How is it an invasion of privacy? Are you concerned that an app developer will experience bouts of deep depression every time someone removes his/her app, and fire up his chainsaw?
On Feb 9, 5:28 pm, John Meyer <john.l.me...@gmail.com> wrote: > Is this really necessary? Unless you're web site does some sort of > automated action when the user is there I would think this is a little > unnecessary (and somewhat an invasion of privacy). > On 2/9/2010 1:52 PM, Dewald Pretorius wrote: > > > Ryan, > > > Re 1) > > > It will probably work best if one can enter a separate URL where the > > revoked callbacks must be sent. This will also require some type of > > call authentication method, so that some joker can't figure out one's > > callback URL and send you a bunch of fake revokes and cause you to > > incorrectly delete accounts from your system. > > > In other words, the callback probably should be signed in some way > > with one's consumer secret. As far as data, only the user_id and > > screen_name will suffice. > > > On Feb 9, 1:41 pm, Ryan Sarver<rsar...@twitter.com> wrote: > >> Dewald, > > >> 1) good idea > >> 2) also a good idea > >> 3) tons :) > > >> On Tue, Feb 9, 2010 at 5:28 AM, Dewald Pretorius<dpr...@gmail.com> wrote: > >>> Two additions to OAuth that will be very helpful: > > >>> 1) When a user removes the application from their connections, Twitter > >>> should make a callback to my system so that I can delete the account > >>> from my DB. > > >>> 2) There should be a call my system can make to remove the app from > >>> the user's connections, typically in the case where the user deletes > >>> his account from my system. > > >>> As an aside, how many times have you misspelled oauth as ouath in your > >>> code?