On Tue, Feb 9, 2010 at 05:28, Dewald Pretorius <dpr...@gmail.com> wrote:

> Two additions to OAuth that will be very helpful:
> 1) When a user removes the application from their connections, Twitter
> should make a callback to my system so that I can delete the account
> from my DB.

Your application should already have good handling logic built in for users
deleting their accounts or changing their usernames. This seems like adding
just another point of failure to the system.

> 2) There  should be a call my system can make to remove the app from
> the user's connections, typically in the case where the user deletes
> his account from my system.

I am strongly against this. I don't like the idea that an application can
act on my behalf then "disappear". Any authorized applications should stay
listed unless I explicitly remove them. If a user deletes his account from
you system forget his access_token and move on. A possible compromise is to
add a deactivated stage that applications could set themselves in for each

> As an aside, how many times have you misspelled oauth as ouath in your
> code?

Many mnay times. ;)

Abraham Williams | Community Advocate | http://abrah.am
Project | Out Loud | http://outloud.labs.poseurtech.com
This email is: [ ] shareable [x] ask first [ ] private.
Sent from Seattle, WA, United States

Reply via email to