This seems like to much of an edge case for Twitter to spend resources on.
Abraham
On Thu, Apr 8, 2010 at 12:23, Mike Repass mike.rep...@gmail.com wrote:
A scenario for justifying invalidateToken:
- User visits AwesomeApp and wants to connect his Twitter account
- AwesomeApp redirects
This seems like too much of an edge case for Twitter to spend resources on.
You can always include force_login=true to always prompt the user
for credentials.
Abraham
On Thu, Apr 8, 2010 at 12:23, Mike Repass mike.rep...@gmail.com wrote:
A scenario for justifying invalidateToken:
- User
additionally, in oauth 2.0 we will have the ability to set expiration dates
for tokens, so after a certain time periods, tokens could just automatically
expire.
i rather not have an actual API that would expire a token as that seems like
an interesting attack vector.
On Mon, Apr 12, 2010 at
There is no API endpoint that I know of and don't think one should exist.
Users should not trust
thirdparties to self-revoke access to their accounts. Users should know how
to do it from twitter.com
via the connections page. It might be nice if we could generate a redirect
link to a page on
A scenario for justifying invalidateToken:
- User visits AwesomeApp and wants to connect his Twitter account
- AwesomeApp redirects to Twitter's OAuth flow
- User fails to notice that someone else, UserX, is already logged in to
Twitter in the current browser and clicks through
-