0

I am wondering what is the reason behind having "The user will always be prompted to authorize access to your application, even if access was previously granted." mentioned in Twitter 3-legged authorization (https://dev.twitter.com/docs/auth/3-legged-authorization)?

I am very confused, what does that mean? Does it mean if a user authorize my app and I capture the tokens in my database, my app users will have to go through the whole authorization process next visit?

Please clarify.

4

1 回答 1

2

不,这不是它的意思——一旦你登录,你就登录了。

但是,如果他们从设备上擦除应用程序,从而删除访问令牌,他们仍然需要重新授权——授权与安装相关,而不是特定的应用程序。

例如,每次我擦除我的 Android 设备时,我都必须重新授权 Tweetbot for Android——它每次都需要获取一个新的访问令牌。访问令牌不会因为您安装了一次应用程序而自动配置。

这是一篇关于三足 OAuth 的精彩 O'Reilly 文章。.

于 2013-10-26T00:38:51.420 回答