Sorry, a little confused by your email. :-) It's really not directly related to "twitter sign-on" directly but with OAuth authentication in general that doesn't force the user to authenticate each time.
The problem is with all OAuth providers that shortcut the process of associating and granting user permissions by bypassing the login screen if they are already logged into that site (have a session cookie already or something). When our client or service handles multiple accounts the OAuth provider has for just a single user on our-side. What happens is that when a user on a service or client on our side wants to connect and authenticate with multiple accounts. For each link they create on their account on ourside, we will redirect them back to twitter or OAuth provider to grant us permissions. The problem is that they are automatically logged in using their session on that site, so the permissions they are granting us are for that same user that they probably already set up previously. Does that make sense? Zac Bowling On Thu, Apr 16, 2009 at 10:45 AM, Ivan Kirigin <[email protected]> wrote: > > Zac, this can be solved just be properly modeling user accounts and > twitter accounts. > > It should be one-to-many. Signing in with any of their twitter > accounts can sign in that user. > > Let me know if that doesn't address your problem. > > Ivan > http://tipjoy.com > > > On Apr 16, 1:18 pm, Zac Bowling <[email protected]> wrote: >> Hi Doug, >> >> There is a use case that sort of sucks when you don't force the user >> to authenticate each time, and thats when a your application supports >> multiple twitter accounts. Its nice to shortcut authenticating because >> it removes a step for the end user, but it sucks when you are trying >> to associate with multiple accounts. >> >> It would be nice if we could pass a flag to force login to show, or >> pass in an expected username and if its not the same as what twitter >> has for their session cookie, it invalidates and forces a login or >> something. >> >> Not sure if something like this exists already or anyone has ran into >> this issue and figured out a work around. >> >> Zac Bowling >> >> On Thu, Apr 16, 2009 at 9:55 AM, Doug Williams <[email protected]> wrote: >> >> > Related: More OAuth documentation is to come throughout the day so >> > some of the links will be broken. It's a glaring omission in the >> > documentation. >> >> > Let's use this thread to fill the holes people find while implementing >> > Sign in with Twitter for the time being. >> >> > Cheers, >> > Doug Williams >> > Twitter API Support >> >http://twitter.com/dougw >> >> > On Apr 16, 9:52 am, Doug Williams <[email protected]> wrote: >> >> Matt has deployed our answer for one click login. It requires only a small >> >> change to the normal Twitter OAuth workflow and is documented here: >> >> >>http://apiwiki.twitter.com/Sign-in-with-Twitter >> >> >> This is the perfect tool for web applications wanting to offer users the >> >> ability to sign in with a Twitter account and a single mouse click. We >> >> want >> >> to see it in the wild so please let us know if you roll this out in your >> >> application. >> >> >> Thanks, >> >> Doug Williams >> >> Twitter API Supporthttp://twitter.com/dougw
