I am using as a reference the Sign in with Twitter documentation at:
http://apiwiki.twitter.com/Sign-in-with-Twitter

When I issue an authenticate call to:
https://twitter.com/oauth/authenticate?oauth_token=<request_token>

The callback I get is:
<callback_url>?oauth_token=<request_token>&oauth_verifier=<verifier>

Questions:
1. This callback appears to be identical to the authorize response.
Is there an error with the flow chart on the Sign in with Twitter page
that indicates an authenticate callback will include the access token
and token secret?

2. I understand that the advantage of using the authenticate process
is that if a user has already authorized an application, they don't
need to do it again.   Is there any reason to use the authorize
process instead?  It seems that apps would benefit from always using
the Sign in with Twitter authenticate flow.

Thanks,

- Scott




Reply via email to