Detecting "denied" condition on Twitter oAuth page
73 views
Skip to first unread message
New guy
Sep 16, 2009, 4:08:56 PM9/16/09
to Twitter Development Talk
Hi, while testing oAuth consumer code, I noticed that ..if the user
denies access to the app
(a) the post data includes "cancel=Deny"
and
(b) the response includes the string "OK, you've denied ...."
and if the user clicks on the app link, the user gets redirected to
the app URL with
(c) the app URL including the word "denied" in it.
I couldn't find any documentation stating that (a) and (c) are both
oficially supported behaviors for oAuth with Twitter.
I'm assuming that (a) and (c) are both corrects ways to determine
whether the app has been denied access, but can someone please point
me to documentation that confirms this.
denies access to the app
(a) the post data includes "cancel=Deny"
and
(b) the response includes the string "OK, you've denied ...."
and if the user clicks on the app link, the user gets redirected to
the app URL with
(c) the app URL including the word "denied" in it.
I couldn't find any documentation stating that (a) and (c) are both
oficially supported behaviors for oAuth with Twitter.
I'm assuming that (a) and (c) are both corrects ways to determine
whether the app has been denied access, but can someone please point
me to documentation that confirms this.
JDG
Sep 16, 2009, 5:36:59 PM9/16/09
to twitter-deve...@googlegroups.com
If they deny, you shouldn't get an OAuth authorization token back. Can't you just check for that?
Am I mistaken here? Do you always get a token back that just happens to be invalid if they deny?--
Internets. Serious business.
Am I mistaken here? Do you always get a token back that just happens to be invalid if they deny?
Internets. Serious business.
New guy
Sep 16, 2009, 5:50:04 PM9/16/09
to Twitter Development Talk
No, the oAuth login page doesn't provide oAuth access tokens
(regardless of whether the user approved or denied)
To get the oAuth access token, apps need to make a seperate oAuth GET
call (after the user has approved access on the oAuth login page)
> Internets. Serious business.- Hide quoted text -
>
> - Show quoted text -
(regardless of whether the user approved or denied)
To get the oAuth access token, apps need to make a seperate oAuth GET
call (after the user has approved access on the oAuth login page)
>
> - Show quoted text -
Amicus
Sep 17, 2009, 1:31:50 PM9/17/09
to Twitter Development Talk
Can someone from Twitter please confirm that (a) and (c) will both
continue to work for oAuth.
If not, can you please let me know how to detect the case where the
user denies access to the application.
In either case, can you please point me to documentation on this
subject (if any documentation exists)
continue to work for oAuth.
If not, can you please let me know how to detect the case where the
user denies access to the application.
In either case, can you please point me to documentation on this
subject (if any documentation exists)
Reply all
Reply to author
Forward
0 new messages