Re 1)

It will probably work best if one can enter a separate URL where the
revoked callbacks must be sent. This will also require some type of
call authentication method, so that some joker can't figure out one's
callback URL and send you a bunch of fake revokes and cause you to
incorrectly delete accounts from your system.

In other words, the callback probably should be signed in some way
with one's consumer secret.  As far as data, only the user_id and
screen_name will suffice.

On Feb 9, 1:41 pm, Ryan Sarver <rsar...@twitter.com> wrote:
> Dewald,
> 1) good idea
> 2) also a good idea
> 3) tons :)
> On Tue, Feb 9, 2010 at 5:28 AM, Dewald Pretorius <dpr...@gmail.com> wrote:
> > Two additions to OAuth that will be very helpful:
> > 1) When a user removes the application from their connections, Twitter
> > should make a callback to my system so that I can delete the account
> > from my DB.
> > 2) There  should be a call my system can make to remove the app from
> > the user's connections, typically in the case where the user deletes
> > his account from my system.
> > As an aside, how many times have you misspelled oauth as ouath in your
> > code?

Reply via email to