On Fri, Sep 3, 2010 at 11:43, Bernd Stramm wrote:
> On Fri, 3 Sep 2010 11:29:22 -0700 (PDT)
> Ken wrote:
>
> > What is the risk of storing a token? It can't be used outside your
> > app.
>
> The token being confined to use "within" an app is very insecure when
> the app runs on an end-user devic
On Fri, Sep 3, 2010 at 11:29, Ken wrote:
> What is the risk of storing a token? It can't be used outside your
> app.
>
Much less risk that having users register with your app with a password.
>
> This is for sites that manage users. There's no need for a
> registration flow, at least one that i
On Fri, 3 Sep 2010 11:29:22 -0700 (PDT)
Ken wrote:
> What is the risk of storing a token? It can't be used outside your
> app.
The token being confined to use "within" an app is very insecure when
the app runs on an end-user device. There soon will be a billion smart
phones, and many of those wi
On Fri, 03 Sep 2010 18:55:30 +0200
Tom van der Woerdt wrote:
> You may not have noticed, but with Twitter, if you request a token
> while you already have one, you'll simply get back the one you
> already have.
I don't know if that is correct. The ones I looked at were all
different, but that wa
If i don't want to manage an authentication system, risk storing passwords,
make users go through the paint of yet another registration flow then I
might consider just using Sign in with Twitter every time someone sign into
my site.
Abraham
-
Abraham Williams | Hacker Advocate | http:/
You may not have noticed, but with Twitter, if you request a token while
you already have one, you'll simply get back the one you already have.
Tom
On 9/3/10 6:47 PM, Bernd Stramm wrote:
> On Fri, 3 Sep 2010 01:27:34 -0700 (PDT)
> Ken wrote:
>
>> I thought I had found a solution, albeit a horr
On Fri, 3 Sep 2010 01:27:34 -0700 (PDT)
Ken wrote:
> I thought I had found a solution, albeit a horrendously ugly one:
> redirect them to http://twitter.com/logout, but even that doesn't
> work.
>
> If you are looking for reliable, don't log them in with OAuth - except
> once, the first time, wh
There is no pragmatic way to sign a user out of twitter.com through the API.
When a user logs out of your site send them to to twitter.com so they can
sign out there or to a page explaining they should sign out of twitter.com
Abraham
-
Abraham Williams | Hacker Advocate | http://abrah