Hi Shinichi, I don't quite follow your question but I think the following information is close to what you are asking about.
When you take a user through the OAuth flow we do one of three things. 1. If the user has not authorized your application before a token at the requested permission level will be granted. 2. If the user has already authorized your application, and the permission level being requested has not changed, the existing token will be left unchanged and returned. 3. If the user has already authorized your application, but the permission level being requested is different to the one they already allowed, we will destroy the old token and create a new one at the new permission level. For xAuth and applications with Read, Write, & Direct Messages (RWD) this means a couple of things. 1. Performing xAuth before the user has been through the OAuth flow will mean the original RW token will be destroyed and a new RWD one will be created. 2. Performing xAuth after the user has been through the OAuth flow will mean the RWD token is maintained. We do this to ensure applications which use xAuth do not bounce between RW and RWD tokens. To illustrate this consider a Read, Write, & Direct Messages application which uses both xAuth and OAuth. In this example assume the user hasn't used the application before. 1. The application prompts the user to login with xAuth. 2. The application performs xAuth and receives a Read & Write token and secret (RW). 3. The application now asks the user to update their authorization to allow reading of direct messages. 4. The application starts the OAuth flow and takes the user to https://api.twitter.com/oauth/authorize?oauth_token=abc123 5. The user accepts the RWD request and is redirected to the callback URL. 6. The application receives the callback and completes the OAuth flow to receive a new RWD token and secret. This token is different to the one issued during the xAuth flow. 7. Now the user goes to a secondary device to authorize their account on the same application 8. The application prompts the user to login with xAuth. 9. The application performs xAuth and receives the same RWD token and secret issued in step 6. This is because the user has already authorised the application for RWD access to their account. I hope that answers your question and explains what is going on when you mix xAuth with OAuth. Best, @themattharris <https://twitter.com/intent/follow?screen_name=themattharris> Developer Advocate, Twitter On Thu, Jun 23, 2011 at 9:58 PM, Shinichi Fujikawa <fshin2...@gmail.com>wrote: > Hello! > > Was the problem that all access token of the xauth does revoke with the > same consumer key after re-login oauth corrected today? > It is different from yesterday's operation. > > -- > Shinichi Fujikawa > http://movatwi.jp > > > -- > Twitter developer documentation and resources: https://dev.twitter.com/doc > API updates via Twitter: https://twitter.com/twitterapi > Issues/Enhancements Tracker: > https://code.google.com/p/twitter-api/issues/list > Change your membership to this group: > https://groups.google.com/forum/#!forum/twitter-development-talk > -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk
