I concur with David on this one.  I didn't take the time to verify
this scenario myself, but it does seem like it's a problem. Consider
the following scenario:

1. A user has whitelisted 10+ web applications using their
credentials.
2. The end user has no knowledge of what an access token is or what it
entails.
3. The end user is forced to login  using force_login to my
application.
4. The end user hits "Cancel" during the authentication process.
5. The user's access token changes, revoking their access for all 10+
web applications.

I guess the kicker is whether or not this is reproducible. If it is,
this would seem to be a problem. Perhaps there is a workaround?

On Dec 23, 11:58 am, David <dtran...@gmail.com> wrote:
> I feel like this isn't the expected behavior if a user hits "Cancel" when
> you authenticate with force_login=True - if start typing in another
> username, then hit cancel, it shouldn't revoke the access token for the
> currently authenticated user.

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Reply via email to