On Fri, 03 Sep 2010 18:55:30 +0200 Tom van der Woerdt <[email protected]> wrote:
> You may not have noticed, but with Twitter, if you request a token > while you already have one, you'll simply get back the one you > already have. I don't know if that is correct. The ones I looked at were all different, but that was some weeks ago. > > Tom > > > On 9/3/10 6:47 PM, Bernd Stramm wrote: > > On Fri, 3 Sep 2010 01:27:34 -0700 (PDT) > > Ken <[email protected]> wrote: > > > >> I thought I had found a solution, albeit a horrendously ugly one: > >> redirect them to http://twitter.com/logout, but even that doesn't > >> work. > >> > >> If you are looking for reliable, don't log them in with OAuth - > >> except once, the first time, when you store their token. > > > > Indeed. > > > > If you already have the token, why would you make them log in? > > > > If you get a new token every time they visit your 3rd party > > ("consumer") site, you generate a lot of authorized tokens, ALL of > > which are valid for the rest of eternity, or until twitter decides > > that it should be possible to invalidate tokens. > > > > Bernd > > > -- Bernd Stramm [email protected] -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
