Is this really necessary? Unless you're web site does some sort of
automated action when the user is there I would think this is a little
unnecessary (and somewhat an invasion of privacy).
On 2/9/2010 1:52 PM, Dewald Pretorius wrote:
Ryan,
Re 1)
It will probably work best if one can enter a separate URL where the
revoked callbacks must be sent. This will also require some type of
call authentication method, so that some joker can't figure out one's
callback URL and send you a bunch of fake revokes and cause you to
incorrectly delete accounts from your system.
In other words, the callback probably should be signed in some way
with one's consumer secret. As far as data, only the user_id and
screen_name will suffice.
On Feb 9, 1:41 pm, Ryan Sarver<rsar...@twitter.com> wrote:
Dewald,
1) good idea
2) also a good idea
3) tons :)
On Tue, Feb 9, 2010 at 5:28 AM, Dewald Pretorius<dpr...@gmail.com> wrote:
Two additions to OAuth that will be very helpful:
1) When a user removes the application from their connections, Twitter
should make a callback to my system so that I can delete the account
from my DB.
2) There should be a call my system can make to remove the app from
the user's connections, typically in the case where the user deletes
his account from my system.
As an aside, how many times have you misspelled oauth as ouath in your
code?
