On Tue, Feb 9, 2010 at 05:28, Dewald Pretorius <dpr...@gmail.com> wrote:
> Two additions to OAuth that will be very helpful: > > 1) When a user removes the application from their connections, Twitter > should make a callback to my system so that I can delete the account > from my DB. > Your application should already have good handling logic built in for users deleting their accounts or changing their usernames. This seems like adding just another point of failure to the system. > 2) There should be a call my system can make to remove the app from > the user's connections, typically in the case where the user deletes > his account from my system. > I am strongly against this. I don't like the idea that an application can act on my behalf then "disappear". Any authorized applications should stay listed unless I explicitly remove them. If a user deletes his account from you system forget his access_token and move on. A possible compromise is to add a deactivated stage that applications could set themselves in for each user. > As an aside, how many times have you misspelled oauth as ouath in your > code? > Many mnay times. ;) -- Abraham Williams | Community Advocate | http://abrah.am Project | Out Loud | http://outloud.labs.poseurtech.com This email is: [ ] shareable [x] ask first [ ] private. Sent from Seattle, WA, United States