Use the force_login parameter on authenticate and set it to true?

 http://apiwiki.twitter.com/Twitter-REST-API-Method:-oauth-authenticate

On 5/19/2010 9:06 AM, Gary Zukowski wrote:

Dean,

Exactly the same concern I have. We're going to store the access tokens in the db under their user profile, and some of our users have multiple Twitter accounts. We feel that some of them may see the big "allow" button, click it, and not realize that they are allowing the wrong Twitter account to be linked to their TMJ account.

Any way around this?

Thanks,

Gary Zukowski

TweetMyJOBS.com

@garyzukowski

@tweetmyjobs

704-544-9370

/This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee, you should not disseminate, distribute or copy this email. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system. If you are not the intended recipient, you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited./

*From:* Dean Collins [mailto:d...@cognation.net]
*Sent:* Wednesday, May 19, 2010 8:53 AM
*To:* twitter-development-talk@googlegroups.com
*Subject:* RE: [twitter-dev] Oauth authenticated user

This question has been raised before. We have the same issue for our sports chat sites.

I would have preferred to have the user log in each time an oauth request is made as it's frustrating when people contat us at support because their "in chat" twitter posts aren't appearing only to find the posts are being made but to someone else twitter accounts who was using the computer before and even though the browser was closed Twitter automatically sued this account when we sent the oauth requests.

It's a big problem and a choice should be offered to the developer to force logout before an oauth call if this is the process flow they want to implement.

Cheers,

Dean

------------------------------------------------------------------------

*From:* twitter-development-talk@googlegroups.com [mailto:twitter-development-t...@googlegroups.com] *On Behalf Of *srikanth reddy
*Sent:* Wednesday, May 19, 2010 8:46 AM
*To:* twitter-development-talk@googlegroups.com
*Subject:* Re: [twitter-dev] Oauth authenticated user

I do not think forcing the user to logout is a good idea. Isn't this a security breach? Twitter will any how ask the user to signout if the user does not wish to connect to your app with the logged in account.Then he will be shown the login page and after successful authentication user will be redirected back to your app (like normal flow)

On Wed, May 19, 2010 at 6:01 PM, Gary Zukowski <ga...@tweetmyjobs.com <mailto:ga...@tweetmyjobs.com>> wrote:

So there's no way to automatically do this? I have to ask the user to log out?

Thanks,

Gary Zukowski

TweetMyJOBS.com

@garyzukowski

@tweetmyjobs

704-544-9370

/This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee, you should not disseminate, distribute or copy this email. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system. If you are not the intended recipient, you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited./

*From:* Roee A. [mailto:roe...@gmail.com <mailto:roe...@gmail.com>]
*Sent:* Wednesday, May 19, 2010 8:28 AM


*To:* twitter-development-talk@googlegroups.com <mailto:twitter-development-talk@googlegroups.com>
*Subject:* Re: [twitter-dev] Oauth authenticated user

add to your code "If you are not <user name>" please log out.

Then you will connect him again with the right credentials.

Regards,

On Wed, May 19, 2010 at 3:19 PM, Gary Zukowski <ga...@tweetmyjobs.com <mailto:ga...@tweetmyjobs.com>> wrote:

What does "adf" mean? I want to force the logout and present the Twitter login when doing the authentication....

Thanks,

Gary Zukowski

TweetMyJOBS.com

@garyzukowski

@tweetmyjobs

704-544-9370

/This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee, you should not disseminate, distribute or copy this email. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system. If you are not the intended recipient, you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited./

*From:* Roee Aizman [mailto:roe...@gmail.com <mailto:roe...@gmail.com>]
*Sent:* Wednesday, May 19, 2010 7:41 AM
*To:* twitter-development-talk@googlegroups.com <mailto:twitter-development-talk@googlegroups.com>
*Subject:* Re: [twitter-dev] Oauth authenticated user

U can adf the if you are not <user name> log out

Then log again with his righr cridentials


Sent by IPhone


On 19/05/2010, at 14:28, "Gary Zukowski" <ga...@tweetmyjobs.com <mailto:ga...@tweetmyjobs.com>> wrote:

    How do I force a user to log in to Twitter during the Oauth dance,
    even though he/she may already be logged in to Twitter via the
    web?  Our users may have more than one Twitter account they want
    to authenticate/register, and I want to make sure they are forced
    to put the correct credentials, and not just click "accept" for
    the currently logged in account.

    Thanks,

    Gary Zukowski




--
Roee Aizman, CTO
E: roe...@gmail.com <mailto:roe...@gmail.com>
M: +972-542345222

Amigos-Online.com
Friends have never been so close


Reply via email to