If i don't want to manage an authentication system, risk storing passwords,
make users go through the paint of yet another registration flow then I
might consider just using Sign in with Twitter every time someone sign into
my site.

Abraham
-------------
Abraham Williams | Hacker Advocate | http://abrah.am
@abraham | http://projects.abrah.am | http://blog.abrah.am
This email is: [ ] shareable [x] ask first [ ] private.


On Fri, Sep 3, 2010 at 09:47, Bernd Stramm <bernd.str...@gmail.com> wrote:

> On Fri, 3 Sep 2010 01:27:34 -0700 (PDT)
> Ken <k...@cimas.ch> wrote:
>
> > I thought I had found a solution, albeit a horrendously ugly one:
> > redirect them to http://twitter.com/logout, but even that doesn't
> > work.
> >
> > If you are looking for reliable, don't log them in with OAuth - except
> > once, the first time, when you store their token.
>
> Indeed.
>
> If you already have the token, why would you make them log in?
>
> If you get a new token every time they visit your 3rd party ("consumer")
> site, you generate a lot of authorized tokens, ALL of which are valid
> for the rest of eternity, or until twitter decides that it should be
> possible to invalidate tokens.
>
> Bernd
>
> --
> Bernd Stramm
> bernd.str...@gmail.com
>
> --
> Twitter developer documentation and resources: http://dev.twitter.com/doc
> API updates via Twitter: http://twitter.com/twitterapi
> Issues/Enhancements Tracker:
> http://code.google.com/p/twitter-api/issues/list
> Change your membership to this group:
> http://groups.google.com/group/twitter-development-talk?hl=en
>

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en

Reply via email to