Whilst this would work it would provide a way for developers to take
over a users account. The tokens you have allow you to carry out
actions on behalf of the user, they don't mean you can become the user
(which would be possible using the method you suggest).

I understand your reasoning but there if such a mechanism were in
place any developer could run the 'generate web token' method on their
users and then log in as any one of them.

Does that help explain why this wouldn't be allowed.
Best,
Matt

On Thu, Sep 2, 2010 at 12:58 AM, qip-er <qip.o....@googlemail.com> wrote:
> Hello, Matt.
>
>> This would require the application to know the users credentials -
> Why? We already have authorized tokens. When authorized application is
> making requests to Twitter API your (Twitter) engine is know which
> user the application is on behalf of.
> So Twitter could give us a one-time token to open in a web browser.
>
> For example, I have a friend whose page is closed for non-friends.
> That's why to open "Following" page I need to be authenticated, for
> example that way:
>
>>>sent to Twitter:
> GET /oauth/get_website_token HTTP/1.1
> Authorization: OAuth .......
> ...
>
> <<received from Twitter:
> HTTP/1.1 200 OK
>
> web_token=a7b078a62c1123a79e2c06ca37541a5a298d
>
> Now I can open a link in a browser:
> http://twitter.com/NotAPublicPerson/following?web_token=a7b078a62c1123a79e2c06ca37541a5a298d
> When the user will open this link in a browser he/she will
> automatically logged in, and a specified web_token will be expired.
>
> Any cons of such a method?
>
> --
> Twitter developer documentation and resources: http://dev.twitter.com/doc
> API updates via Twitter: http://twitter.com/twitterapi
> Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
> Change your membership to this group: 
> http://groups.google.com/group/twitter-development-talk?hl=en
>



-- 


Matt Harris
Developer Advocate, Twitter
http://twitter.com/themattharris

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en

Reply via email to