Hi, currently it appears that there is no facility for an application ("consumer") to expire authorization.
The twitter server can't do it automatically, since it doesn't really know when the consumer is finished with the authorized session, if ever. The user doesn't even know that authorization tokens and secrets exist, for the most part. However it could be good in some cases to enable the consumer application to explicitly say that it doesn't want the authorization any more. This would protect against the case of token/secret pair and consumer key/secret pairs being re-used by others. Is there any consideration for this? Basically all that would be needed is an API entry point where the consumer says "thanks but no more", signed and verified as normal. -- Bernd Stramm <bernd.str...@gmail.com>