Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
590 views
in Technique[技术] by (71.8m points)

oauth - Twitter API - Logout

I'm using OAuth in my web app, and users can login with twitter.

I want to add "switch twitter account" button, which actually clears the session and then opens the authorize_url.

As clearing the session in my web app doesn't log out of twitter, the authorize_url will automatically authenticate the current twitter.com user. That means I can't do logout, unless I send the user to twitter.com.

Is it possible with the API? What is the best way to implement this?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

The session with Twitter is defined by a cookie owned by Twitter -- something you do not have control over. You cannot log them out of Twitter on their behalf.

If you want someone to be able to use your "switch twitter account" functionality, you'll need to pass them off to the OAuth handshake again, but use the /oauth/authorize path instead of the /oauth/authenticate path. This will allow the user to switch their user credentials at Twitter during the handshake instead of just re-authenticating using their existing Twitter session.

Alternatively, you could have a separate notion of users in your own app whereby you have your own user model that has many twitter accounts associated with it. That way, you could allow your users to switch accounts more seemlessly. They would have to authorize your app up front for each of their twitter accounts, but you would have all their oauth keys for each of their twitter accounts after that.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...