If this is true, this is broken from a security perspective, IMHO. Basically it says that if anyone guesses an oauth_token, they can login to any site without having any idea who the user that maps to that token is.
- [twitter-dev] OAuth Authentication - clarification needed djMax
- [twitter-dev] Re: OAuth Authentication - clarification... Dimebrain
- [twitter-dev] Re: OAuth Authentication - clarifica... djMax
- [twitter-dev] Re: OAuth Authentication - clarifica... Dossy Shiobara
- [twitter-dev] Re: OAuth Authentication - clarification... Dossy Shiobara
