On Wed, Feb 10, 2010 at 8:17 AM, Abraham Williams <4bra...@gmail.com> wrote:

>
>
> On Tue, Feb 9, 2010 at 05:28, Dewald Pretorius <dpr...@gmail.com> wrote:
>
>> Two additions to OAuth that will be very helpful:
>>
>> 1) When a user removes the application from their connections, Twitter
>> should make a callback to my system so that I can delete the account
>> from my DB.
>>
>
> Your application should already have good handling logic built in for users
> deleting their accounts or changing their usernames. This seems like adding
> just another point of failure to the system.
>


The handling logic will invariably involve a poll. The OP's solution sounds
more efficient.



>
>
>> 2) There  should be a call my system can make to remove the app from
>> the user's connections, typically in the case where the user deletes
>> his account from my system.
>>
>
> I am strongly against this. I don't like the idea that an application can
> act on my behalf then "disappear". Any authorized applications should stay
> listed unless I explicitly remove them. If a user deletes his account from
> you system forget his access_token and move on. A possible compromise is to
> add a deactivated stage that applications could set themselves in for each
> user.
>


I agree with Abraham on this.


-- 
Harshad RJ
http://hrj.wikidot.com

Reply via email to