I concur with David on this one.  I didn't take the time to verify
this scenario myself, but it does seem like it's a problem. Consider
the following scenario:

1. A user has whitelisted 10+ web applications using their
2. The end user has no knowledge of what an access token is or what it
3. The end user is forced to login  using force_login to my
4. The end user hits "Cancel" during the authentication process.
5. The user's access token changes, revoking their access for all 10+
web applications.

I guess the kicker is whether or not this is reproducible. If it is,
this would seem to be a problem. Perhaps there is a workaround?

On Dec 23, 11:58 am, David <dtran...@gmail.com> wrote:
> I feel like this isn't the expected behavior if a user hits "Cancel" when
> you authenticate with force_login=True - if start typing in another
> username, then hit cancel, it shouldn't revoke the access token for the
> currently authenticated user.

Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 

Reply via email to