On Sun, May 02, 2010 at 07:12:00PM -0700, Mr-Yellow wrote: > oAuth Core 1.0 > "Service Providers SHOULD allow Users to revoke Access Tokens." > > Without this end-point it's impossible for users to disconnect a > twitter account. > > If a user links the wrong account then wishes to remove this link they > their only option is a lot of navigation to twitters controls.
Your app can still have a 'logout' button which causes the app to forget the user's oauth credentials. As far as your app is concerned, this is the same as if the credentials had been revoked. It's not the ideal situation (if a third party had intercepted the user's credentials and also had access to your app's credentials, they could still use them to impersonate the user), but it *is* possible for a user to disconnect one twitter account from an app and link another without having to go to twitter.com and find the 'revoke credentials' page. -- Dave Sherohman
