If they deny, you shouldn't get an OAuth authorization token back. Can't you just check for that?
Am I mistaken here? Do you always get a token back that just happens to be invalid if they deny? On Wed, Sep 16, 2009 at 14:08, New guy <ram....@gmail.com> wrote: > > Hi, while testing oAuth consumer code, I noticed that ..if the user > denies access to the app > (a) the post data includes "cancel=Deny" > and > (b) the response includes the string "OK, you've denied ...." > and if the user clicks on the app link, the user gets redirected to > the app URL with > (c) the app URL including the word "denied" in it. > > I couldn't find any documentation stating that (a) and (c) are both > oficially supported behaviors for oAuth with Twitter. > > I'm assuming that (a) and (c) are both corrects ways to determine > whether the app has been denied access, but can someone please point > me to documentation that confirms this. > -- Internets. Serious business.
