> The difference (to my understanding) is that Authenticate does not
> authorize the app.

Huh?

Whether I use authorize or authenticate, my app can tweet etc on the
user's behalf.

What, exactly, do you think that authenticate and authorize do?  I
think that both can give my application a token that I can use to take
actions on the user's behalf.  I think that both do some sort of login
or check before doing so.

The difference that I see is in how twitter presents its questions
regarding the account that is allowing my application to do its thing.

That, and the bit that authenticate leaves folks logged in to twitter.


On Dec 28, 5:27 pm, Justyn <justyn.how...@gmail.com> wrote:
> The difference (to my understanding) is that Authenticate does not
> authorize the app. We need to have the app authorized but want to give
> the user the chance to choose which account to login with (and
> Authorize).
>
> Ideally, twitter state would not be effected, and user could authorize
> an app with desired account (regardless of session) without clicking
> "sign out".
>
> Justyn
>
> On Dec 28, 5:36 pm, Abraham Williams <4bra...@gmail.com> wrote:
>
>
>
> > That is true. Authenticate currently leaves the user logged in.
>
> > I would prefer that get fixed rather then adding force_login to authorize as
> > I view leaving users logged in as a security risk. Apparently Twitter does
> > not:
>
> >http://code.google.com/p/twitter-api/issues/detail?id=1070
>
> > On Mon, Dec 28, 2009 at 17:13, Andy Freeman <ana...@earthlink.net> wrote:
> > > > Then use authenticate. It accomplishes the same effect of authorize.
>
> > > Does it?  My notes say that authenticate leaves the user logged into
> > > twitter if they weren't before and that authorize doesn't.
>
> > > For my purposes, I'd like to force the user to specify their twitter
> > > account and password even if they're already logged in and not change
> > > their login state (as far as twitter is concerned) at all.
>
> > > I can imagine folks who'd like to allow users to quickly authorize the
> > > use of the logged in account (if any)
>
> > > I can't imagine anyone who'd want to change the user's logged in
> > > state.
>
> > > On Dec 27, 6:08 pm, Abraham Williams <4bra...@gmail.com> wrote:
> > > > Then use authenticate. It accomplishes the same effect of authorize.
>
> > > > On Sun, Dec 27, 2009 at 17:42, Justyn <justyn.how...@gmail.com> wrote:
> > > > > Thanks Abraham - I understand this is the current limitation, however
> > > > > I think there is a need for the foce_login to be available with the
> > > > > authorize function. The authorize landing page is confusing to users
> > > > > who want to sign-in with an account that is different from their
> > > > > latest session. The "sign-out" option is not obvious to users. This is
> > > > > based on user feedback, and I don't think we're the only ones having
> > > > > this issue.
>
> > > > > On Dec 27, 3:39 pm, Abraham Williams <4bra...@gmail.com> wrote:
> > > > > > force_login=true only works onhttps://
> > > twitter.com/oauth/authenticatenot
> > > > > > onhttps://twitter.com/oauth/authorize.
>
> > > > > > On Sat, Dec 26, 2009 at 23:23, el moro <axel.sachm...@googlemail.com
>
> > > > > wrote:
> > > > > > > Hi, i'd like to use force_login too in my new Rails application.
> > > This
> > > > > > > parameter seems to be buggy. For me it' s not working too.
>
> > > > > > > On 24 Dez., 05:18, Justyn <justyn.how...@gmail.com> wrote:
> > > > > > > > Hi guys - just wanted to make sure this stayed on the radar. I
> > > > > imagine
> > > > > > > > others would like to use force_login for the Authorize function?
>
> > > > > > > > On Dec 22, 4:46 pm, Justyn <justyn.how...@gmail.com> wrote:
>
> > > > > > > > > We've found it necessary to use the force_login method for
> > > > > Authorize
> > > > > > > > > because of the confusion many users have with the splash page
> > > shown
> > > > > on
> > > > > > > > > Authorize (many times they want to authorize a different
> > > account
> > > > > than
> > > > > > > > > their latest session), however Authorize does not support
> > > > > force_login.
>
> > > > > > > > > Is there a way around this, or can we get a version of
> > > authorize
> > > > > that
> > > > > > > > > bypasses the "sign-out" link to get the full credential input
> > > for
> > > > > our
> > > > > > > > > users?
>
> > > > > > > > > Many users have trouble with this.
>
> > > > > > > > > Thanks in advance!
>
> > > > > > > > > Justyn
>
> > > > > > --
> > > > > > Abraham Williams | Awesome Lists |http://awesomeli.st
> > > > > > Project | Intersect |http://intersect.labs.poseurtech.com
> > > > > > Hacker |http://abrah.am|http://twitter.com/abraham
> > > > > > This email is: [ ] shareable [x] ask first [ ] private.
> > > > > > Sent from Madison, WI, United States
>
> > > > --
> > > > Abraham Williams | Awesome Lists |http://awesomeli.st
> > > > Project | Intersect |http://intersect.labs.poseurtech.com
> > > > Hacker |http://abrah.am|http://twitter.com/abraham
> > > > This email is: [ ] shareable [x] ask first [ ] private.
> > > > Sent from Madison, WI, United States- Hide quoted text -
>
> > > > - Show quoted text -
>
> > --
> > Abraham Williams | Awesome Lists |http://awesomeli.st
> > Project | Intersect |http://intersect.labs.poseurtech.com
> > Hacker |http://abrah.am|http://twitter.com/abraham
> > This email is: [ ] shareable [x] ask first [ ] private.
> > Sent from Madison, WI, United States- Hide quoted text -
>
> - Show quoted text -

Reply via email to