If they deny, you shouldn't get an OAuth authorization token back. Can't you
just check for that?

Am I mistaken here? Do you always get a token back that just happens to be
invalid if they deny?

On Wed, Sep 16, 2009 at 14:08, New guy <ram....@gmail.com> wrote:

> Hi, while testing oAuth consumer code, I noticed that ..if the user
> denies access to the app
> (a) the post data includes "cancel=Deny"
> and
> (b) the response includes the string "OK, you've denied ...."
> and if the user clicks on the app link, the user gets redirected to
> the app URL with
> (c) the app URL including the word "denied" in it.
> I couldn't find any documentation stating that (a) and (c) are both
> oficially supported behaviors for oAuth with Twitter.
> I'm assuming that (a) and (c) are both corrects ways to determine
> whether the app has been denied access, but can someone please point
> me to documentation that confirms this.

Internets. Serious business.

Reply via email to