No, the oAuth login page doesn't provide oAuth access tokens
(regardless of whether the user approved or denied)

To get the oAuth access token, apps need to make a seperate oAuth GET
call (after the user has approved access on the oAuth login page)

On Sep 16, 2:36 pm, JDG <ghil...@gmail.com> wrote:
> If they deny, you shouldn't get an OAuth authorization token back. Can't you
> just check for that?
>
> Am I mistaken here? Do you always get a token back that just happens to be
> invalid if they deny?
>
>
>
>
>
> On Wed, Sep 16, 2009 at 14:08, New guy <ram....@gmail.com> wrote:
>
> > Hi, while testing oAuth consumer code, I noticed that ..if the user
> > denies access to the app
> > (a) the post data includes "cancel=Deny"
> > and
> > (b) the response includes the string "OK, you've denied ...."
> > and if the user clicks on the app link, the user gets redirected to
> > the app URL with
> > (c) the app URL including the word "denied" in it.
>
> > I couldn't find any documentation stating that (a) and (c) are both
> > oficially supported behaviors for oAuth with Twitter.
>
> > I'm assuming that (a) and (c) are both corrects ways to determine
> > whether the app has been denied access, but can someone please point
> > me to documentation that confirms this.
>
> --
> Internets. Serious business.- Hide quoted text -
>
> - Show quoted text -

Reply via email to