This seems like to much of an edge case for Twitter to spend resources on. Abraham
On Thu, Apr 8, 2010 at 12:23, Mike Repass <mike.rep...@gmail.com> wrote: > A scenario for justifying invalidateToken: > > - User visits AwesomeApp and wants to connect his Twitter account > - AwesomeApp redirects to Twitter's OAuth flow > - User fails to notice that someone else, UserX, is already logged in > to Twitter in the current browser and clicks through > - AwesomeApp detects (somehow, perhaps later) that the wrong Twitter > user is connected. They can be a good citizen and revoke the token > completely, then send the user back through a full OAuth flow that asks for > username/password regardless of sign-in state. > > Just my $0.02, > > Mike > > On Thu, Apr 8, 2010 at 12:06 PM, Josh Roesslein <jroessl...@gmail.com>wrote: > >> There is no API endpoint that I know of and don't think one should exist. >> Users should not trust >> thirdparties to self-revoke access to their accounts. Users should know >> how to do it from twitter.com >> via the connections page. It might be nice if we could generate a redirect >> link to a page on twitter.com >> where the user can then revoke the access (sort of like the authorization >> page). >> >> Josh >> >> >> On Wed, Apr 7, 2010 at 11:59 PM, Ryan Amos <amos.r...@gmail.com> wrote: >> >>> Is there anyway to send a request to revoke a token completely without >>> requiring the user goto their connections page on twitter? >>> >>> >>> We allow our users to revoke access via our application, but that only >>> revokes it on our side. The application would still show up on their >>> twitter.com connections page. >>> >>> Google has one by sending a request to: >>> https://www.google.com/accounts/accounts/AuthSubRevokeToken >>> >>> >>> -- >>> To unsubscribe, reply using "remove me" as the subject. >>> >> >> > -- Abraham Williams | Developer for hire | http://abrah.am PoseurTech Labs | Projects | http://labs.poseurtech.com This email is: [ ] shareable [x] ask first [ ] private.
