Whilst this would work it would provide a way for developers to take over a users account. The tokens you have allow you to carry out actions on behalf of the user, they don't mean you can become the user (which would be possible using the method you suggest).
I understand your reasoning but there if such a mechanism were in place any developer could run the 'generate web token' method on their users and then log in as any one of them. Does that help explain why this wouldn't be allowed. Best, Matt On Thu, Sep 2, 2010 at 12:58 AM, qip-er <qip.o....@googlemail.com> wrote: > Hello, Matt. > >> This would require the application to know the users credentials - > Why? We already have authorized tokens. When authorized application is > making requests to Twitter API your (Twitter) engine is know which > user the application is on behalf of. > So Twitter could give us a one-time token to open in a web browser. > > For example, I have a friend whose page is closed for non-friends. > That's why to open "Following" page I need to be authenticated, for > example that way: > >>>sent to Twitter: > GET /oauth/get_website_token HTTP/1.1 > Authorization: OAuth ....... > ... > > <<received from Twitter: > HTTP/1.1 200 OK > > web_token=a7b078a62c1123a79e2c06ca37541a5a298d > > Now I can open a link in a browser: > http://twitter.com/NotAPublicPerson/following?web_token=a7b078a62c1123a79e2c06ca37541a5a298d > When the user will open this link in a browser he/she will > automatically logged in, and a specified web_token will be expired. > > Any cons of such a method? > > -- > Twitter developer documentation and resources: http://dev.twitter.com/doc > API updates via Twitter: http://twitter.com/twitterapi > Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list > Change your membership to this group: > http://groups.google.com/group/twitter-development-talk?hl=en > -- Matt Harris Developer Advocate, Twitter http://twitter.com/themattharris -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en