Can anyone from Twitter speak to this? I originally thought force_login=true
was a great way to make sure a user doesn't accidentally add the wrong
account since users connect multiple twitter accounts on my site, but this
unexpected revoking of oauth tokens upon hitting cancel might force me
It is reproducible. Just have valid an access token then go through
/oauth/authenticate with force_login=true and hit cancel. The access token
will no longer be valid.
I would not expect hitting cancel to revoke my access token while I would
expect hitting deny to revoke my access token. I feel
