That is true. Authenticate currently leaves the user logged in.

I would prefer that get fixed rather then adding force_login to authorize as
I view leaving users logged in as a security risk. Apparently Twitter does
not:

http://code.google.com/p/twitter-api/issues/detail?id=1070

On Mon, Dec 28, 2009 at 17:13, Andy Freeman <ana...@earthlink.net> wrote:

> > Then use authenticate. It accomplishes the same effect of authorize.
>
> Does it?  My notes say that authenticate leaves the user logged into
> twitter if they weren't before and that authorize doesn't.
>
> For my purposes, I'd like to force the user to specify their twitter
> account and password even if they're already logged in and not change
> their login state (as far as twitter is concerned) at all.
>
> I can imagine folks who'd like to allow users to quickly authorize the
> use of the logged in account (if any)
>
> I can't imagine anyone who'd want to change the user's logged in
> state.
>
> On Dec 27, 6:08 pm, Abraham Williams <4bra...@gmail.com> wrote:
> > Then use authenticate. It accomplishes the same effect of authorize.
> >
> >
> >
> >
> >
> > On Sun, Dec 27, 2009 at 17:42, Justyn <justyn.how...@gmail.com> wrote:
> > > Thanks Abraham - I understand this is the current limitation, however
> > > I think there is a need for the foce_login to be available with the
> > > authorize function. The authorize landing page is confusing to users
> > > who want to sign-in with an account that is different from their
> > > latest session. The "sign-out" option is not obvious to users. This is
> > > based on user feedback, and I don't think we're the only ones having
> > > this issue.
> >
> > > On Dec 27, 3:39 pm, Abraham Williams <4bra...@gmail.com> wrote:
> > > > force_login=true only works onhttps://
> twitter.com/oauth/authenticatenot
> > > > onhttps://twitter.com/oauth/authorize.
> >
> > > > On Sat, Dec 26, 2009 at 23:23, el moro <axel.sachm...@googlemail.com
> >
> > > wrote:
> > > > > Hi, i'd like to use force_login too in my new Rails application.
> This
> > > > > parameter seems to be buggy. For me it' s not working too.
> >
> > > > > On 24 Dez., 05:18, Justyn <justyn.how...@gmail.com> wrote:
> > > > > > Hi guys - just wanted to make sure this stayed on the radar. I
> > > imagine
> > > > > > others would like to use force_login for the Authorize function?
> >
> > > > > > On Dec 22, 4:46 pm, Justyn <justyn.how...@gmail.com> wrote:
> >
> > > > > > > We've found it necessary to use the force_login method for
> > > Authorize
> > > > > > > because of the confusion many users have with the splash page
> shown
> > > on
> > > > > > > Authorize (many times they want to authorize a different
> account
> > > than
> > > > > > > their latest session), however Authorize does not support
> > > force_login.
> >
> > > > > > > Is there a way around this, or can we get a version of
> authorize
> > > that
> > > > > > > bypasses the "sign-out" link to get the full credential input
> for
> > > our
> > > > > > > users?
> >
> > > > > > > Many users have trouble with this.
> >
> > > > > > > Thanks in advance!
> >
> > > > > > > Justyn
> >
> > > > --
> > > > Abraham Williams | Awesome Lists |http://awesomeli.st
> > > > Project | Intersect |http://intersect.labs.poseurtech.com
> > > > Hacker |http://abrah.am|http://twitter.com/abraham
> > > > This email is: [ ] shareable [x] ask first [ ] private.
> > > > Sent from Madison, WI, United States
> >
> > --
> > Abraham Williams | Awesome Lists |http://awesomeli.st
> > Project | Intersect |http://intersect.labs.poseurtech.com
> > Hacker |http://abrah.am|http://twitter.com/abraham
> > This email is: [ ] shareable [x] ask first [ ] private.
> > Sent from Madison, WI, United States- Hide quoted text -
> >
> > - Show quoted text -
>



-- 
Abraham Williams | Awesome Lists | http://awesomeli.st
Project | Intersect | http://intersect.labs.poseurtech.com
Hacker | http://abrah.am | http://twitter.com/abraham
This email is: [ ] shareable [x] ask first [ ] private.
Sent from Madison, WI, United States

Reply via email to