How is it an invasion of privacy? Are you concerned that an app
developer will experience bouts of deep depression every time someone
removes his/her app, and fire up his chainsaw?

On Feb 9, 5:28 pm, John Meyer <john.l.me...@gmail.com> wrote:
> Is this really necessary?  Unless you're web site does some sort of
> automated action when the user is there I would think this is a little
> unnecessary (and somewhat an invasion of privacy).
> On 2/9/2010 1:52 PM, Dewald Pretorius wrote:
>
> > Ryan,
>
> > Re 1)
>
> > It will probably work best if one can enter a separate URL where the
> > revoked callbacks must be sent. This will also require some type of
> > call authentication method, so that some joker can't figure out one's
> > callback URL and send you a bunch of fake revokes and cause you to
> > incorrectly delete accounts from your system.
>
> > In other words, the callback probably should be signed in some way
> > with one's consumer secret.  As far as data, only the user_id and
> > screen_name will suffice.
>
> > On Feb 9, 1:41 pm, Ryan Sarver<rsar...@twitter.com>  wrote:
> >> Dewald,
>
> >> 1) good idea
> >> 2) also a good idea
> >> 3) tons :)
>
> >> On Tue, Feb 9, 2010 at 5:28 AM, Dewald Pretorius<dpr...@gmail.com>  wrote:
> >>> Two additions to OAuth that will be very helpful:
>
> >>> 1) When a user removes the application from their connections, Twitter
> >>> should make a callback to my system so that I can delete the account
> >>> from my DB.
>
> >>> 2) There  should be a call my system can make to remove the app from
> >>> the user's connections, typically in the case where the user deletes
> >>> his account from my system.
>
> >>> As an aside, how many times have you misspelled oauth as ouath in your
> >>> code?

Reply via email to