Except that this case fails for calls such as statuses/friends if the user isn't authenticated but you think he is you get a completely valid (from one point of view) set of results back but they do not include any protected users. Therefore a call to verify_credentials is necessary to ensure that you are processing the correct data.
-Bob On Thu, Aug 6, 2009 at 10:36 PM, Chris Babcock<cbabc...@asciiking.com> wrote: > > On Thu, 6 Aug 2009 12:01:14 -0400 > Robert Fishel <bobfis...@gmail.com> wrote: > >> I too thought that one should call verify credentials with Oauth. How >> are you suggesting we verify that the token is still active, another >> call to oauth_authenicate/authorize? > > The oauth_authenicate and oauth_authorize calls are not rate limited. > They can't be used to hack user credentials, so they don't need to be. > > Authentication is a once per session event. Once authenticated, a user > remains authenticated to your app until your own session controls > expire. This is independent of the user's Twitter session, except that > the user needs to be authenticated with Twitter in order for Twitter > to authenticate the user to your app. This happens once, at the > beginning of the user's session with your app and it is not subject to > a DoS attack on the account/verify_credentials service. > > It may be useful to verify that an authorization token has been > activated, but checking authorization before a call that will fail if > the authorization is not available is wasted bandwidth. You should > check after the call to see if the action succeeded. It's more reliable > and lower bandwidth. > > Chris Babcock > >
