working too. On 24 Dez., 05:18, Justyn justyn.how...@gmail.com wrote: Hi guys - just wanted to make sure this stayed on the radar. I imagine others would like to use force_login for the Authorize function? On Dec 22, 4:46 pm, Justyn justyn.how...@gmail.com wrote: We've found it necessary to use the force_login method for Authorize because of the confusion many users have with the splash page shown on Authorize (many times they want to authorize a different account than their latest session), however Authorize does not support force_login. Is there a way around this, or can we get a version of authorize that bypasses the sign-out link to get the full credential input for our users? Many users have trouble with this. Thanks in advance! Justyn -- Abraham Williams | Awesome Lists |http://awesomeli.st Project | Intersect |http://intersect.labs.poseurtech.com Hacker |http://abrah.am|http://twitter.com/abraham This email is: [ ] shareable [x] ask first [ ] private. Sent from Madison, WI, United States -- Abraham Williams | Awesome Lists |http://awesomeli.st Project | Intersect |http://intersect.labs.poseurtech.com Hacker |http://abrah.am|http://twitter.com/abraham This email is: [ ] shareable [x] ask first [ ] private. Sent from Madison, WI, United States- Hide quoted text - - Show quoted text -
Re: [twitter-dev] Re: oAuth Authenticate vs. Authorize (force_login)
That is true. Authenticate currently leaves the user logged in. I would prefer that get fixed rather then adding force_login to authorize as I view leaving users logged in as a security risk. Apparently Twitter does not: http://code.google.com/p/twitter-api/issues/detail?id=1070 On Mon, Dec 28, 2009 at 17:13, Andy Freeman ana...@earthlink.net wrote: Then use authenticate. It accomplishes the same effect of authorize. Does it? My notes say that authenticate leaves the user logged into twitter if they weren't before and that authorize doesn't. For my purposes, I'd like to force the user to specify their twitter account and password even if they're already logged in and not change their login state (as far as twitter is concerned) at all. I can imagine folks who'd like to allow users to quickly authorize the use of the logged in account (if any) I can't imagine anyone who'd want to change the user's logged in state. On Dec 27, 6:08 pm, Abraham Williams 4bra...@gmail.com wrote: Then use authenticate. It accomplishes the same effect of authorize. On Sun, Dec 27, 2009 at 17:42, Justyn justyn.how...@gmail.com wrote: Thanks Abraham - I understand this is the current limitation, however I think there is a need for the foce_login to be available with the authorize function. The authorize landing page is confusing to users who want to sign-in with an account that is different from their latest session. The sign-out option is not obvious to users. This is based on user feedback, and I don't think we're the only ones having this issue. On Dec 27, 3:39 pm, Abraham Williams 4bra...@gmail.com wrote: force_login=true only works onhttps:// twitter.com/oauth/authenticatenot onhttps://twitter.com/oauth/authorize. On Sat, Dec 26, 2009 at 23:23, el moro axel.sachm...@googlemail.com wrote: Hi, i'd like to use force_login too in my new Rails application. This parameter seems to be buggy. For me it' s not working too. On 24 Dez., 05:18, Justyn justyn.how...@gmail.com wrote: Hi guys - just wanted to make sure this stayed on the radar. I imagine others would like to use force_login for the Authorize function? On Dec 22, 4:46 pm, Justyn justyn.how...@gmail.com wrote: We've found it necessary to use the force_login method for Authorize because of the confusion many users have with the splash page shown on Authorize (many times they want to authorize a different account than their latest session), however Authorize does not support force_login. Is there a way around this, or can we get a version of authorize that bypasses the sign-out link to get the full credential input for our users? Many users have trouble with this. Thanks in advance! Justyn -- Abraham Williams | Awesome Lists |http://awesomeli.st Project | Intersect |http://intersect.labs.poseurtech.com Hacker |http://abrah.am|http://twitter.com/abraham This email is: [ ] shareable [x] ask first [ ] private. Sent from Madison, WI, United States -- Abraham Williams | Awesome Lists |http://awesomeli.st Project | Intersect |http://intersect.labs.poseurtech.com Hacker |http://abrah.am|http://twitter.com/abraham This email is: [ ] shareable [x] ask first [ ] private. Sent from Madison, WI, United States- Hide quoted text - - Show quoted text - -- Abraham Williams | Awesome Lists | http://awesomeli.st Project | Intersect | http://intersect.labs.poseurtech.com Hacker | http://abrah.am | http://twitter.com/abraham This email is: [ ] shareable [x] ask first [ ] private. Sent from Madison, WI, United States
[twitter-dev] Re: oAuth Authenticate vs. Authorize (force_login)
The difference (to my understanding) is that Authenticate does not authorize the app. We need to have the app authorized but want to give the user the chance to choose which account to login with (and Authorize). Ideally, twitter state would not be effected, and user could authorize an app with desired account (regardless of session) without clicking sign out. Justyn On Dec 28, 5:36 pm, Abraham Williams 4bra...@gmail.com wrote: That is true. Authenticate currently leaves the user logged in. I would prefer that get fixed rather then adding force_login to authorize as I view leaving users logged in as a security risk. Apparently Twitter does not: http://code.google.com/p/twitter-api/issues/detail?id=1070 On Mon, Dec 28, 2009 at 17:13, Andy Freeman ana...@earthlink.net wrote: Then use authenticate. It accomplishes the same effect of authorize. Does it? My notes say that authenticate leaves the user logged into twitter if they weren't before and that authorize doesn't. For my purposes, I'd like to force the user to specify their twitter account and password even if they're already logged in and not change their login state (as far as twitter is concerned) at all. I can imagine folks who'd like to allow users to quickly authorize the use of the logged in account (if any) I can't imagine anyone who'd want to change the user's logged in state. On Dec 27, 6:08 pm, Abraham Williams 4bra...@gmail.com wrote: Then use authenticate. It accomplishes the same effect of authorize. On Sun, Dec 27, 2009 at 17:42, Justyn justyn.how...@gmail.com wrote: Thanks Abraham - I understand this is the current limitation, however I think there is a need for the foce_login to be available with the authorize function. The authorize landing page is confusing to users who want to sign-in with an account that is different from their latest session. The sign-out option is not obvious to users. This is based on user feedback, and I don't think we're the only ones having this issue. On Dec 27, 3:39 pm, Abraham Williams 4bra...@gmail.com wrote: force_login=true only works onhttps:// twitter.com/oauth/authenticatenot onhttps://twitter.com/oauth/authorize. On Sat, Dec 26, 2009 at 23:23, el moro axel.sachm...@googlemail.com wrote: Hi, i'd like to use force_login too in my new Rails application. This parameter seems to be buggy. For me it' s not working too. On 24 Dez., 05:18, Justyn justyn.how...@gmail.com wrote: Hi guys - just wanted to make sure this stayed on the radar. I imagine others would like to use force_login for the Authorize function? On Dec 22, 4:46 pm, Justyn justyn.how...@gmail.com wrote: We've found it necessary to use the force_login method for Authorize because of the confusion many users have with the splash page shown on Authorize (many times they want to authorize a different account than their latest session), however Authorize does not support force_login. Is there a way around this, or can we get a version of authorize that bypasses the sign-out link to get the full credential input for our users? Many users have trouble with this. Thanks in advance! Justyn -- Abraham Williams | Awesome Lists |http://awesomeli.st Project | Intersect |http://intersect.labs.poseurtech.com Hacker |http://abrah.am|http://twitter.com/abraham This email is: [ ] shareable [x] ask first [ ] private. Sent from Madison, WI, United States -- Abraham Williams | Awesome Lists |http://awesomeli.st Project | Intersect |http://intersect.labs.poseurtech.com Hacker |http://abrah.am|http://twitter.com/abraham This email is: [ ] shareable [x] ask first [ ] private. Sent from Madison, WI, United States- Hide quoted text - - Show quoted text - -- Abraham Williams | Awesome Lists |http://awesomeli.st Project | Intersect |http://intersect.labs.poseurtech.com Hacker |http://abrah.am|http://twitter.com/abraham This email is: [ ] shareable [x] ask first [ ] private. Sent from Madison, WI, United States
[twitter-dev] Re: oAuth Authenticate vs. Authorize (force_login)
The difference (to my understanding) is that Authenticate does not authorize the app. Huh? Whether I use authorize or authenticate, my app can tweet etc on the user's behalf. What, exactly, do you think that authenticate and authorize do? I think that both can give my application a token that I can use to take actions on the user's behalf. I think that both do some sort of login or check before doing so. The difference that I see is in how twitter presents its questions regarding the account that is allowing my application to do its thing. That, and the bit that authenticate leaves folks logged in to twitter. On Dec 28, 5:27 pm, Justyn justyn.how...@gmail.com wrote: The difference (to my understanding) is that Authenticate does not authorize the app. We need to have the app authorized but want to give the user the chance to choose which account to login with (and Authorize). Ideally, twitter state would not be effected, and user could authorize an app with desired account (regardless of session) without clicking sign out. Justyn On Dec 28, 5:36 pm, Abraham Williams 4bra...@gmail.com wrote: That is true. Authenticate currently leaves the user logged in. I would prefer that get fixed rather then adding force_login to authorize as I view leaving users logged in as a security risk. Apparently Twitter does not: http://code.google.com/p/twitter-api/issues/detail?id=1070 On Mon, Dec 28, 2009 at 17:13, Andy Freeman ana...@earthlink.net wrote: Then use authenticate. It accomplishes the same effect of authorize. Does it? My notes say that authenticate leaves the user logged into twitter if they weren't before and that authorize doesn't. For my purposes, I'd like to force the user to specify their twitter account and password even if they're already logged in and not change their login state (as far as twitter is concerned) at all. I can imagine folks who'd like to allow users to quickly authorize the use of the logged in account (if any) I can't imagine anyone who'd want to change the user's logged in state. On Dec 27, 6:08 pm, Abraham Williams 4bra...@gmail.com wrote: Then use authenticate. It accomplishes the same effect of authorize. On Sun, Dec 27, 2009 at 17:42, Justyn justyn.how...@gmail.com wrote: Thanks Abraham - I understand this is the current limitation, however I think there is a need for the foce_login to be available with the authorize function. The authorize landing page is confusing to users who want to sign-in with an account that is different from their latest session. The sign-out option is not obvious to users. This is based on user feedback, and I don't think we're the only ones having this issue. On Dec 27, 3:39 pm, Abraham Williams 4bra...@gmail.com wrote: force_login=true only works onhttps:// twitter.com/oauth/authenticatenot onhttps://twitter.com/oauth/authorize. On Sat, Dec 26, 2009 at 23:23, el moro axel.sachm...@googlemail.com wrote: Hi, i'd like to use force_login too in my new Rails application. This parameter seems to be buggy. For me it' s not working too. On 24 Dez., 05:18, Justyn justyn.how...@gmail.com wrote: Hi guys - just wanted to make sure this stayed on the radar. I imagine others would like to use force_login for the Authorize function? On Dec 22, 4:46 pm, Justyn justyn.how...@gmail.com wrote: We've found it necessary to use the force_login method for Authorize because of the confusion many users have with the splash page shown on Authorize (many times they want to authorize a different account than their latest session), however Authorize does not support force_login. Is there a way around this, or can we get a version of authorize that bypasses the sign-out link to get the full credential input for our users? Many users have trouble with this. Thanks in advance! Justyn -- Abraham Williams | Awesome Lists |http://awesomeli.st Project | Intersect |http://intersect.labs.poseurtech.com Hacker |http://abrah.am|http://twitter.com/abraham This email is: [ ] shareable [x] ask first [ ] private. Sent from Madison, WI, United States -- Abraham Williams | Awesome Lists |http://awesomeli.st Project | Intersect |http://intersect.labs.poseurtech.com Hacker |http://abrah.am|http://twitter.com/abraham This email is: [ ] shareable [x] ask first [ ] private. Sent from Madison, WI, United States- Hide quoted text - - Show quoted text - -- Abraham Williams | Awesome Lists |http://awesomeli.st Project | Intersect |http://intersect.labs.poseurtech.com Hacker |http://abrah.am|http://twitter.com/abraham This email is: [ ] shareable [x] ask first [ ] private. Sent from
[twitter-dev] Re: oAuth Authenticate vs. Authorize (force_login)
Hi, i'd like to use force_login too in my new Rails application. This parameter seems to be buggy. For me it' s not working too. On 24 Dez., 05:18, Justyn justyn.how...@gmail.com wrote: Hi guys - just wanted to make sure this stayed on the radar. I imagine others would like to use force_login for the Authorize function? On Dec 22, 4:46 pm, Justyn justyn.how...@gmail.com wrote: We've found it necessary to use the force_login method for Authorize because of the confusion many users have with the splash page shown on Authorize (many times they want to authorize a different account than their latest session), however Authorize does not support force_login. Is there a way around this, or can we get a version of authorize that bypasses the sign-out link to get the full credential input for our users? Many users have trouble with this. Thanks in advance! Justyn
Re: [twitter-dev] Re: oAuth Authenticate vs. Authorize (force_login)
force_login=true only works on https://twitter.com/oauth/authenticate not on https://twitter.com/oauth/authorize. On Sat, Dec 26, 2009 at 23:23, el moro axel.sachm...@googlemail.com wrote: Hi, i'd like to use force_login too in my new Rails application. This parameter seems to be buggy. For me it' s not working too. On 24 Dez., 05:18, Justyn justyn.how...@gmail.com wrote: Hi guys - just wanted to make sure this stayed on the radar. I imagine others would like to use force_login for the Authorize function? On Dec 22, 4:46 pm, Justyn justyn.how...@gmail.com wrote: We've found it necessary to use the force_login method for Authorize because of the confusion many users have with the splash page shown on Authorize (many times they want to authorize a different account than their latest session), however Authorize does not support force_login. Is there a way around this, or can we get a version of authorize that bypasses the sign-out link to get the full credential input for our users? Many users have trouble with this. Thanks in advance! Justyn -- Abraham Williams | Awesome Lists | http://awesomeli.st Project | Intersect | http://intersect.labs.poseurtech.com Hacker | http://abrah.am | http://twitter.com/abraham This email is: [ ] shareable [x] ask first [ ] private. Sent from Madison, WI, United States
[twitter-dev] Re: oAuth Authenticate vs. Authorize (force_login)
Thanks Abraham - I understand this is the current limitation, however I think there is a need for the foce_login to be available with the authorize function. The authorize landing page is confusing to users who want to sign-in with an account that is different from their latest session. The sign-out option is not obvious to users. This is based on user feedback, and I don't think we're the only ones having this issue. On Dec 27, 3:39 pm, Abraham Williams 4bra...@gmail.com wrote: force_login=true only works onhttps://twitter.com/oauth/authenticatenot onhttps://twitter.com/oauth/authorize. On Sat, Dec 26, 2009 at 23:23, el moro axel.sachm...@googlemail.com wrote: Hi, i'd like to use force_login too in my new Rails application. This parameter seems to be buggy. For me it' s not working too. On 24 Dez., 05:18, Justyn justyn.how...@gmail.com wrote: Hi guys - just wanted to make sure this stayed on the radar. I imagine others would like to use force_login for the Authorize function? On Dec 22, 4:46 pm, Justyn justyn.how...@gmail.com wrote: We've found it necessary to use the force_login method for Authorize because of the confusion many users have with the splash page shown on Authorize (many times they want to authorize a different account than their latest session), however Authorize does not support force_login. Is there a way around this, or can we get a version of authorize that bypasses the sign-out link to get the full credential input for our users? Many users have trouble with this. Thanks in advance! Justyn -- Abraham Williams | Awesome Lists |http://awesomeli.st Project | Intersect |http://intersect.labs.poseurtech.com Hacker |http://abrah.am|http://twitter.com/abraham This email is: [ ] shareable [x] ask first [ ] private. Sent from Madison, WI, United States
Re: [twitter-dev] Re: oAuth Authenticate vs. Authorize (force_login)
Then use authenticate. It accomplishes the same effect of authorize. On Sun, Dec 27, 2009 at 17:42, Justyn justyn.how...@gmail.com wrote: Thanks Abraham - I understand this is the current limitation, however I think there is a need for the foce_login to be available with the authorize function. The authorize landing page is confusing to users who want to sign-in with an account that is different from their latest session. The sign-out option is not obvious to users. This is based on user feedback, and I don't think we're the only ones having this issue. On Dec 27, 3:39 pm, Abraham Williams 4bra...@gmail.com wrote: force_login=true only works onhttps://twitter.com/oauth/authenticatenot onhttps://twitter.com/oauth/authorize. On Sat, Dec 26, 2009 at 23:23, el moro axel.sachm...@googlemail.com wrote: Hi, i'd like to use force_login too in my new Rails application. This parameter seems to be buggy. For me it' s not working too. On 24 Dez., 05:18, Justyn justyn.how...@gmail.com wrote: Hi guys - just wanted to make sure this stayed on the radar. I imagine others would like to use force_login for the Authorize function? On Dec 22, 4:46 pm, Justyn justyn.how...@gmail.com wrote: We've found it necessary to use the force_login method for Authorize because of the confusion many users have with the splash page shown on Authorize (many times they want to authorize a different account than their latest session), however Authorize does not support force_login. Is there a way around this, or can we get a version of authorize that bypasses the sign-out link to get the full credential input for our users? Many users have trouble with this. Thanks in advance! Justyn -- Abraham Williams | Awesome Lists |http://awesomeli.st Project | Intersect |http://intersect.labs.poseurtech.com Hacker |http://abrah.am|http://twitter.com/abraham This email is: [ ] shareable [x] ask first [ ] private. Sent from Madison, WI, United States -- Abraham Williams | Awesome Lists | http://awesomeli.st Project | Intersect | http://intersect.labs.poseurtech.com Hacker | http://abrah.am | http://twitter.com/abraham This email is: [ ] shareable [x] ask first [ ] private. Sent from Madison, WI, United States
[twitter-dev] Re: oAuth Authenticate vs. Authorize (force_login)
Hi guys - just wanted to make sure this stayed on the radar. I imagine others would like to use force_login for the Authorize function? On Dec 22, 4:46 pm, Justyn justyn.how...@gmail.com wrote: We've found it necessary to use the force_login method for Authorize because of the confusion many users have with the splash page shown on Authorize (many times they want to authorize a different account than their latest session), however Authorize does not support force_login. Is there a way around this, or can we get a version of authorize that bypasses the sign-out link to get the full credential input for our users? Many users have trouble with this. Thanks in advance! Justyn